tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
certs: Move load_certificate_list() to be with the asymmetric keys code
Move load_certificate_list(), which loads a series of binary X.509
certificates from a blob and inserts them as keys into a keyring, to be
with the asymmetric keys code that it drives.
This makes it easier to add FIPS selftest code in which we need to load up
a private keyring for the tests to use.
Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Herbert Xu <herbert@gondor.apana.org.au>
cc: keyrings@vger.kernel.org
cc: linux-crypto@vger.kernel.org
Link: https://lore.kernel.org/r/165515742145.1554877.13488098107542537203.stgit@warthog.procyon.org.uk/
+17
-22
+2
-2
certs/Makefile
+2
-2
certs/Makefile
···
3
3
# Makefile for the linux kernel signature checking certificates.
4
4
#
5
5
6
-
obj-$(CONFIG_SYSTEM_TRUSTED_KEYRING) += system_keyring.o system_certificates.o common.o
7
-
obj-$(CONFIG_SYSTEM_BLACKLIST_KEYRING) += blacklist.o common.o
6
+
obj-$(CONFIG_SYSTEM_TRUSTED_KEYRING) += system_keyring.o system_certificates.o
7
+
obj-$(CONFIG_SYSTEM_BLACKLIST_KEYRING) += blacklist.o
8
8
obj-$(CONFIG_SYSTEM_REVOCATION_LIST) += revocation_certificates.o
9
9
ifneq ($(CONFIG_SYSTEM_BLACKLIST_HASH_LIST),)
10
10
quiet_cmd_check_blacklist_hashes = CHECK $(patsubst "%",%,$(2))
+4
-4
certs/blacklist.c
+4
-4
certs/blacklist.c
···
15
15
#include <linux/err.h>
16
16
#include <linux/seq_file.h>
17
17
#include <linux/uidgid.h>
18
-
#include <linux/verification.h>
18
+
#include <keys/asymmetric-type.h>
19
19
#include <keys/system_keyring.h>
20
20
#include "blacklist.h"
21
-
#include "common.h"
22
21
23
22
/*
24
23
* According to crypto/asymmetric_keys/x509_cert_parser.c:x509_note_pkey_algo(),
···
364
365
if (revocation_certificate_list_size)
365
366
pr_notice("Loading compiled-in revocation X.509 certificates\n");
366
367
367
-
return load_certificate_list(revocation_certificate_list, revocation_certificate_list_size,
368
-
blacklist_keyring);
368
+
return x509_load_certificate_list(revocation_certificate_list,
369
+
revocation_certificate_list_size,
370
+
blacklist_keyring);
369
371
}
370
372
late_initcall(load_revocation_certificate_list);
371
373
#endif
+4
-4
certs/common.c
crypto/asymmetric_keys/x509_loader.c
+4
-4
certs/common.c
crypto/asymmetric_keys/x509_loader.c
···
2
2
3
3
#include <linux/kernel.h>
4
4
#include <linux/key.h>
5
-
#include "common.h"
5
+
#include <keys/asymmetric-type.h>
6
6
7
-
int load_certificate_list(const u8 cert_list[],
8
-
const unsigned long list_size,
9
-
const struct key *keyring)
7
+
int x509_load_certificate_list(const u8 cert_list[],
8
+
const unsigned long list_size,
9
+
const struct key *keyring)
10
10
{
11
11
key_ref_t key;
12
12
const u8 *p, *end;
-9
certs/common.h
-9
certs/common.h
+3
-3
certs/system_keyring.c
+3
-3
certs/system_keyring.c
···
16
16
#include <keys/asymmetric-type.h>
17
17
#include <keys/system_keyring.h>
18
18
#include <crypto/pkcs7.h>
19
-
#include "common.h"
20
19
21
20
static struct key *builtin_trusted_keys;
22
21
#ifdef CONFIG_SECONDARY_TRUSTED_KEYRING
···
182
183
183
184
pr_notice("Loading compiled-in module X.509 certificates\n");
184
185
185
-
return load_certificate_list(system_certificate_list, module_cert_size, keyring);
186
+
return x509_load_certificate_list(system_certificate_list,
187
+
module_cert_size, keyring);
186
188
}
187
189
188
190
/*
···
204
204
size = system_certificate_list_size - module_cert_size;
205
205
#endif
206
206
207
-
return load_certificate_list(p, size, builtin_trusted_keys);
207
+
return x509_load_certificate_list(p, size, builtin_trusted_keys);
208
208
}
209
209
late_initcall(load_system_certificate_list);
210
210
+1
crypto/asymmetric_keys/Makefile
+1
crypto/asymmetric_keys/Makefile
+3
include/keys/asymmetric-type.h
+3
include/keys/asymmetric-type.h