Change the call to mbedtls_pk_verify_ext in pkcs7 to have a variable input cert->sig_pk

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
2026-03-20 11:11:08 +01:00 · 2025-10-30 13:37:09 +00:00
parent bc076f9f76
commit 4565d5d4e6
1 changed files with 1 additions and 1 deletions
--- a/library/pkcs7.c
+++ b/library/pkcs7.c
@@ -704,7 +704,7 @@ static int mbedtls_pkcs7_data_or_hash_verify(mbedtls_pkcs7 *pkcs7,
     * failed to validate'.
     */
    for (signer = &pkcs7->signed_data.signers; signer; signer = signer->next) {
-        ret = mbedtls_pk_verify_ext(MBEDTLS_PK_SIGALG_RSA_PKCS1V15, &pk_cxt, md_alg, hash,
+        ret = mbedtls_pk_verify_ext(cert->sig_pk, &pk_cxt, md_alg, hash,
                                    mbedtls_md_get_size(md_info),
                                    signer->sig.p, signer->sig.len);