1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
|
--- a/compat/verification/pkcs7_trust.c
+++ b/compat/verification/pkcs7_trust.c
@@ -116,7 +116,7 @@ static int pkcs7_validate_trust_one(stru
return -ENOKEY;
matched:
- ret = verify_signature(key, sig);
+ ret = public_key_verify_signature(key->public_key, sig);
key_put(key);
if (ret < 0) {
if (ret == -ENOMEM)
--- a/compat/verification/x509_public_key.c
+++ b/compat/verification/x509_public_key.c
@@ -13,11 +13,11 @@
#include <linux/module.h>
#include <linux/kernel.h>
#include <linux/slab.h>
+#if LINUX_VERSION_IS_LESS(3,17,0)
+#include <linux/err.h>
+#endif
-#include <keys/asymmetric-subtype.h>
-#include <keys/asymmetric-parser.h>
#include <keys/system_keyring.h>
#include <crypto/hash.h>
-#include "asymmetric_keys.h"
#include "x509_parser.h"
/*
@@ -155,6 +152,7 @@ not_self_signed:
return 0;
}
+#if 0
/*
* Attempt to parse a data blob for a key as an X509 certificate.
*/
@@ -273,3 +271,4 @@ module_exit(x509_key_exit);
MODULE_DESCRIPTION("X.509 certificate parser");
MODULE_AUTHOR("Red Hat, Inc.");
MODULE_LICENSE("GPL");
+#endif
--- a/include/crypto/pkcs7.h
+++ b/include/crypto/pkcs7.h
@@ -2,5 +2,10 @@
#ifndef CPTCFG_BPAUTO_PKCS7
#include_next <crypto/pkcs7.h>
#else
+#define pkcs7_verify LINUX_BACKPORT(pkcs7_verify)
+#define pkcs7_get_content_data LINUX_BACKPORT(pkcs7_get_content_data)
+#define pkcs7_parse_message LINUX_BACKPORT(pkcs7_parse_message)
+#define pkcs7_free_message LINUX_BACKPORT(pkcs7_free_message)
+#define pkcs7_validate_trust LINUX_BACKPORT(pkcs7_validate_trust)
#include <crypto/backport-pkcs7.h>
#endif /* CPTCFG_BPAUTO_PKCS7 */
--- a/compat/verification/x509_parser.h
+++ b/compat/verification/x509_parser.h
@@ -13,6 +13,10 @@
#include <crypto/public_key.h>
#include <keys/asymmetric-type.h>
+#define x509_decode_time LINUX_BACKPORT(x509_decode_time)
+#define x509_cert_parse LINUX_BACKPORT(x509_cert_parse)
+#define x509_free_certificate LINUX_BACKPORT(x509_free_certificate)
+
struct x509_certificate {
struct x509_certificate *next;
struct x509_certificate *signer; /* Certificate that signed this one */
--- a/include/crypto/backport-public_key.h
+++ b/include/crypto/backport-public_key.h
@@ -46,27 +46,6 @@ extern void public_key_signature_free(st
extern struct asymmetric_key_subtype public_key_subtype;
-struct key;
-struct key_type;
-union key_payload;
-
-extern int restrict_link_by_signature(struct key *dest_keyring,
- const struct key_type *type,
- const union key_payload *payload,
- struct key *trust_keyring);
-
-extern int restrict_link_by_key_or_keyring(struct key *dest_keyring,
- const struct key_type *type,
- const union key_payload *payload,
- struct key *trusted);
-
-extern int restrict_link_by_key_or_keyring_chain(struct key *trust_keyring,
- const struct key_type *type,
- const union key_payload *payload,
- struct key *trusted);
-
-extern int verify_signature(const struct key *key,
- const struct public_key_signature *sig);
int public_key_verify_signature(const struct public_key *pkey,
const struct public_key_signature *sig);
|
