ima: Search key in the built-in keyrings

hulk inclusion
category: feature
feature: IMA Digest Lists extension
bugzilla: 46797

-------------------------------------------------

This patch calls search_trusted_key() in request_asymmetric_key() if the
key is not found in the IMA/EVM keyrings.
Signed-off-by: NRoberto Sassu <roberto.sassu@huawei.com>
Signed-off-by: NTianxing Zhang <zhangtianxing3@huawei.com>
Reviewed-by: NJason Yan <yanaijie@huawei.com>
Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>

security/integrity/digsig_asymmetric.c

@@ -9,6 +9,7 @@
 #include <linux/err.h>
 #include <linux/ratelimit.h>
 #include <linux/key-type.h>
+#include <linux/verification.h>
 #include <crypto/public_key.h>
 #include <crypto/hash_info.h>
 #include <keys/asymmetric-type.h>
@@ -54,6 +55,15 @@ static struct key *request_asymmetric_key(struct key *keyring, uint32_t keyid)
 		key = request_key(&key_type_asymmetric, name, NULL);
 	}
 
+	if (IS_ERR(key)) {
+#ifdef CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY
+		keyring = VERIFY_USE_SECONDARY_KEYRING;
+#else
+		keyring = NULL;
+#endif
+		key = search_trusted_key(keyring, &key_type_asymmetric, name);
+	}
+
 	if (IS_ERR(key)) {
 		if (keyring)
 			pr_err_ratelimited("Request for unknown key '%s' in '%s' keyring. err %ld\n",