From 90811cc0df4f32fbf9e5389cca15813e2f6395cb Mon Sep 17 00:00:00 2001
From: Sergio Correia <scorreia@redhat.com>
Date: Fri, 3 Jun 2022 22:01:15 -0300
Subject: [PATCH 1/5] Improve error handling when doing signature verification

This makes verify_signature_from_file() more consistent in that it will
always raise an exception informing the signature verification failed,
when this situation happens.

As it is, verify_signature() can raise a few different exceptions, and
those were not handled by verify_signature_from_file().

Signed-off-by: Sergio Correia <scorreia@redhat.com>
---
 keylime/signing.py | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/keylime/signing.py b/keylime/signing.py
index 71f8be0..1353c1e 100644
--- a/keylime/signing.py
+++ b/keylime/signing.py
@@ -30,7 +30,13 @@ def verify_signature_from_file(key_file, filename, sig_file, file_description):
     with open(filename, "rb") as file_f:
         file = file_f.read()
 
-    if verify_signature(key, sig, file):
+    verified = False
+    try:
+        verified = verify_signature(key, sig, file)
+    except Exception as e:
+        logger.warning("Unable to verify signature: %s", e)
+
+    if verified:
         logger.debug("%s passed signature verification", file_description.capitalize())
     else:
         raise Exception(
-- 
2.35.1