summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorYannik Sembritzki <yannik@sembritzki.me>2018-08-16 14:05:10 +0100
committerLinus Torvalds <torvalds@linux-foundation.org>2018-08-16 09:57:20 -0700
commit817aef260037f33ee0f44c17fe341323d3aebd6d (patch)
tree8f193bce3aa82797c09874cb7ea8274f9dc2e79c
parent4e31843f681c34f7185e7d169fe627c9d891ce2c (diff)
downloadlwn-817aef260037f33ee0f44c17fe341323d3aebd6d.tar.gz
lwn-817aef260037f33ee0f44c17fe341323d3aebd6d.zip
Replace magic for trusting the secondary keyring with #define
Replace the use of a magic number that indicates that verify_*_signature() should use the secondary keyring with a symbol. Signed-off-by: Yannik Sembritzki <yannik@sembritzki.me> Signed-off-by: David Howells <dhowells@redhat.com> Cc: keyrings@vger.kernel.org Cc: linux-security-module@vger.kernel.org Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-rw-r--r--certs/system_keyring.c3
-rw-r--r--crypto/asymmetric_keys/pkcs7_key_type.c2
-rw-r--r--include/linux/verification.h6
3 files changed, 9 insertions, 2 deletions
diff --git a/certs/system_keyring.c b/certs/system_keyring.c
index 6251d1b27f0c..81728717523d 100644
--- a/certs/system_keyring.c
+++ b/certs/system_keyring.c
@@ -15,6 +15,7 @@
#include <linux/cred.h>
#include <linux/err.h>
#include <linux/slab.h>
+#include <linux/verification.h>
#include <keys/asymmetric-type.h>
#include <keys/system_keyring.h>
#include <crypto/pkcs7.h>
@@ -230,7 +231,7 @@ int verify_pkcs7_signature(const void *data, size_t len,
if (!trusted_keys) {
trusted_keys = builtin_trusted_keys;
- } else if (trusted_keys == (void *)1UL) {
+ } else if (trusted_keys == VERIFY_USE_SECONDARY_KEYRING) {
#ifdef CONFIG_SECONDARY_TRUSTED_KEYRING
trusted_keys = secondary_trusted_keys;
#else
diff --git a/crypto/asymmetric_keys/pkcs7_key_type.c b/crypto/asymmetric_keys/pkcs7_key_type.c
index e284d9cb9237..5b2f6a2b5585 100644
--- a/crypto/asymmetric_keys/pkcs7_key_type.c
+++ b/crypto/asymmetric_keys/pkcs7_key_type.c
@@ -63,7 +63,7 @@ static int pkcs7_preparse(struct key_preparsed_payload *prep)
return verify_pkcs7_signature(NULL, 0,
prep->data, prep->datalen,
- (void *)1UL, usage,
+ VERIFY_USE_SECONDARY_KEYRING, usage,
pkcs7_view_content, prep);
}
diff --git a/include/linux/verification.h b/include/linux/verification.h
index a10549a6c7cd..cfa4730d607a 100644
--- a/include/linux/verification.h
+++ b/include/linux/verification.h
@@ -13,6 +13,12 @@
#define _LINUX_VERIFICATION_H
/*
+ * Indicate that both builtin trusted keys and secondary trusted keys
+ * should be used.
+ */
+#define VERIFY_USE_SECONDARY_KEYRING ((struct key *)1UL)
+
+/*
* The use to which an asymmetric key is being put.
*/
enum key_being_used_for {