Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 5f7f5c81 authored by David Howells's avatar David Howells
Browse files

X.509: Use verify_signature() if we have a struct key * to use 



We should call verify_signature() rather than directly calling
public_key_verify_signature() if we have a struct key to use as we
shouldn't be poking around in the private data of the key struct as that's
subtype dependent.

Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
parent 9eb02989

crypto/asymmetric_keys/x509_public_key.c

+1 −2
Original line number Diff line number Diff line
@@ -220,8 +220,7 @@ static int x509_validate_trust(struct x509_certificate *cert, 


	if (!use_builtin_keys ||

	    test_bit(KEY_FLAG_BUILTIN, &key->flags)) {

		ret = public_key_verify_signature(

			key->payload.data[asym_crypto], cert->sig);

		ret = verify_signature(key, cert->sig);

		if (ret == -ENOPKG)

			cert->unsupported_sig = true;

	}