X.509: Use verify_signature() if we have a struct key * to use

dhowells · dhowells · commit 5f7f5c81e59b · 2016-04-11T22:42:27.000+01:00
We should call verify_signature() rather than directly calling
public_key_verify_signature() if we have a struct key to use as we
shouldn't be poking around in the private data of the key struct as that's
subtype dependent.

Signed-off-by: David Howells &lt;dhowells@redhat.com&gt;
diff --git a/crypto/asymmetric_keys/x509_public_key.c b/crypto/asymmetric_keys/x509_public_key.c
@@ -220,8 +220,7 @@ static int x509_validate_trust(struct x509_certificate *cert,
 
 	if (!use_builtin_keys ||
 	    test_bit(KEY_FLAG_BUILTIN, &key->flags)) {
-		ret = public_key_verify_signature(
-			key->payload.data[asym_crypto], cert->sig);
+		ret = verify_signature(key, cert->sig);
 		if (ret == -ENOPKG)
 			cert->unsupported_sig = true;
 	}

Original file line number	Diff line number	Diff line change
`@@ -220,8 +220,7 @@ static int x509_validate_trust(struct x509_certificate *cert,`
`220`	`220`
`221`	`221`	`if (!use_builtin_keys \|\|`
`222`	`222`	`test_bit(KEY_FLAG_BUILTIN, &key->flags)) {`
`223`		`- ret = public_key_verify_signature(`
`224`		`- key->payload.data[asym_crypto], cert->sig);`
	`223`	`+ ret = verify_signature(key, cert->sig);`
`225`	`224`	`if (ret == -ENOPKG)`
`226`	`225`	`cert->unsupported_sig = true;`
`227`	`226`	`}`