Home Explore Help
Sign In
GfA
/
linux_kernel
5
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

X.509: Use verify_signature() if we have a struct key * to use

We should call verify_signature() rather than directly calling
public_key_verify_signature() if we have a struct key to use as we
shouldn't be poking around in the private data of the key struct as that's
subtype dependent.

Signed-off-by: David Howells <dhowells@redhat.com>
David Howells 9 years ago
parent
9eb029893a
commit
5f7f5c81e5
1 changed files with 1 additions and 2 deletions
Unified View Show Diff Stats
  1. 1 2
      crypto/asymmetric_keys/x509_public_key.c

+ 1 - 2
crypto/asymmetric_keys/x509_public_key.c
View File 

@@ -220,8 +220,7 @@ static int x509_validate_trust(struct x509_certificate *cert,
 
 
 
 	if (!use_builtin_keys ||
 
 	if (!use_builtin_keys ||
 
 	    test_bit(KEY_FLAG_BUILTIN, &key->flags)) {
 
 	    test_bit(KEY_FLAG_BUILTIN, &key->flags)) {
 
-		ret = public_key_verify_signature(
 
-			key->payload.data[asym_crypto], cert->sig);
 
+		ret = verify_signature(key, cert->sig);
 
 		if (ret == -ENOPKG)
 
 		if (ret == -ENOPKG)
 
 			cert->unsupported_sig = true;
 
 			cert->unsupported_sig = true;
 
 	}
 
 	}