[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20160309111857.28811.33291.stgit@warthog.procyon.org.uk>
Date: Wed, 09 Mar 2016 11:18:57 +0000
From: David Howells <dhowells@...hat.com>
To: zohar@...ux.vnet.ibm.com
Cc: dhowells@...hat.com, linux-security-module@...r.kernel.org,
keyrings@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: [RFC PATCH 06/12] X.509: Use verify_signature() if we have a struct
key * to use [ver #3]
We should call verify_signature() rather than directly calling
public_key_verify_signature() if we have a struct key to use as we
shouldn't be poking around in the private data of the key struct as that's
subtype dependent.
Signed-off-by: David Howells <dhowells@...hat.com>
---
crypto/asymmetric_keys/x509_public_key.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/crypto/asymmetric_keys/x509_public_key.c b/crypto/asymmetric_keys/x509_public_key.c
index 9c8483ef1cfe..117a6ee71a4d 100644
--- a/crypto/asymmetric_keys/x509_public_key.c
+++ b/crypto/asymmetric_keys/x509_public_key.c
@@ -220,8 +220,7 @@ static int x509_validate_trust(struct x509_certificate *cert,
if (!use_builtin_keys ||
test_bit(KEY_FLAG_BUILTIN, &key->flags)) {
- ret = public_key_verify_signature(
- key->payload.data[asym_crypto], cert->sig);
+ ret = verify_signature(key, cert->sig);
if (ret == -ENOPKG)
cert->unsupported_sig = true;
}
Powered by blists - more mailing lists