diff options
author | Daniel Axtens <dja@axtens.net> | 2021-06-21 18:26:37 +1000 |
---|---|---|
committer | Vasant Hegde <hegdevasant@linux.vnet.ibm.com> | 2021-07-27 15:58:50 +0530 |
commit | b539bd76ca36cc0b1149fdf1db33db383597ee1f (patch) | |
tree | 2928201d6b3352219a5d356b3d78d8f2b2050331 /libstb/secvar | |
parent | d8e13853e506e00713d15fa5e23457ba21a16829 (diff) | |
download | skiboot-b539bd76ca36cc0b1149fdf1db33db383597ee1f.zip skiboot-b539bd76ca36cc0b1149fdf1db33db383597ee1f.tar.gz skiboot-b539bd76ca36cc0b1149fdf1db33db383597ee1f.tar.bz2 |
secvar/backend: rename verify_signature parameters
verify_signature() currently takes newcert and new_data_len. However,
these variables are used only as parameters to
mbedtls_pkcs7_signed_hash_verify() where they represent a hash value
and the length of the hash value.
verify_signature() is static, and the only caller of the function is
process_update(). process_update() passes in tbhbuffer and tbhbuffersize.
Those are unfortunate names too - because the data that process_update()
passes in is not a to-be-hashed buffer, but a hash. We'll fix that later.
Call the parameters hash and hash_len.
Signed-off-by: Daniel Axtens <dja@axtens.net>
Reviewed-by: Nick Child <nick.child@ibm.com>
Tested-by: Nick Child <nick.child@ibm.com>
Signed-off-by: Vasant Hegde <hegdevasant@linux.vnet.ibm.com>
Diffstat (limited to 'libstb/secvar')
-rw-r--r-- | libstb/secvar/backend/edk2-compat-process.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/libstb/secvar/backend/edk2-compat-process.c b/libstb/secvar/backend/edk2-compat-process.c index 9d0c56f..541ff5a 100644 --- a/libstb/secvar/backend/edk2-compat-process.c +++ b/libstb/secvar/backend/edk2-compat-process.c @@ -469,7 +469,7 @@ out: /* Verify the PKCS7 signature on the signed data. */ static int verify_signature(const struct efi_variable_authentication_2 *auth, - const char *newcert, const size_t new_data_size, + const char *hash, const size_t hash_len, const struct secvar *avar) { mbedtls_pkcs7 *pkcs7 = NULL; @@ -571,7 +571,7 @@ static int verify_signature(const struct efi_variable_authentication_2 *auth, free(x509_buf); x509_buf = NULL; - rc = mbedtls_pkcs7_signed_hash_verify(pkcs7, &x509, newcert, new_data_size); + rc = mbedtls_pkcs7_signed_hash_verify(pkcs7, &x509, hash, hash_len); /* If you find a signing certificate, you are done */ if (rc == 0) { |