diff --git a/keylime-agent/src/crypto.rs b/keylime-agent/src/crypto.rs index b38d7d73..4cec68ae 100644 --- a/keylime-agent/src/crypto.rs +++ b/keylime-agent/src/crypto.rs @@ -94,7 +94,7 @@ pub(crate) fn check_x509_key( cert: &X509, tpm_key: tss_esapi::structures::Public, ) -> Result { - // Id:RSA_PSS only added in rust-openssl from v0.10.59 + // Id:RSA_PSS only added in rust-openssl from v0.10.59; remove this let and use Id::RSA_PSS after update // Id taken from https://boringssl.googlesource.com/boringssl/+/refs/heads/master/include/openssl/nid.h#4039 let id_rsa_pss: Id = Id::from_raw(912); match cert @@ -114,7 +114,7 @@ pub(crate) fn check_x509_key( Ok(key_der_str.contains(&cert_n_str)) } - id_rsa_pss => { + cert_id if cert_id == id_rsa_pss => { let cert_n = cert.public_key().unwrap().rsa().unwrap().n().to_vec(); //#[allow_ci] let mut cert_n_str = format!("{:?}", cert_n);