64 	struct x509_parse_context *ctx;  in x509_cert_parse()  local
78 	ctx = kzalloc(sizeof(struct x509_parse_context), GFP_KERNEL);  in x509_cert_parse()
79 	if (!ctx)  in x509_cert_parse()
82 	ctx->cert = cert;  in x509_cert_parse()
83 	ctx->data = (unsigned long)data;  in x509_cert_parse()
86 	ret = asn1_ber_decoder(&x509_decoder, ctx, data, datalen);  in x509_cert_parse()
91 	if (ctx->raw_akid) {  in x509_cert_parse()
93 			 ctx->raw_akid_size, ctx->raw_akid_size, ctx->raw_akid);  in x509_cert_parse()
94 		ret = asn1_ber_decoder(&x509_akid_decoder, ctx,  in x509_cert_parse()
95 				       ctx->raw_akid, ctx->raw_akid_size);  in x509_cert_parse()
103 	cert->pub->key = kmemdup(ctx->key, ctx->key_size, GFP_KERNEL);  in x509_cert_parse()
107 	cert->pub->keylen = ctx->key_size;  in x509_cert_parse()
109 	cert->pub->params = kmemdup(ctx->params, ctx->params_size, GFP_KERNEL);  in x509_cert_parse()
113 	cert->pub->paramlen = ctx->params_size;  in x509_cert_parse()
114 	cert->pub->algo = ctx->key_algo;  in x509_cert_parse()
137 	kfree(ctx);  in x509_cert_parse()
141 	kfree(ctx);  in x509_cert_parse()
157 	struct x509_parse_context *ctx = context;  in x509_note_OID()  local
159 	ctx->last_oid = look_up_OID(value, vlen);  in x509_note_OID()
160 	if (ctx->last_oid == OID__NR) {  in x509_note_OID()
164 			 (unsigned long)value - ctx->data, buffer);  in x509_note_OID()
177 	struct x509_parse_context *ctx = context;  in x509_note_tbs_certificate()  local
180 		 hdrlen, tag, (unsigned long)value - ctx->data, vlen);  in x509_note_tbs_certificate()
182 	ctx->cert->tbs = value - hdrlen;  in x509_note_tbs_certificate()
183 	ctx->cert->tbs_size = vlen + hdrlen;  in x509_note_tbs_certificate()
193 	struct x509_parse_context *ctx = context;  in x509_note_sig_algo()  local
195 	pr_debug("PubKey Algo: %u\n", ctx->last_oid);  in x509_note_sig_algo()
197 	switch (ctx->last_oid) {  in x509_note_sig_algo()
204 		ctx->cert->sig->hash_algo = "md4";  in x509_note_sig_algo()
208 		ctx->cert->sig->hash_algo = "sha1";  in x509_note_sig_algo()
212 		ctx->cert->sig->hash_algo = "sha256";  in x509_note_sig_algo()
216 		ctx->cert->sig->hash_algo = "sha384";  in x509_note_sig_algo()
220 		ctx->cert->sig->hash_algo = "sha512";  in x509_note_sig_algo()
224 		ctx->cert->sig->hash_algo = "sha224";  in x509_note_sig_algo()
228 		ctx->cert->sig->hash_algo = "sha1";  in x509_note_sig_algo()
232 		ctx->cert->sig->hash_algo = "sha224";  in x509_note_sig_algo()
236 		ctx->cert->sig->hash_algo = "sha256";  in x509_note_sig_algo()
240 		ctx->cert->sig->hash_algo = "sha384";  in x509_note_sig_algo()
244 		ctx->cert->sig->hash_algo = "sha512";  in x509_note_sig_algo()
248 		ctx->cert->sig->hash_algo = "streebog256";  in x509_note_sig_algo()
252 		ctx->cert->sig->hash_algo = "streebog512";  in x509_note_sig_algo()
256 		ctx->cert->sig->hash_algo = "sm3";  in x509_note_sig_algo()
261 	ctx->cert->sig->pkey_algo = "rsa";  in x509_note_sig_algo()
262 	ctx->cert->sig->encoding = "pkcs1";  in x509_note_sig_algo()
263 	ctx->sig_algo = ctx->last_oid;  in x509_note_sig_algo()
266 	ctx->cert->sig->pkey_algo = "ecrdsa";  in x509_note_sig_algo()
267 	ctx->cert->sig->encoding = "raw";  in x509_note_sig_algo()
268 	ctx->sig_algo = ctx->last_oid;  in x509_note_sig_algo()
271 	ctx->cert->sig->pkey_algo = "sm2";  in x509_note_sig_algo()
272 	ctx->cert->sig->encoding = "raw";  in x509_note_sig_algo()
273 	ctx->sig_algo = ctx->last_oid;  in x509_note_sig_algo()
276 	ctx->cert->sig->pkey_algo = "ecdsa";  in x509_note_sig_algo()
277 	ctx->cert->sig->encoding = "x962";  in x509_note_sig_algo()
278 	ctx->sig_algo = ctx->last_oid;  in x509_note_sig_algo()
289 	struct x509_parse_context *ctx = context;  in x509_note_signature()  local
291 	pr_debug("Signature: alg=%u, size=%zu\n", ctx->last_oid, vlen);  in x509_note_signature()
298 	if (ctx->last_oid != ctx->sig_algo) {  in x509_note_signature()
300 			ctx->last_oid, ctx->sig_algo);  in x509_note_signature()
304 	if (strcmp(ctx->cert->sig->pkey_algo, "rsa") == 0 ||  in x509_note_signature()
305 	    strcmp(ctx->cert->sig->pkey_algo, "ecrdsa") == 0 ||  in x509_note_signature()
306 	    strcmp(ctx->cert->sig->pkey_algo, "sm2") == 0 ||  in x509_note_signature()
307 	    strcmp(ctx->cert->sig->pkey_algo, "ecdsa") == 0) {  in x509_note_signature()
316 	ctx->cert->raw_sig = value;  in x509_note_signature()
317 	ctx->cert->raw_sig_size = vlen;  in x509_note_signature()
328 	struct x509_parse_context *ctx = context;  in x509_note_serial()  local
329 	ctx->cert->raw_serial = value;  in x509_note_serial()
330 	ctx->cert->raw_serial_size = vlen;  in x509_note_serial()
341 	struct x509_parse_context *ctx = context;  in x509_extract_name_segment()  local
343 	switch (ctx->last_oid) {  in x509_extract_name_segment()
345 		ctx->cn_size = vlen;  in x509_extract_name_segment()
346 		ctx->cn_offset = (unsigned long)value - ctx->data;  in x509_extract_name_segment()
349 		ctx->o_size = vlen;  in x509_extract_name_segment()
350 		ctx->o_offset = (unsigned long)value - ctx->data;  in x509_extract_name_segment()
353 		ctx->email_size = vlen;  in x509_extract_name_segment()
354 		ctx->email_offset = (unsigned long)value - ctx->data;  in x509_extract_name_segment()
366 static int x509_fabricate_name(struct x509_parse_context *ctx, size_t hdrlen,  in x509_fabricate_name()  argument
370 	const void *name, *data = (const void *)ctx->data;  in x509_fabricate_name()
378 	if (!ctx->cn_size && !ctx->o_size && !ctx->email_size) {  in x509_fabricate_name()
386 	if (ctx->cn_size && ctx->o_size) {  in x509_fabricate_name()
390 		namesize = ctx->cn_size;  in x509_fabricate_name()
391 		name = data + ctx->cn_offset;  in x509_fabricate_name()
392 		if (ctx->cn_size >= ctx->o_size &&  in x509_fabricate_name()
393 		    memcmp(data + ctx->cn_offset, data + ctx->o_offset,  in x509_fabricate_name()
394 			   ctx->o_size) == 0)  in x509_fabricate_name()
396 		if (ctx->cn_size >= 7 &&  in x509_fabricate_name()
397 		    ctx->o_size >= 7 &&  in x509_fabricate_name()
398 		    memcmp(data + ctx->cn_offset, data + ctx->o_offset, 7) == 0)  in x509_fabricate_name()
401 		buffer = kmalloc(ctx->o_size + 2 + ctx->cn_size + 1,  in x509_fabricate_name()
407 		       data + ctx->o_offset, ctx->o_size);  in x509_fabricate_name()
408 		buffer[ctx->o_size + 0] = ':';  in x509_fabricate_name()
409 		buffer[ctx->o_size + 1] = ' ';  in x509_fabricate_name()
410 		memcpy(buffer + ctx->o_size + 2,  in x509_fabricate_name()
411 		       data + ctx->cn_offset, ctx->cn_size);  in x509_fabricate_name()
412 		buffer[ctx->o_size + 2 + ctx->cn_size] = 0;  in x509_fabricate_name()
415 	} else if (ctx->cn_size) {  in x509_fabricate_name()
416 		namesize = ctx->cn_size;  in x509_fabricate_name()
417 		name = data + ctx->cn_offset;  in x509_fabricate_name()
418 	} else if (ctx->o_size) {  in x509_fabricate_name()
419 		namesize = ctx->o_size;  in x509_fabricate_name()
420 		name = data + ctx->o_offset;  in x509_fabricate_name()
422 		namesize = ctx->email_size;  in x509_fabricate_name()
423 		name = data + ctx->email_offset;  in x509_fabricate_name()
435 	ctx->cn_size = 0;  in x509_fabricate_name()
436 	ctx->o_size = 0;  in x509_fabricate_name()
437 	ctx->email_size = 0;  in x509_fabricate_name()
445 	struct x509_parse_context *ctx = context;  in x509_note_issuer()  local
448 	ctx->cert->raw_issuer = value;  in x509_note_issuer()
449 	ctx->cert->raw_issuer_size = vlen;  in x509_note_issuer()
451 	if (!ctx->cert->sig->auth_ids[2]) {  in x509_note_issuer()
455 		ctx->cert->sig->auth_ids[2] = kid;  in x509_note_issuer()
458 	return x509_fabricate_name(ctx, hdrlen, tag, &ctx->cert->issuer, vlen);  in x509_note_issuer()
465 	struct x509_parse_context *ctx = context;  in x509_note_subject()  local
466 	ctx->cert->raw_subject = value;  in x509_note_subject()
467 	ctx->cert->raw_subject_size = vlen;  in x509_note_subject()
468 	return x509_fabricate_name(ctx, hdrlen, tag, &ctx->cert->subject, vlen);  in x509_note_subject()
478 	struct x509_parse_context *ctx = context;  in x509_note_params()  local
485 	if (!ctx->cert->raw_subject || ctx->key)  in x509_note_params()
487 	ctx->params = value - hdrlen;  in x509_note_params()
488 	ctx->params_size = vlen + hdrlen;  in x509_note_params()
499 	struct x509_parse_context *ctx = context;  in x509_extract_key_data()  local
502 	ctx->key_algo = ctx->last_oid;  in x509_extract_key_data()
503 	switch (ctx->last_oid) {  in x509_extract_key_data()
505 		ctx->cert->pub->pkey_algo = "rsa";  in x509_extract_key_data()
509 		ctx->cert->pub->pkey_algo = "ecrdsa";  in x509_extract_key_data()
512 		ctx->cert->pub->pkey_algo = "sm2";  in x509_extract_key_data()
515 		if (parse_OID(ctx->params, ctx->params_size, &oid) != 0)  in x509_extract_key_data()
520 			ctx->cert->pub->pkey_algo = "sm2";  in x509_extract_key_data()
523 			ctx->cert->pub->pkey_algo = "ecdsa-nist-p192";  in x509_extract_key_data()
526 			ctx->cert->pub->pkey_algo = "ecdsa-nist-p256";  in x509_extract_key_data()
529 			ctx->cert->pub->pkey_algo = "ecdsa-nist-p384";  in x509_extract_key_data()
542 	ctx->key = value + 1;  in x509_extract_key_data()
543 	ctx->key_size = vlen - 1;  in x509_extract_key_data()
557 	struct x509_parse_context *ctx = context;  in x509_process_extension()  local
561 	pr_debug("Extension: %u\n", ctx->last_oid);  in x509_process_extension()
563 	if (ctx->last_oid == OID_subjectKeyIdentifier) {  in x509_process_extension()
565 		if (ctx->cert->skid || vlen < 3)  in x509_process_extension()
572 		ctx->cert->raw_skid_size = vlen;  in x509_process_extension()
573 		ctx->cert->raw_skid = v;  in x509_process_extension()
577 		ctx->cert->skid = kid;  in x509_process_extension()
582 	if (ctx->last_oid == OID_keyUsage) {  in x509_process_extension()
602 			ctx->cert->pub->key_eflags |= 1 << KEY_EFLAG_DIGITALSIG;  in x509_process_extension()
604 			ctx->cert->pub->key_eflags |= 1 << KEY_EFLAG_KEYCERTSIGN;  in x509_process_extension()
606 			ctx->cert->pub->key_eflags |= 1 << KEY_EFLAG_KEYCERTSIGN;  in x509_process_extension()
610 	if (ctx->last_oid == OID_authorityKeyIdentifier) {  in x509_process_extension()
612 		ctx->raw_akid = v;  in x509_process_extension()
613 		ctx->raw_akid_size = vlen;  in x509_process_extension()
617 	if (ctx->last_oid == OID_basicConstraints) {  in x509_process_extension()
635 			ctx->cert->pub->key_eflags |= 1 << KEY_EFLAG_CA;  in x509_process_extension()
741 	struct x509_parse_context *ctx = context;  in x509_note_not_before()  local
742 	return x509_decode_time(&ctx->cert->valid_from, hdrlen, tag, value, vlen);  in x509_note_not_before()
749 	struct x509_parse_context *ctx = context;  in x509_note_not_after()  local
750 	return x509_decode_time(&ctx->cert->valid_to, hdrlen, tag, value, vlen);  in x509_note_not_after()
760 	struct x509_parse_context *ctx = context;  in x509_akid_note_kid()  local
765 	if (ctx->cert->sig->auth_ids[1])  in x509_akid_note_kid()
772 	ctx->cert->sig->auth_ids[1] = kid;  in x509_akid_note_kid()
783 	struct x509_parse_context *ctx = context;  in x509_akid_note_name()  local
787 	ctx->akid_raw_issuer = value;  in x509_akid_note_name()
788 	ctx->akid_raw_issuer_size = vlen;  in x509_akid_note_name()
799 	struct x509_parse_context *ctx = context;  in x509_akid_note_serial()  local
804 	if (!ctx->akid_raw_issuer || ctx->cert->sig->auth_ids[0])  in x509_akid_note_serial()
809 					 ctx->akid_raw_issuer,  in x509_akid_note_serial()
810 					 ctx->akid_raw_issuer_size);  in x509_akid_note_serial()
815 	ctx->cert->sig->auth_ids[0] = kid;  in x509_akid_note_serial()