Commit 5f7f5c81 authored by David Howells's avatar David Howells

X.509: Use verify_signature() if we have a struct key * to use

We should call verify_signature() rather than directly calling
public_key_verify_signature() if we have a struct key to use as we
shouldn't be poking around in the private data of the key struct as that's
subtype dependent.
Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
parent 9eb02989
...@@ -220,8 +220,7 @@ static int x509_validate_trust(struct x509_certificate *cert, ...@@ -220,8 +220,7 @@ static int x509_validate_trust(struct x509_certificate *cert,
if (!use_builtin_keys || if (!use_builtin_keys ||
test_bit(KEY_FLAG_BUILTIN, &key->flags)) { test_bit(KEY_FLAG_BUILTIN, &key->flags)) {
ret = public_key_verify_signature( ret = verify_signature(key, cert->sig);
key->payload.data[asym_crypto], cert->sig);
if (ret == -ENOPKG) if (ret == -ENOPKG)
cert->unsupported_sig = true; cert->unsupported_sig = true;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment