Replace magic for trusting the secondary keyring with #define

Replace the use of a magic number that indicates that verify_*_signature()
should use the secondary keyring with a symbol.

Signed-off-by: Yannik Sembritzki <yannik@sembritzki.me>
Signed-off-by: David Howells <dhowells@redhat.com>
Cc: keyrings@vger.kernel.org
Cc: linux-security-module@vger.kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

diff --git a/certs/system_keyring.c b/certs/system_keyring.c
index 6251d1b27f0cbd1414287770c8510774a61ba4bc..81728717523d0513ff5cbff1e497c9e81a7fb7dc 100644 (file)
--- a/certs/system_keyring.c
+++ b/certs/system_keyring.c
@@ -15,6 +15,7 @@
 #include <linux/cred.h>
 #include <linux/err.h>
 #include <linux/slab.h>
+#include <linux/verification.h>
 #include <keys/asymmetric-type.h>
 #include <keys/system_keyring.h>
 #include <crypto/pkcs7.h>
@@ -230,7 +231,7 @@ int verify_pkcs7_signature(const void *data, size_t len,
 
        if (!trusted_keys) {
                trusted_keys = builtin_trusted_keys;
-       } else if (trusted_keys == (void *)1UL) {
+       } else if (trusted_keys == VERIFY_USE_SECONDARY_KEYRING) {
 #ifdef CONFIG_SECONDARY_TRUSTED_KEYRING
                trusted_keys = secondary_trusted_keys;
 #else

diff --git a/crypto/asymmetric_keys/pkcs7_key_type.c b/crypto/asymmetric_keys/pkcs7_key_type.c
index e284d9cb9237bfff0e86ebc7370c35fb7b58fee4..5b2f6a2b5585578a03303b2f8099ed951cd97a2d 100644 (file)
--- a/crypto/asymmetric_keys/pkcs7_key_type.c
+++ b/crypto/asymmetric_keys/pkcs7_key_type.c
@@ -63,7 +63,7 @@ static int pkcs7_preparse(struct key_preparsed_payload *prep)
 
        return verify_pkcs7_signature(NULL, 0,
                                      prep->data, prep->datalen,
-                                     (void *)1UL, usage,
+                                     VERIFY_USE_SECONDARY_KEYRING, usage,
                                      pkcs7_view_content, prep);
 }
 

diff --git a/include/linux/verification.h b/include/linux/verification.h
index a10549a6c7cdfa72d805d5509fc9c1286c36324b..cfa4730d607aa2edc95364f2e09dca1f0e442407 100644 (file)
--- a/include/linux/verification.h
+++ b/include/linux/verification.h
@@ -12,6 +12,12 @@
 #ifndef _LINUX_VERIFICATION_H
 #define _LINUX_VERIFICATION_H
 
+/*
+ * Indicate that both builtin trusted keys and secondary trusted keys
+ * should be used.
+ */
+#define VERIFY_USE_SECONDARY_KEYRING ((struct key *)1UL)
+
 /*
  * The use to which an asymmetric key is being put.
  */