forked from Minki/linux
X.509: Use verify_signature() if we have a struct key * to use
We should call verify_signature() rather than directly calling public_key_verify_signature() if we have a struct key to use as we shouldn't be poking around in the private data of the key struct as that's subtype dependent. Signed-off-by: David Howells <dhowells@redhat.com>
This commit is contained in:
parent
9eb029893a
commit
5f7f5c81e5
@ -220,8 +220,7 @@ static int x509_validate_trust(struct x509_certificate *cert,
|
||||
|
||||
if (!use_builtin_keys ||
|
||||
test_bit(KEY_FLAG_BUILTIN, &key->flags)) {
|
||||
ret = public_key_verify_signature(
|
||||
key->payload.data[asym_crypto], cert->sig);
|
||||
ret = verify_signature(key, cert->sig);
|
||||
if (ret == -ENOPKG)
|
||||
cert->unsupported_sig = true;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user