 3be4beaf7c
			
		
	
	
	3be4beaf7c
	
	
	
		
			
			Only public keys, with certificates signed by an existing 'trusted' key on the system trusted keyring, should be added to a trusted keyring. This patch adds support for verifying a certificate's signature. This is derived from David Howells pkcs7_request_asymmetric_key() patch. Changelog v6: - on error free key - Dmitry - validate trust only for not already trusted keys - Dmitry - formatting cleanup Changelog: - define get_system_trusted_keyring() to fix kbuild issues Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com> Signed-off-by: David Howells <dhowells@redhat.com> Acked-by: Dmitry Kasatkin <dmitry.kasatkin@gmail.com>
		
			
				
	
	
		
			31 lines
		
	
	
	
		
			810 B
			
		
	
	
	
		
			C
		
	
	
	
	
	
			
		
		
	
	
			31 lines
		
	
	
	
		
			810 B
			
		
	
	
	
		
			C
		
	
	
	
	
	
| /* System keyring containing trusted public keys.
 | |
|  *
 | |
|  * Copyright (C) 2013 Red Hat, Inc. All Rights Reserved.
 | |
|  * Written by David Howells (dhowells@redhat.com)
 | |
|  *
 | |
|  * This program is free software; you can redistribute it and/or
 | |
|  * modify it under the terms of the GNU General Public Licence
 | |
|  * as published by the Free Software Foundation; either version
 | |
|  * 2 of the Licence, or (at your option) any later version.
 | |
|  */
 | |
| 
 | |
| #ifndef _KEYS_SYSTEM_KEYRING_H
 | |
| #define _KEYS_SYSTEM_KEYRING_H
 | |
| 
 | |
| #ifdef CONFIG_SYSTEM_TRUSTED_KEYRING
 | |
| 
 | |
| #include <linux/key.h>
 | |
| 
 | |
| extern struct key *system_trusted_keyring;
 | |
| static inline struct key *get_system_trusted_keyring(void)
 | |
| {
 | |
| 	return system_trusted_keyring;
 | |
| }
 | |
| #else
 | |
| static inline struct key *get_system_trusted_keyring(void)
 | |
| {
 | |
| 	return NULL;
 | |
| }
 | |
| #endif
 | |
| 
 | |
| #endif /* _KEYS_SYSTEM_KEYRING_H */
 |