Replace magic for trusting the secondary keyring with #define
Replace the use of a magic number that indicates that verify_*_signature() should use the secondary keyring with a symbol. Signed-off-by: Yannik Sembritzki <yannik@sembritzki.me> Signed-off-by: David Howells <dhowells@redhat.com> Cc: keyrings@vger.kernel.org Cc: linux-security-module@vger.kernel.org Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This commit is contained in:
parent
4e31843f68
commit
817aef2600
3 changed files with 9 additions and 2 deletions
|
@ -15,6 +15,7 @@
|
|||
#include <linux/cred.h>
|
||||
#include <linux/err.h>
|
||||
#include <linux/slab.h>
|
||||
#include <linux/verification.h>
|
||||
#include <keys/asymmetric-type.h>
|
||||
#include <keys/system_keyring.h>
|
||||
#include <crypto/pkcs7.h>
|
||||
|
@ -230,7 +231,7 @@ int verify_pkcs7_signature(const void *data, size_t len,
|
|||
|
||||
if (!trusted_keys) {
|
||||
trusted_keys = builtin_trusted_keys;
|
||||
} else if (trusted_keys == (void *)1UL) {
|
||||
} else if (trusted_keys == VERIFY_USE_SECONDARY_KEYRING) {
|
||||
#ifdef CONFIG_SECONDARY_TRUSTED_KEYRING
|
||||
trusted_keys = secondary_trusted_keys;
|
||||
#else
|
||||
|
|
|
@ -63,7 +63,7 @@ static int pkcs7_preparse(struct key_preparsed_payload *prep)
|
|||
|
||||
return verify_pkcs7_signature(NULL, 0,
|
||||
prep->data, prep->datalen,
|
||||
(void *)1UL, usage,
|
||||
VERIFY_USE_SECONDARY_KEYRING, usage,
|
||||
pkcs7_view_content, prep);
|
||||
}
|
||||
|
||||
|
|
|
@ -12,6 +12,12 @@
|
|||
#ifndef _LINUX_VERIFICATION_H
|
||||
#define _LINUX_VERIFICATION_H
|
||||
|
||||
/*
|
||||
* Indicate that both builtin trusted keys and secondary trusted keys
|
||||
* should be used.
|
||||
*/
|
||||
#define VERIFY_USE_SECONDARY_KEYRING ((struct key *)1UL)
|
||||
|
||||
/*
|
||||
* The use to which an asymmetric key is being put.
|
||||
*/
|
||||
|
|
Loading…
Reference in a new issue