diff options
| author | Mat Martineau <mathew.j.martineau@linux.intel.com> | 2016-08-30 14:33:13 -0400 |
|---|---|---|
| committer | Mat Martineau <mathew.j.martineau@linux.intel.com> | 2017-04-03 13:24:56 -0400 |
| commit | aaf66c883813f0078e3dafe7d20d1461321ac14f (patch) | |
| tree | 5198162cc55309f8653a0a333c2cbdffc64debad /crypto/asymmetric_keys | |
| parent | 469ff8f7d46d75b36de68a0411a2ce80109ad00b (diff) | |
KEYS: Split role of the keyring pointer for keyring restrict functions
The first argument to the restrict_link_func_t functions was a keyring
pointer. These functions are called by the key subsystem with this
argument set to the destination keyring, but restrict_link_by_signature
expects a pointer to the relevant trusted keyring.
Restrict functions may need something other than a single struct key
pointer to allow or reject key linkage, so the data used to make that
decision (such as the trust keyring) is moved to a new, fourth
argument. The first argument is now always the destination keyring.
Signed-off-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
Diffstat (limited to 'crypto/asymmetric_keys')
| -rw-r--r-- | crypto/asymmetric_keys/restrict.c | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/crypto/asymmetric_keys/restrict.c b/crypto/asymmetric_keys/restrict.c index 19d1afb9890f..a3afbf783255 100644 --- a/crypto/asymmetric_keys/restrict.c +++ b/crypto/asymmetric_keys/restrict.c | |||
| @@ -56,9 +56,10 @@ __setup("ca_keys=", ca_keys_setup); | |||
| 56 | 56 | ||
| 57 | /** | 57 | /** |
| 58 | * restrict_link_by_signature - Restrict additions to a ring of public keys | 58 | * restrict_link_by_signature - Restrict additions to a ring of public keys |
| 59 | * @trust_keyring: A ring of keys that can be used to vouch for the new cert. | 59 | * @dest_keyring: Keyring being linked to. |
| 60 | * @type: The type of key being added. | 60 | * @type: The type of key being added. |
| 61 | * @payload: The payload of the new key. | 61 | * @payload: The payload of the new key. |
| 62 | * @trust_keyring: A ring of keys that can be used to vouch for the new cert. | ||
| 62 | * | 63 | * |
| 63 | * Check the new certificate against the ones in the trust keyring. If one of | 64 | * Check the new certificate against the ones in the trust keyring. If one of |
| 64 | * those is the signing key and validates the new certificate, then mark the | 65 | * those is the signing key and validates the new certificate, then mark the |
| @@ -69,9 +70,10 @@ __setup("ca_keys=", ca_keys_setup); | |||
| 69 | * signature check fails or the key is blacklisted and some other error if | 70 | * signature check fails or the key is blacklisted and some other error if |
| 70 | * there is a matching certificate but the signature check cannot be performed. | 71 | * there is a matching certificate but the signature check cannot be performed. |
| 71 | */ | 72 | */ |
| 72 | int restrict_link_by_signature(struct key *trust_keyring, | 73 | int restrict_link_by_signature(struct key *dest_keyring, |
| 73 | const struct key_type *type, | 74 | const struct key_type *type, |
| 74 | const union key_payload *payload) | 75 | const union key_payload *payload, |
| 76 | struct key *trust_keyring) | ||
| 75 | { | 77 | { |
| 76 | const struct public_key_signature *sig; | 78 | const struct public_key_signature *sig; |
| 77 | struct key *key; | 79 | struct key *key; |