提交 817aef26 编写于 作者: Y Yannik Sembritzki 提交者: Linus Torvalds

Replace magic for trusting the secondary keyring with #define

Replace the use of a magic number that indicates that verify_*_signature()
should use the secondary keyring with a symbol.
Signed-off-by: NYannik Sembritzki <yannik@sembritzki.me>
Signed-off-by: NDavid Howells <dhowells@redhat.com>
Cc: keyrings@vger.kernel.org
Cc: linux-security-module@vger.kernel.org
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
上级 4e31843f
...@@ -15,6 +15,7 @@ ...@@ -15,6 +15,7 @@
#include <linux/cred.h> #include <linux/cred.h>
#include <linux/err.h> #include <linux/err.h>
#include <linux/slab.h> #include <linux/slab.h>
#include <linux/verification.h>
#include <keys/asymmetric-type.h> #include <keys/asymmetric-type.h>
#include <keys/system_keyring.h> #include <keys/system_keyring.h>
#include <crypto/pkcs7.h> #include <crypto/pkcs7.h>
...@@ -230,7 +231,7 @@ int verify_pkcs7_signature(const void *data, size_t len, ...@@ -230,7 +231,7 @@ int verify_pkcs7_signature(const void *data, size_t len,
if (!trusted_keys) { if (!trusted_keys) {
trusted_keys = builtin_trusted_keys; trusted_keys = builtin_trusted_keys;
} else if (trusted_keys == (void *)1UL) { } else if (trusted_keys == VERIFY_USE_SECONDARY_KEYRING) {
#ifdef CONFIG_SECONDARY_TRUSTED_KEYRING #ifdef CONFIG_SECONDARY_TRUSTED_KEYRING
trusted_keys = secondary_trusted_keys; trusted_keys = secondary_trusted_keys;
#else #else
......
...@@ -63,7 +63,7 @@ static int pkcs7_preparse(struct key_preparsed_payload *prep) ...@@ -63,7 +63,7 @@ static int pkcs7_preparse(struct key_preparsed_payload *prep)
return verify_pkcs7_signature(NULL, 0, return verify_pkcs7_signature(NULL, 0,
prep->data, prep->datalen, prep->data, prep->datalen,
(void *)1UL, usage, VERIFY_USE_SECONDARY_KEYRING, usage,
pkcs7_view_content, prep); pkcs7_view_content, prep);
} }
......
...@@ -12,6 +12,12 @@ ...@@ -12,6 +12,12 @@
#ifndef _LINUX_VERIFICATION_H #ifndef _LINUX_VERIFICATION_H
#define _LINUX_VERIFICATION_H #define _LINUX_VERIFICATION_H
/*
* Indicate that both builtin trusted keys and secondary trusted keys
* should be used.
*/
#define VERIFY_USE_SECONDARY_KEYRING ((struct key *)1UL)
/* /*
* The use to which an asymmetric key is being put. * The use to which an asymmetric key is being put.
*/ */
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册