Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 817aef26 authored Aug 16, 2018 by Yannik Sembritzki Committed by Linus Torvalds Aug 16, 2018

Replace magic for trusting the secondary keyring with #define

Replace the use of a magic number that indicates that verify_*_signature()
should use the secondary keyring with a symbol.

Signed-off-by: Yannik Sembritzki <yannik@sembritzki.me>
Signed-off-by: David Howells <dhowells@redhat.com>
Cc: keyrings@vger.kernel.org
Cc: linux-security-module@vger.kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

parent 4e31843f

certs/system_keyring.c

+2 −1

Original line number	Diff line number	Diff line
		@@ -15,6 +15,7 @@
		#include <linux/cred.h>
		#include <linux/err.h>
		#include <linux/slab.h>
		#include <linux/verification.h>
		#include <keys/asymmetric-type.h>
		#include <keys/system_keyring.h>
		#include <crypto/pkcs7.h>
		@@ -230,7 +231,7 @@ int verify_pkcs7_signature(const void *data, size_t len,

		if (!trusted_keys) {
		trusted_keys = builtin_trusted_keys;
		} else if (trusted_keys == (void *)1UL) {
		} else if (trusted_keys == VERIFY_USE_SECONDARY_KEYRING) {
		#ifdef CONFIG_SECONDARY_TRUSTED_KEYRING
		trusted_keys = secondary_trusted_keys;
		#else

crypto/asymmetric_keys/pkcs7_key_type.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -63,7 +63,7 @@ static int pkcs7_preparse(struct key_preparsed_payload *prep)

		return verify_pkcs7_signature(NULL, 0,
		prep->data, prep->datalen,
		(void *)1UL, usage,
		VERIFY_USE_SECONDARY_KEYRING, usage,
		pkcs7_view_content, prep);
		}

include/linux/verification.h

+6 −0

Original line number	Diff line number	Diff line
		@@ -12,6 +12,12 @@
		#ifndef _LINUX_VERIFICATION_H
		#define _LINUX_VERIFICATION_H

		/*
		* Indicate that both builtin trusted keys and secondary trusted keys
		* should be used.
		*/
		#define VERIFY_USE_SECONDARY_KEYRING ((struct key *)1UL)

		/*
		* The use to which an asymmetric key is being put.
		*/