Linux Kernels

X.509: Use verify_signature() if we have a struct key * to use

This change “X.509: Use verify_signature() if we have a struct key * to use” (commit 5f7f5c8) in Linux kernel is authored by David Howells <dhowells [at] redhat.com> on Wed Apr 6 16:14:25 2016 +0100.

Description of "X.509: Use verify_signature() if we have a struct key * to use"

The change “X.509: Use verify_signature() if we have a struct key * to use” introduces changes as follows.

X.509: Use verify_signature() if we have a struct key * to use

We should call verify_signature() rather than directly calling
public_key_verify_signature() if we have a struct key to use as we
shouldn't be poking around in the private data of the key struct as that's
subtype dependent.

Signed-off-by: David Howells <dhowells@redhat.com>

Linux kernel releases containing commit 5f7f5c8

The Linux kernel releases containing this commit are as follows.

Linux kernel code changes from "X.509: Use verify_signature() if we have a struct key * to use"

There are 3 lines of Linux source code added/deleted in this change. Code changes to Linux kernel are as follows.

 crypto/asymmetric_keys/x509_public_key.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)
 
diff --git a/crypto/asymmetric_keys/x509_public_key.c b/crypto/asymmetric_keys/x509_public_key.c
index 9c8483ef1cfe..117a6ee71a4d 100644
--- a/crypto/asymmetric_keys/x509_public_key.c
+++ b/crypto/asymmetric_keys/x509_public_key.c
@@ -220,8 +220,7 @@ static int x509_validate_trust(struct x509_certificate *cert,
 
 	if (!use_builtin_keys ||
 	    test_bit(KEY_FLAG_BUILTIN, &key->flags)) {
-		ret = public_key_verify_signature(
-			key->payload.data[asym_crypto], cert->sig);
+		ret = verify_signature(key, cert->sig);
 		if (ret == -ENOPKG)
 			cert->unsupported_sig = true;
 	}

The commit for this change in Linux stable tree is 5f7f5c8 (patch).

Last modified: 2020/01/11 09:45