X.509: Use verify_signature() if we have a struct key * to use

We should call verify_signature() rather than directly calling public_key_verify_signature() if we have a struct key to use as we shouldn't be poking around in the private data of the key struct as that's subtype dependent. Signed-off-by: David Howells <dhowells@redhat.com>

X.509: Use verify_signature() if we have a struct key * to use
We should call verify_signature() rather than directly calling public_key_verify_signature() if we have a struct key to use as we shouldn't be poking around in the private data of the key struct as that's subtype dependent. Signed-off-by: David Howells <dhowells@redhat.com>
5f7f5c81 · David Howells · 9eb02989 · 5f7f5c81
Commit 5f7f5c81 authored Apr 06, 2016 by David Howells
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 2 deletions

crypto/asymmetric_keys/x509_public_key.c crypto/asymmetric_keys/x509_public_key.c +1 -2

No files found.
--- a/crypto/asymmetric_keys/x509_public_key.c
+++ b/crypto/asymmetric_keys/x509_public_key.c
@@ -220,8 +220,7 @@ static int x509_validate_trust(struct x509_certificate *cert,

 	if (!use_builtin_keys ||
 	    test_bit(KEY_FLAG_BUILTIN, &key->flags)) {
-		ret = public_key_verify_signature(
-			key->payload.data[asym_crypto], cert->sig);
+		ret = verify_signature(key, cert->sig);
 		if (ret == -ENOPKG)
 			cert->unsupported_sig = true;
 	}