Skip to content

Commit

Permalink
Replace magic for trusting the secondary keyring with #define
Browse files Browse the repository at this point in the history
Replace the use of a magic number that indicates that verify_*_signature()
should use the secondary keyring with a symbol.

Signed-off-by: Yannik Sembritzki <[email protected]>
Signed-off-by: David Howells <[email protected]>
Cc: [email protected]
Cc: [email protected]
Signed-off-by: Linus Torvalds <[email protected]>
  • Loading branch information
Yannik authored and torvalds committed Aug 16, 2018
1 parent 4e31843 commit 817aef2
Show file tree
Hide file tree
Showing 3 changed files with 9 additions and 2 deletions.
3 changes: 2 additions & 1 deletion certs/system_keyring.c
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@
#include <linux/cred.h>
#include <linux/err.h>
#include <linux/slab.h>
#include <linux/verification.h>
#include <keys/asymmetric-type.h>
#include <keys/system_keyring.h>
#include <crypto/pkcs7.h>
Expand Down Expand Up @@ -230,7 +231,7 @@ int verify_pkcs7_signature(const void *data, size_t len,

if (!trusted_keys) {
trusted_keys = builtin_trusted_keys;
} else if (trusted_keys == (void *)1UL) {
} else if (trusted_keys == VERIFY_USE_SECONDARY_KEYRING) {
#ifdef CONFIG_SECONDARY_TRUSTED_KEYRING
trusted_keys = secondary_trusted_keys;
#else
Expand Down
2 changes: 1 addition & 1 deletion crypto/asymmetric_keys/pkcs7_key_type.c
Original file line number Diff line number Diff line change
Expand Up @@ -63,7 +63,7 @@ static int pkcs7_preparse(struct key_preparsed_payload *prep)

return verify_pkcs7_signature(NULL, 0,
prep->data, prep->datalen,
(void *)1UL, usage,
VERIFY_USE_SECONDARY_KEYRING, usage,
pkcs7_view_content, prep);
}

Expand Down
6 changes: 6 additions & 0 deletions include/linux/verification.h
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,12 @@
#ifndef _LINUX_VERIFICATION_H
#define _LINUX_VERIFICATION_H

/*
* Indicate that both builtin trusted keys and secondary trusted keys
* should be used.
*/
#define VERIFY_USE_SECONDARY_KEYRING ((struct key *)1UL)

/*
* The use to which an asymmetric key is being put.
*/
Expand Down

0 comments on commit 817aef2

Please sign in to comment.