Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit dcf49dbc authored by David Howells's avatar David Howells
Browse files

keys: Add a 'recurse' flag for keyring searches 



Add a 'recurse' flag for keyring searches so that the flag can be omitted
and recursion disabled, thereby allowing just the nominated keyring to be
searched and none of the children.

Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
parent 355ef8e1

Documentation/security/keys/core.rst

+6 −4
Original line number Diff line number Diff line
@@ -1162,11 +1162,13 @@ payload contents" for more information. 


	key_ref_t keyring_search(key_ref_t keyring_ref,

				 const struct key_type *type,

				 const char *description)

				 const char *description,

				 bool recurse)



    This searches the keyring tree specified for a matching key. Error ENOKEY

    is returned upon failure (use IS_ERR/PTR_ERR to determine). If successful,

    the returned key will need to be released.

    This searches the specified keyring only (recurse == false) or keyring tree

    (recurse == true) specified for a matching key. Error ENOKEY is returned

    upon failure (use IS_ERR/PTR_ERR to determine). If successful, the returned

    key will need to be released.



    The possession attribute from the keyring reference is used to control

    access through the permissions mask and is propagated to the returned key

certs/blacklist.c

+1 −1
Original line number Diff line number Diff line
@@ -128,7 +128,7 @@ int is_hash_blacklisted(const u8 *hash, size_t hash_len, const char *type) 
	*p = 0;



	kref = keyring_search(make_key_ref(blacklist_keyring, true),

			      &key_type_blacklist, buffer);

			      &key_type_blacklist, buffer, false);

	if (!IS_ERR(kref)) {

		key_ref_put(kref);

		ret = -EKEYREJECTED;

crypto/asymmetric_keys/asymmetric_type.c

+1 −1
Original line number Diff line number Diff line
@@ -87,7 +87,7 @@ struct key *find_asymmetric_key(struct key *keyring, 
	pr_debug("Look up: \"%s\"\n", req);



	ref = keyring_search(make_key_ref(keyring, 1),

			     &key_type_asymmetric, req);

			     &key_type_asymmetric, req, true);

	if (IS_ERR(ref))

		pr_debug("Request for key '%s' err %ld\n", req, PTR_ERR(ref));

	kfree(req);

include/linux/key.h

+2 −1
Original line number Diff line number Diff line
@@ -341,7 +341,8 @@ extern int keyring_clear(struct key *keyring); 


extern key_ref_t keyring_search(key_ref_t keyring,

				struct key_type *type,

				const char *description);

				const char *description,

				bool recurse);



extern int keyring_add_key(struct key *keyring,

			   struct key *key);

lib/digsig.c

+1 −1
Original line number Diff line number Diff line
@@ -221,7 +221,7 @@ int digsig_verify(struct key *keyring, const char *sig, int siglen, 
		/* search in specific keyring */

		key_ref_t kref;

		kref = keyring_search(make_key_ref(keyring, 1UL),

						&key_type_user, name);

				      &key_type_user, name, true);

		if (IS_ERR(kref))

			key = ERR_CAST(kref);

		else