1 files changed, 32 insertions, 0 deletions
diff --git a/security/keys/permission.c b/security/keys/permission.c
index e7f579c0eaf5..3b41f9b52537 100644
--- a/security/keys/permission.c
+++ b/security/keys/permission.c
@@ -73,3 +73,35 @@ use_these_perms:
 } /* end key_task_permission() */
 EXPORT_SYMBOL(key_task_permission);
+/*****************************************************************************/
+/*
+ * validate a key
+ */
+int key_validate(struct key *key)
+{
+        struct timespec now;
+        int ret = 0;
+        if (key) {
+                /* check it's still accessible */
+                ret = -EKEYREVOKED;
+                if (test_bit(KEY_FLAG_REVOKED, &key->flags) ||
+                    test_bit(KEY_FLAG_DEAD, &key->flags))
+                        goto error;
+                /* check it hasn't expired */
+                ret = 0;
+                if (key->expiry) {
+                        now = current_kernel_time();
+                        if (now.tv_sec >= key->expiry)
+                                ret = -EKEYEXPIRED;
+                }
+        }
+ error:
+        return ret;
+} /* end key_validate() */
+EXPORT_SYMBOL(key_validate);

diff --git a/security/keys/permission.c b/security/keys/permission.c index e7f579c0eaf5..3b41f9b52537 100644 --- a/security/keys/permission.c +++ b/security/keys/permission.c
@@ -73,3 +73,35 @@ use_these_perms:
73	} /* end key_task_permission() */	73	} /* end key_task_permission() */
74		74
75	EXPORT_SYMBOL(key_task_permission);	75	EXPORT_SYMBOL(key_task_permission);
		76
		77	/*****************************************************************************/
		78	/*
		79	* validate a key
		80	*/
		81	int key_validate(struct key *key)
		82	{
		83	struct timespec now;
		84	int ret = 0;
		85
		86	if (key) {
		87	/* check it's still accessible */
		88	ret = -EKEYREVOKED;
		89	if (test_bit(KEY_FLAG_REVOKED, &key->flags) \|\|
		90	test_bit(KEY_FLAG_DEAD, &key->flags))
		91	goto error;
		92
		93	/* check it hasn't expired */
		94	ret = 0;
		95	if (key->expiry) {
		96	now = current_kernel_time();
		97	if (now.tv_sec >= key->expiry)
		98	ret = -EKEYEXPIRED;
		99	}
		100	}
		101
		102	error:
		103	return ret;
		104
		105	} /* end key_validate() */
		106
		107	EXPORT_SYMBOL(key_validate);