| system_keyring.c (03ab8e6297acd1bc0eedaa050e2a1635c576fd11) | system_keyring.c (60050ffe3d770dd1df5b641aa48f49d07a54bd84) |
|---|---|
| 1// SPDX-License-Identifier: GPL-2.0-or-later 2/* System trusted keyring for trusted public keys 3 * 4 * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved. 5 * Written by David Howells (dhowells@redhat.com) 6 */ 7 8#include <linux/export.h> 9#include <linux/kernel.h> 10#include <linux/sched.h> 11#include <linux/cred.h> 12#include <linux/err.h> 13#include <linux/slab.h> 14#include <linux/uidgid.h> 15#include <linux/verification.h> 16#include <keys/asymmetric-type.h> 17#include <keys/system_keyring.h> 18#include <crypto/pkcs7.h> | 1// SPDX-License-Identifier: GPL-2.0-or-later 2/* System trusted keyring for trusted public keys 3 * 4 * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved. 5 * Written by David Howells (dhowells@redhat.com) 6 */ 7 8#include <linux/export.h> 9#include <linux/kernel.h> 10#include <linux/sched.h> 11#include <linux/cred.h> 12#include <linux/err.h> 13#include <linux/slab.h> 14#include <linux/uidgid.h> 15#include <linux/verification.h> 16#include <keys/asymmetric-type.h> 17#include <keys/system_keyring.h> 18#include <crypto/pkcs7.h> |
| 19#include "common.h" | |
| 20 21static struct key *builtin_trusted_keys; 22#ifdef CONFIG_SECONDARY_TRUSTED_KEYRING 23static struct key *secondary_trusted_keys; 24#endif 25#ifdef CONFIG_INTEGRITY_MACHINE_KEYRING 26static struct key *machine_trusted_keys; 27#endif --- 150 unchanged lines hidden (view full) --- 178 179__init int load_module_cert(struct key *keyring) 180{ 181 if (!IS_ENABLED(CONFIG_IMA_APPRAISE_MODSIG)) 182 return 0; 183 184 pr_notice("Loading compiled-in module X.509 certificates\n"); 185 | 19 20static struct key *builtin_trusted_keys; 21#ifdef CONFIG_SECONDARY_TRUSTED_KEYRING 22static struct key *secondary_trusted_keys; 23#endif 24#ifdef CONFIG_INTEGRITY_MACHINE_KEYRING 25static struct key *machine_trusted_keys; 26#endif --- 150 unchanged lines hidden (view full) --- 177 178__init int load_module_cert(struct key *keyring) 179{ 180 if (!IS_ENABLED(CONFIG_IMA_APPRAISE_MODSIG)) 181 return 0; 182 183 pr_notice("Loading compiled-in module X.509 certificates\n"); 184 |
| 186 return load_certificate_list(system_certificate_list, module_cert_size, keyring); | 185 return x509_load_certificate_list(system_certificate_list, 186 module_cert_size, keyring); |
| 187} 188 189/* 190 * Load the compiled-in list of X.509 certificates. 191 */ 192static __init int load_system_certificate_list(void) 193{ 194 const u8 *p; --- 4 unchanged lines hidden (view full) --- 199#ifdef CONFIG_MODULE_SIG 200 p = system_certificate_list; 201 size = system_certificate_list_size; 202#else 203 p = system_certificate_list + module_cert_size; 204 size = system_certificate_list_size - module_cert_size; 205#endif 206 | 187} 188 189/* 190 * Load the compiled-in list of X.509 certificates. 191 */ 192static __init int load_system_certificate_list(void) 193{ 194 const u8 *p; --- 4 unchanged lines hidden (view full) --- 199#ifdef CONFIG_MODULE_SIG 200 p = system_certificate_list; 201 size = system_certificate_list_size; 202#else 203 p = system_certificate_list + module_cert_size; 204 size = system_certificate_list_size - module_cert_size; 205#endif 206 |
| 207 return load_certificate_list(p, size, builtin_trusted_keys); | 207 return x509_load_certificate_list(p, size, builtin_trusted_keys); |
| 208} 209late_initcall(load_system_certificate_list); 210 211#ifdef CONFIG_SYSTEM_DATA_VERIFICATION 212 213/** 214 * verify_pkcs7_message_sig - Verify a PKCS#7-based signature on system data. 215 * @data: The data to be verified (NULL if expecting internal data). --- 126 unchanged lines hidden --- | 208} 209late_initcall(load_system_certificate_list); 210 211#ifdef CONFIG_SYSTEM_DATA_VERIFICATION 212 213/** 214 * verify_pkcs7_message_sig - Verify a PKCS#7-based signature on system data. 215 * @data: The data to be verified (NULL if expecting internal data). --- 126 unchanged lines hidden --- |