author | Yannik Sembritzki <yannik@sembritzki.me> | 2018-08-16 13:05:10 (GMT) |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2018-09-09 18:01:23 (GMT) |
commit | 40b08cdac9ae0877dd39d2dcfe2f8c7c68c8ce59 (patch) | |
tree | 35961b0d837b1c0e3a0641c49dbfb0b305a1b7c9 | |
parent | ba99ff79ac84a768cc9163897ec6b616bd14858f (diff) | |
download | common-40b08cdac9ae0877dd39d2dcfe2f8c7c68c8ce59.zip common-40b08cdac9ae0877dd39d2dcfe2f8c7c68c8ce59.tar.gz common-40b08cdac9ae0877dd39d2dcfe2f8c7c68c8ce59.tar.bz2 |
Replace magic for trusting the secondary keyring with #define
commit 817aef260037f33ee0f44c17fe341323d3aebd6d upstream.
Replace the use of a magic number that indicates that verify_*_signature()
should use the secondary keyring with a symbol.
Signed-off-by: Yannik Sembritzki <yannik@sembritzki.me>
Signed-off-by: David Howells <dhowells@redhat.com>
Cc: keyrings@vger.kernel.org
Cc: linux-security-module@vger.kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-rw-r--r-- | certs/system_keyring.c | 3 | ||||
-rw-r--r-- | crypto/asymmetric_keys/pkcs7_key_type.c | 2 | ||||
-rw-r--r-- | include/linux/verification.h | 6 |
3 files changed, 9 insertions, 2 deletions
diff --git a/certs/system_keyring.c b/certs/system_keyring.c index 50979d6..2476650 100644 --- a/certs/system_keyring.c +++ b/certs/system_keyring.c @@ -14,6 +14,7 @@ #include <linux/sched.h> #include <linux/cred.h> #include <linux/err.h> +#include <linux/verification.h> #include <keys/asymmetric-type.h> #include <keys/system_keyring.h> #include <crypto/pkcs7.h> @@ -207,7 +208,7 @@ int verify_pkcs7_signature(const void *data, size_t len, if (!trusted_keys) { trusted_keys = builtin_trusted_keys; - } else if (trusted_keys == (void *)1UL) { + } else if (trusted_keys == VERIFY_USE_SECONDARY_KEYRING) { #ifdef CONFIG_SECONDARY_TRUSTED_KEYRING trusted_keys = secondary_trusted_keys; #else diff --git a/crypto/asymmetric_keys/pkcs7_key_type.c b/crypto/asymmetric_keys/pkcs7_key_type.c index 1063b64..b2aa925 100644 --- a/crypto/asymmetric_keys/pkcs7_key_type.c +++ b/crypto/asymmetric_keys/pkcs7_key_type.c @@ -62,7 +62,7 @@ static int pkcs7_preparse(struct key_preparsed_payload *prep) return verify_pkcs7_signature(NULL, 0, prep->data, prep->datalen, - (void *)1UL, usage, + VERIFY_USE_SECONDARY_KEYRING, usage, pkcs7_view_content, prep); } diff --git a/include/linux/verification.h b/include/linux/verification.h index a10549a..cfa4730 100644 --- a/include/linux/verification.h +++ b/include/linux/verification.h @@ -13,6 +13,12 @@ #define _LINUX_VERIFICATION_H /* + * Indicate that both builtin trusted keys and secondary trusted keys + * should be used. + */ +#define VERIFY_USE_SECONDARY_KEYRING ((struct key *)1UL) + +/* * The use to which an asymmetric key is being put. */ enum key_being_used_for { |