From 4565d5d4e613ed412d2a2235c2c4d2fa84ef69bd Mon Sep 17 00:00:00 2001
From: Ben Taylor <ben.taylor@linaro.org>
Date: Thu, 30 Oct 2025 13:37:09 +0000
Subject: [PATCH] Change the call to mbedtls_pk_verify_ext in pkcs7 to have a
 variable input cert->sig_pk

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
---
 library/pkcs7.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/library/pkcs7.c b/library/pkcs7.c
index 10d008a923..2cc7812bf0 100644
--- a/library/pkcs7.c
+++ b/library/pkcs7.c
@@ -704,7 +704,7 @@ static int mbedtls_pkcs7_data_or_hash_verify(mbedtls_pkcs7 *pkcs7,
      * failed to validate'.
      */
     for (signer = &pkcs7->signed_data.signers; signer; signer = signer->next) {
-        ret = mbedtls_pk_verify_ext(MBEDTLS_PK_SIGALG_RSA_PKCS1V15, &pk_cxt, md_alg, hash,
+        ret = mbedtls_pk_verify_ext(cert->sig_pk, &pk_cxt, md_alg, hash,
                                     mbedtls_md_get_size(md_info),
                                     signer->sig.p, signer->sig.len);