| blacklist.c (56c5812623f95313f6a46fbf0beee7fa17c68bbf) | blacklist.c (d1f044103dad70c1cec0a8f3abdf00834fec8b98) |
|---|---|
| 1// SPDX-License-Identifier: GPL-2.0-or-later 2/* System hash blacklist. 3 * 4 * Copyright (C) 2016 Red Hat, Inc. All Rights Reserved. 5 * Written by David Howells (dhowells@redhat.com) 6 */ 7 8#define pr_fmt(fmt) "blacklist: "fmt 9#include <linux/module.h> 10#include <linux/slab.h> 11#include <linux/key.h> 12#include <linux/key-type.h> 13#include <linux/sched.h> 14#include <linux/ctype.h> 15#include <linux/err.h> 16#include <linux/seq_file.h> 17#include <linux/uidgid.h> 18#include <keys/system_keyring.h> 19#include "blacklist.h" | 1// SPDX-License-Identifier: GPL-2.0-or-later 2/* System hash blacklist. 3 * 4 * Copyright (C) 2016 Red Hat, Inc. All Rights Reserved. 5 * Written by David Howells (dhowells@redhat.com) 6 */ 7 8#define pr_fmt(fmt) "blacklist: "fmt 9#include <linux/module.h> 10#include <linux/slab.h> 11#include <linux/key.h> 12#include <linux/key-type.h> 13#include <linux/sched.h> 14#include <linux/ctype.h> 15#include <linux/err.h> 16#include <linux/seq_file.h> 17#include <linux/uidgid.h> 18#include <keys/system_keyring.h> 19#include "blacklist.h" |
| 20#include "common.h" |
|
| 20 21static struct key *blacklist_keyring; 22 | 21 22static struct key *blacklist_keyring; 23 |
| 24#ifdef CONFIG_SYSTEM_REVOCATION_LIST 25extern __initconst const u8 revocation_certificate_list[]; 26extern __initconst const unsigned long revocation_certificate_list_size; 27#endif 28 |
|
| 23/* 24 * The description must be a type prefix, a colon and then an even number of 25 * hex digits. The hash is kept in the description. 26 */ 27static int blacklist_vet_description(const char *desc) 28{ 29 int n = 0; 30 --- 184 unchanged lines hidden (view full) --- 215 pr_err("- blacklisting failed\n"); 216 return 0; 217} 218 219/* 220 * Must be initialised before we try and load the keys into the keyring. 221 */ 222device_initcall(blacklist_init); | 29/* 30 * The description must be a type prefix, a colon and then an even number of 31 * hex digits. The hash is kept in the description. 32 */ 33static int blacklist_vet_description(const char *desc) 34{ 35 int n = 0; 36 --- 184 unchanged lines hidden (view full) --- 221 pr_err("- blacklisting failed\n"); 222 return 0; 223} 224 225/* 226 * Must be initialised before we try and load the keys into the keyring. 227 */ 228device_initcall(blacklist_init); |
| 229 230#ifdef CONFIG_SYSTEM_REVOCATION_LIST 231/* 232 * Load the compiled-in list of revocation X.509 certificates. 233 */ 234static __init int load_revocation_certificate_list(void) 235{ 236 if (revocation_certificate_list_size) 237 pr_notice("Loading compiled-in revocation X.509 certificates\n"); 238 239 return load_certificate_list(revocation_certificate_list, revocation_certificate_list_size, 240 blacklist_keyring); 241} 242late_initcall(load_revocation_certificate_list); 243#endif |
|