Replace magic for trusting the secondary keyring with #define

commit 817aef260037f33ee0f44c17fe341323d3aebd6d upstream. Replace the use of a magic number that indicates that verify_*_signature() should use the secondary keyring with a symbol. Signed-off-by: Yannik Sembritzki <yannik@sembritzki.me> Signed-off-by: David Howells <dhowells@redhat.com> Cc: keyrings@vger.kernel.org Cc: linux-security-module@vger.kernel.org Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
author: Yannik Sembritzki <yannik@sembritzki.me> 2018-08-16 14:05:10 +0100
committer: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2018-09-09 20:01:23 +0200
commit: 40b08cdac9ae0877dd39d2dcfe2f8c7c68c8ce59 (patch)
tree: 35961b0d837b1c0e3a0641c49dbfb0b305a1b7c9 /certs
parent: ba99ff79ac84a768cc9163897ec6b616bd14858f (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/certs/system_keyring.c b/certs/system_keyring.c
index 50979d6dcecd..247665054691 100644
--- a/certs/system_keyring.c
+++ b/certs/system_keyring.c
@@ -14,6 +14,7 @@
 #include <linux/sched.h>
 #include <linux/cred.h>
 #include <linux/err.h>
+#include <linux/verification.h>
 #include <keys/asymmetric-type.h>
 #include <keys/system_keyring.h>
 #include <crypto/pkcs7.h>
@@ -207,7 +208,7 @@ int verify_pkcs7_signature(const void *data, size_t len,
 
 	if (!trusted_keys) {
 		trusted_keys = builtin_trusted_keys;
-	} else if (trusted_keys == (void *)1UL) {
+	} else if (trusted_keys == VERIFY_USE_SECONDARY_KEYRING) {
 #ifdef CONFIG_SECONDARY_TRUSTED_KEYRING
 		trusted_keys = secondary_trusted_keys;
 #else
author	Yannik Sembritzki <yannik@sembritzki.me>	2018-08-16 14:05:10 +0100
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2018-09-09 20:01:23 +0200
commit	40b08cdac9ae0877dd39d2dcfe2f8c7c68c8ce59 (patch)
tree	35961b0d837b1c0e3a0641c49dbfb0b305a1b7c9 /certs
parent	ba99ff79ac84a768cc9163897ec6b616bd14858f (diff)