[PATCH v2] certs: Add EFI_CERT_X509_GUID support for dbx entries

Randy Dunlap rdunlap at infradead.org
Wed Sep 9 17:40:31 UTC 2020


On 9/9/20 10:27 AM, Eric Snowberg wrote:
> diff --git a/include/crypto/pkcs7.h b/include/crypto/pkcs7.h
> index 38ec7f5f9041..d8f2e0fdfbf4 100644
> --- a/include/crypto/pkcs7.h
> +++ b/include/crypto/pkcs7.h
> @@ -26,11 +26,19 @@ extern int pkcs7_get_content_data(const struct pkcs7_message *pkcs7,
>  				  const void **_data, size_t *_datalen,
>  				  size_t *_headerlen);
>  
> +#ifdef CONFIG_PKCS7_MESSAGE_PARSER
>  /*
>   * pkcs7_trust.c
>   */
>  extern int pkcs7_validate_trust(struct pkcs7_message *pkcs7,
>  				struct key *trust_keyring);
> +#else
> +static inline int pkcs7_validate_trust(struct pkcs7_message *pkcs7,
> +				       struct key *trust_keyring)
> +{
> +	return -ENOKEY;
> +}
> +#endif

Just to be clear, you want to do the #else block when
CONFIG_PKCS7_MESSAGE_PARSER=m.  Is that correct?

If so, it might be clearer to use

#if IS_BUILTIN(CONFIG_PKCS7_MESSAGE_PARSER)


-- 
~Randy



More information about the Linux-security-module-archive mailing list