evmctl: Fix signature verification code for V2 digital signature

For V2 of digital signature we store signature at hdr->sig and not at
hdr->sig + 2. That's the property of V1 of signature.

Fix the verification code otherwise it fails with following message.

RSA_public_decrypt() failed: -1
error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is not 01
error:04067072:rsa routines:RSA_EAY_PUBLIC_DECRYPT:padding check failed

Signed-off-by: Vivek Goyal <vgoyal@redhat.com>

diff --git a/src/evmctl.c b/src/evmctl.c
index b261a79..d0f75ac 100644 (file)
--- a/src/evmctl.c
+++ b/src/evmctl.c
@@ -1141,7 +1141,7 @@ static int verify_hash_v2(const unsigned char *hash, int size, unsigned char *si
        if (!key)
                return 1;
 
-       err = RSA_public_decrypt(siglen - sizeof(*hdr) - 2, sig + sizeof(*hdr) + 2, out, key, RSA_PKCS1_PADDING);
+       err = RSA_public_decrypt(siglen - sizeof(*hdr), sig + sizeof(*hdr), out, key, RSA_PKCS1_PADDING);
        RSA_free(key);
        if (err < 0) {
                log_err("RSA_public_decrypt() failed: %d\n", err);