lib/security: Fix broken if statements in gpg_validate_boot_files()
authorSamuel Mendoza-Jonas <sam@mendozajonas.com>
Mon, 19 Mar 2018 23:49:32 +0000 (10:49 +1100)
committerSamuel Mendoza-Jonas <sam@mendozajonas.com>
Fri, 23 Mar 2018 00:39:35 +0000 (11:39 +1100)
commit3dfa4123bdf987aaa0e4bfd73d436c6bab0184ce
treed6a75c0bcb855b0851d6b9b82a3c45e935f5b869
parentabf92c05c31955333719f1a83cffb0d0d194c770
lib/security: Fix broken if statements in gpg_validate_boot_files()

The patch ccb478ac "Add encrypted file support" removes two
result = KEXEC_LOAD_SIGNATURE_FAILURE;
statements from after the `if (verify_file_signature)` lines for the
kernel and cmdline signatures. This appears to have been a mistake that
snuck through testing, and would allow incorrect signatures to pass
validation.

Also fix up some confusing indenting in the decryption section.

Reported-by: Brett Grandbois <brett.grandbois@opengear.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
lib/security/gpg.c