certs: Move load_certificate_list() to be with the asymmetric keys code (60050ffe) · Commits · EulixOS / Software / Kernel

certs/Makefile

+2 −2

Original line number	Diff line number	Diff line
		@@ -3,8 +3,8 @@
		# Makefile for the linux kernel signature checking certificates.
		#

		obj-$(CONFIG_SYSTEM_TRUSTED_KEYRING) += system_keyring.o system_certificates.o common.o
		obj-$(CONFIG_SYSTEM_BLACKLIST_KEYRING) += blacklist.o common.o
		obj-$(CONFIG_SYSTEM_TRUSTED_KEYRING) += system_keyring.o system_certificates.o
		obj-$(CONFIG_SYSTEM_BLACKLIST_KEYRING) += blacklist.o
		obj-$(CONFIG_SYSTEM_REVOCATION_LIST) += revocation_certificates.o
		ifneq ($(CONFIG_SYSTEM_BLACKLIST_HASH_LIST),)
		quiet_cmd_check_blacklist_hashes = CHECK $(patsubst "%",%,$(2))

+4 −4

Original line number	Diff line number	Diff line
		@@ -15,10 +15,9 @@
		#include <linux/err.h>
		#include <linux/seq_file.h>
		#include <linux/uidgid.h>
		#include <linux/verification.h>
		#include <keys/asymmetric-type.h>
		#include <keys/system_keyring.h>
		#include "blacklist.h"
		#include "common.h"

		/*
		* According to crypto/asymmetric_keys/x509_cert_parser.c:x509_note_pkey_algo(),
		@@ -365,7 +364,8 @@ static __init int load_revocation_certificate_list(void)
		if (revocation_certificate_list_size)
		pr_notice("Loading compiled-in revocation X.509 certificates\n");

		return load_certificate_list(revocation_certificate_list, revocation_certificate_list_size,
		return x509_load_certificate_list(revocation_certificate_list,
		revocation_certificate_list_size,
		blacklist_keyring);
		}
		late_initcall(load_revocation_certificate_list);

deleted100644 → 0

+0 −9

Original line number	Diff line number	Diff line
		/* SPDX-License-Identifier: GPL-2.0-or-later */

		#ifndef _CERT_COMMON_H
		#define _CERT_COMMON_H

		int load_certificate_list(const u8 cert_list[], const unsigned long list_size,
		const struct key *keyring);

		#endif

+3 −3

Original line number	Diff line number	Diff line
		@@ -16,7 +16,6 @@
		#include <keys/asymmetric-type.h>
		#include <keys/system_keyring.h>
		#include <crypto/pkcs7.h>
		#include "common.h"

		static struct key *builtin_trusted_keys;
		#ifdef CONFIG_SECONDARY_TRUSTED_KEYRING
		@@ -183,7 +182,8 @@ __init int load_module_cert(struct key *keyring)

		pr_notice("Loading compiled-in module X.509 certificates\n");

		return load_certificate_list(system_certificate_list, module_cert_size, keyring);
		return x509_load_certificate_list(system_certificate_list,
		module_cert_size, keyring);
		}

		/*
		@@ -204,7 +204,7 @@ static __init int load_system_certificate_list(void)
		size = system_certificate_list_size - module_cert_size;
		#endif

		return load_certificate_list(p, size, builtin_trusted_keys);
		return x509_load_certificate_list(p, size, builtin_trusted_keys);
		}
		late_initcall(load_system_certificate_list);

+1 −0