diff options
| author | Yannik Sembritzki <yannik@sembritzki.me> | 2018-08-16 09:05:10 -0400 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2018-08-16 12:57:20 -0400 |
| commit | 817aef260037f33ee0f44c17fe341323d3aebd6d (patch) | |
| tree | 8f193bce3aa82797c09874cb7ea8274f9dc2e79c | |
| parent | 4e31843f681c34f7185e7d169fe627c9d891ce2c (diff) | |
Replace magic for trusting the secondary keyring with #define
Replace the use of a magic number that indicates that verify_*_signature()
should use the secondary keyring with a symbol.
Signed-off-by: Yannik Sembritzki <yannik@sembritzki.me>
Signed-off-by: David Howells <dhowells@redhat.com>
Cc: keyrings@vger.kernel.org
Cc: linux-security-module@vger.kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
| -rw-r--r-- | certs/system_keyring.c | 3 | ||||
| -rw-r--r-- | crypto/asymmetric_keys/pkcs7_key_type.c | 2 | ||||
| -rw-r--r-- | include/linux/verification.h | 6 |
3 files changed, 9 insertions, 2 deletions
diff --git a/certs/system_keyring.c b/certs/system_keyring.c index 6251d1b27f0c..81728717523d 100644 --- a/certs/system_keyring.c +++ b/certs/system_keyring.c | |||
| @@ -15,6 +15,7 @@ | |||
| 15 | #include <linux/cred.h> | 15 | #include <linux/cred.h> |
| 16 | #include <linux/err.h> | 16 | #include <linux/err.h> |
| 17 | #include <linux/slab.h> | 17 | #include <linux/slab.h> |
| 18 | #include <linux/verification.h> | ||
| 18 | #include <keys/asymmetric-type.h> | 19 | #include <keys/asymmetric-type.h> |
| 19 | #include <keys/system_keyring.h> | 20 | #include <keys/system_keyring.h> |
| 20 | #include <crypto/pkcs7.h> | 21 | #include <crypto/pkcs7.h> |
| @@ -230,7 +231,7 @@ int verify_pkcs7_signature(const void *data, size_t len, | |||
| 230 | 231 | ||
| 231 | if (!trusted_keys) { | 232 | if (!trusted_keys) { |
| 232 | trusted_keys = builtin_trusted_keys; | 233 | trusted_keys = builtin_trusted_keys; |
| 233 | } else if (trusted_keys == (void *)1UL) { | 234 | } else if (trusted_keys == VERIFY_USE_SECONDARY_KEYRING) { |
| 234 | #ifdef CONFIG_SECONDARY_TRUSTED_KEYRING | 235 | #ifdef CONFIG_SECONDARY_TRUSTED_KEYRING |
| 235 | trusted_keys = secondary_trusted_keys; | 236 | trusted_keys = secondary_trusted_keys; |
| 236 | #else | 237 | #else |
diff --git a/crypto/asymmetric_keys/pkcs7_key_type.c b/crypto/asymmetric_keys/pkcs7_key_type.c index e284d9cb9237..5b2f6a2b5585 100644 --- a/crypto/asymmetric_keys/pkcs7_key_type.c +++ b/crypto/asymmetric_keys/pkcs7_key_type.c | |||
| @@ -63,7 +63,7 @@ static int pkcs7_preparse(struct key_preparsed_payload *prep) | |||
| 63 | 63 | ||
| 64 | return verify_pkcs7_signature(NULL, 0, | 64 | return verify_pkcs7_signature(NULL, 0, |
| 65 | prep->data, prep->datalen, | 65 | prep->data, prep->datalen, |
| 66 | (void *)1UL, usage, | 66 | VERIFY_USE_SECONDARY_KEYRING, usage, |
| 67 | pkcs7_view_content, prep); | 67 | pkcs7_view_content, prep); |
| 68 | } | 68 | } |
| 69 | 69 | ||
diff --git a/include/linux/verification.h b/include/linux/verification.h index a10549a6c7cd..cfa4730d607a 100644 --- a/include/linux/verification.h +++ b/include/linux/verification.h | |||
| @@ -13,6 +13,12 @@ | |||
| 13 | #define _LINUX_VERIFICATION_H | 13 | #define _LINUX_VERIFICATION_H |
| 14 | 14 | ||
| 15 | /* | 15 | /* |
| 16 | * Indicate that both builtin trusted keys and secondary trusted keys | ||
| 17 | * should be used. | ||
| 18 | */ | ||
| 19 | #define VERIFY_USE_SECONDARY_KEYRING ((struct key *)1UL) | ||
| 20 | |||
| 21 | /* | ||
| 16 | * The use to which an asymmetric key is being put. | 22 | * The use to which an asymmetric key is being put. |
| 17 | */ | 23 | */ |
| 18 | enum key_being_used_for { | 24 | enum key_being_used_for { |