Use user supplied key in verify_hash for DIGSIG_VERSION_1.
Otherwise v1 signatures don't pass verification.
Signed-off-by: Vitaly Chikunov <vt@xxxxxxxxxxxx>
---
src/libimaevm.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/libimaevm.c b/src/libimaevm.c
index a582872..97f193e 100644
--- a/src/libimaevm.c
+++ b/src/libimaevm.c
@@ -612,6 +612,8 @@ int verify_hash(const char *file, const unsigned char *hash, int size, unsigned
/* Read pubkey from RSA key */
if (!imaevm_params.keyfile)
key = "/etc/keys/pubkey_evm.pem";
+ else
+ key = imaevm_params.keyfile;
return verify_hash_v1(file, hash, size, sig, siglen, key);
} else if (sig[0] == DIGSIG_VERSION_2) {
return verify_hash_v2(file, hash, size, sig, siglen);
--
2.11.0
