[PATCH v2] certs: Add EFI_CERT_X509_GUID support for dbx entries
Randy Dunlap
rdunlap at infradead.org
Wed Sep 9 17:40:31 UTC 2020
On 9/9/20 10:27 AM, Eric Snowberg wrote:
> diff --git a/include/crypto/pkcs7.h b/include/crypto/pkcs7.h
> index 38ec7f5f9041..d8f2e0fdfbf4 100644
> --- a/include/crypto/pkcs7.h
> +++ b/include/crypto/pkcs7.h
> @@ -26,11 +26,19 @@ extern int pkcs7_get_content_data(const struct pkcs7_message *pkcs7,
> const void **_data, size_t *_datalen,
> size_t *_headerlen);
>
> +#ifdef CONFIG_PKCS7_MESSAGE_PARSER
> /*
> * pkcs7_trust.c
> */
> extern int pkcs7_validate_trust(struct pkcs7_message *pkcs7,
> struct key *trust_keyring);
> +#else
> +static inline int pkcs7_validate_trust(struct pkcs7_message *pkcs7,
> + struct key *trust_keyring)
> +{
> + return -ENOKEY;
> +}
> +#endif
Just to be clear, you want to do the #else block when
CONFIG_PKCS7_MESSAGE_PARSER=m. Is that correct?
If so, it might be clearer to use
#if IS_BUILTIN(CONFIG_PKCS7_MESSAGE_PARSER)
--
~Randy
More information about the Linux-security-module-archive
mailing list