| --- a/compat/verification/pkcs7_trust.c |
| +++ b/compat/verification/pkcs7_trust.c |
| @@ -116,7 +116,7 @@ static int pkcs7_validate_trust_one(stru |
| return -ENOKEY; |
| |
| matched: |
| - ret = verify_signature(key, sig); |
| + ret = public_key_verify_signature(key->public_key, sig); |
| key_put(key); |
| if (ret < 0) { |
| if (ret == -ENOMEM) |
| --- a/compat/verification/x509_public_key.c |
| +++ b/compat/verification/x509_public_key.c |
| @@ -13,11 +13,8 @@ |
| #include <linux/module.h> |
| #include <linux/kernel.h> |
| #include <linux/slab.h> |
| -#include <keys/asymmetric-subtype.h> |
| -#include <keys/asymmetric-parser.h> |
| #include <keys/system_keyring.h> |
| #include <crypto/hash.h> |
| -#include "asymmetric_keys.h" |
| #include "x509_parser.h" |
| |
| /* |
| @@ -155,6 +152,7 @@ not_self_signed: |
| return 0; |
| } |
| |
| +#if 0 |
| /* |
| * Attempt to parse a data blob for a key as an X509 certificate. |
| */ |
| @@ -273,3 +271,4 @@ module_exit(x509_key_exit); |
| MODULE_DESCRIPTION("X.509 certificate parser"); |
| MODULE_AUTHOR("Red Hat, Inc."); |
| MODULE_LICENSE("GPL"); |
| +#endif |
| --- a/include/crypto/pkcs7.h |
| +++ b/include/crypto/pkcs7.h |
| @@ -2,5 +2,10 @@ |
| #ifndef CPTCFG_BPAUTO_PKCS7 |
| #include_next <crypto/pkcs7.h> |
| #else |
| +#define pkcs7_verify LINUX_BACKPORT(pkcs7_verify) |
| +#define pkcs7_get_content_data LINUX_BACKPORT(pkcs7_get_content_data) |
| +#define pkcs7_parse_message LINUX_BACKPORT(pkcs7_parse_message) |
| +#define pkcs7_free_message LINUX_BACKPORT(pkcs7_free_message) |
| +#define pkcs7_validate_trust LINUX_BACKPORT(pkcs7_validate_trust) |
| #include <crypto/backport-pkcs7.h> |
| #endif /* CPTCFG_BPAUTO_PKCS7 */ |
| --- a/compat/verification/x509_parser.h |
| +++ b/compat/verification/x509_parser.h |
| @@ -13,6 +13,10 @@ |
| #include <crypto/public_key.h> |
| #include <keys/asymmetric-type.h> |
| |
| +#define x509_decode_time LINUX_BACKPORT(x509_decode_time) |
| +#define x509_cert_parse LINUX_BACKPORT(x509_cert_parse) |
| +#define x509_free_certificate LINUX_BACKPORT(x509_free_certificate) |
| + |
| struct x509_certificate { |
| struct x509_certificate *next; |
| struct x509_certificate *signer; /* Certificate that signed this one */ |
| --- a/include/crypto/backport-public_key.h |
| +++ b/include/crypto/backport-public_key.h |
| @@ -50,34 +50,6 @@ extern void public_key_signature_free(st |
| |
| extern struct asymmetric_key_subtype public_key_subtype; |
| |
| -struct key; |
| -struct key_type; |
| -union key_payload; |
| - |
| -extern int restrict_link_by_signature(struct key *dest_keyring, |
| - const struct key_type *type, |
| - const union key_payload *payload, |
| - struct key *trust_keyring); |
| - |
| -extern int restrict_link_by_key_or_keyring(struct key *dest_keyring, |
| - const struct key_type *type, |
| - const union key_payload *payload, |
| - struct key *trusted); |
| - |
| -extern int restrict_link_by_key_or_keyring_chain(struct key *trust_keyring, |
| - const struct key_type *type, |
| - const union key_payload *payload, |
| - struct key *trusted); |
| - |
| -extern int query_asymmetric_key(const struct kernel_pkey_params *, |
| - struct kernel_pkey_query *); |
| - |
| -extern int encrypt_blob(struct kernel_pkey_params *, const void *, void *); |
| -extern int decrypt_blob(struct kernel_pkey_params *, const void *, void *); |
| -extern int create_signature(struct kernel_pkey_params *, const void *, void *); |
| -extern int verify_signature(const struct key *, |
| - const struct public_key_signature *); |
| - |
| int public_key_verify_signature(const struct public_key *pkey, |
| const struct public_key_signature *sig); |
| |