| From 817aef260037f33ee0f44c17fe341323d3aebd6d Mon Sep 17 00:00:00 2001 |
| From: Yannik Sembritzki <yannik@sembritzki.me> |
| Date: Thu, 16 Aug 2018 14:05:10 +0100 |
| Subject: Replace magic for trusting the secondary keyring with #define |
| |
| From: Yannik Sembritzki <yannik@sembritzki.me> |
| |
| commit 817aef260037f33ee0f44c17fe341323d3aebd6d upstream. |
| |
| Replace the use of a magic number that indicates that verify_*_signature() |
| should use the secondary keyring with a symbol. |
| |
| Signed-off-by: Yannik Sembritzki <yannik@sembritzki.me> |
| Signed-off-by: David Howells <dhowells@redhat.com> |
| Cc: keyrings@vger.kernel.org |
| Cc: linux-security-module@vger.kernel.org |
| Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| |
| --- |
| certs/system_keyring.c | 3 ++- |
| crypto/asymmetric_keys/pkcs7_key_type.c | 2 +- |
| include/linux/verification.h | 6 ++++++ |
| 3 files changed, 9 insertions(+), 2 deletions(-) |
| |
| --- a/certs/system_keyring.c |
| +++ b/certs/system_keyring.c |
| @@ -15,6 +15,7 @@ |
| #include <linux/cred.h> |
| #include <linux/err.h> |
| #include <linux/slab.h> |
| +#include <linux/verification.h> |
| #include <keys/asymmetric-type.h> |
| #include <keys/system_keyring.h> |
| #include <crypto/pkcs7.h> |
| @@ -230,7 +231,7 @@ int verify_pkcs7_signature(const void *d |
| |
| if (!trusted_keys) { |
| trusted_keys = builtin_trusted_keys; |
| - } else if (trusted_keys == (void *)1UL) { |
| + } else if (trusted_keys == VERIFY_USE_SECONDARY_KEYRING) { |
| #ifdef CONFIG_SECONDARY_TRUSTED_KEYRING |
| trusted_keys = secondary_trusted_keys; |
| #else |
| --- a/crypto/asymmetric_keys/pkcs7_key_type.c |
| +++ b/crypto/asymmetric_keys/pkcs7_key_type.c |
| @@ -62,7 +62,7 @@ static int pkcs7_preparse(struct key_pre |
| |
| return verify_pkcs7_signature(NULL, 0, |
| prep->data, prep->datalen, |
| - (void *)1UL, usage, |
| + VERIFY_USE_SECONDARY_KEYRING, usage, |
| pkcs7_view_content, prep); |
| } |
| |
| --- a/include/linux/verification.h |
| +++ b/include/linux/verification.h |
| @@ -13,6 +13,12 @@ |
| #define _LINUX_VERIFICATION_H |
| |
| /* |
| + * Indicate that both builtin trusted keys and secondary trusted keys |
| + * should be used. |
| + */ |
| +#define VERIFY_USE_SECONDARY_KEYRING ((struct key *)1UL) |
| + |
| +/* |
| * The use to which an asymmetric key is being put. |
| */ |
| enum key_being_used_for { |