secvar/backend: rename verify_signature parameters

verify_signature() currently takes newcert and new_data_len. However,
these variables are used only as parameters to
mbedtls_pkcs7_signed_hash_verify() where they represent a hash value
and the length of the hash value.

verify_signature() is static, and the only caller of the function is
process_update(). process_update() passes in tbhbuffer and tbhbuffersize.
Those are unfortunate names too - because the data that process_update()
passes in is not a to-be-hashed buffer, but a hash. We'll fix that later.

Call the parameters hash and hash_len.

Signed-off-by: Daniel Axtens <dja@axtens.net>
Reviewed-by: Nick Child <nick.child@ibm.com>
Tested-by: Nick Child <nick.child@ibm.com>
Signed-off-by: Vasant Hegde <hegdevasant@linux.vnet.ibm.com>

1 files changed, 2 insertions, 2 deletions

diff --git a/libstb/secvar/backend/edk2-compat-process.c b/libstb/secvar/backend/edk2-compat-process.c
index 9d0c56f..541ff5a 100644
--- a/libstb/secvar/backend/edk2-compat-process.c
+++ b/libstb/secvar/backend/edk2-compat-process.c
@@ -469,7 +469,7 @@ out:
 
 /* Verify the PKCS7 signature on the signed data. */
 static int verify_signature(const struct efi_variable_authentication_2 *auth,
-			    const char *newcert, const size_t new_data_size,
+			    const char *hash, const size_t hash_len,
 			    const struct secvar *avar)
 {
 	mbedtls_pkcs7 *pkcs7 = NULL;
@@ -571,7 +571,7 @@ static int verify_signature(const struct efi_variable_authentication_2 *auth,
 		free(x509_buf);
 		x509_buf = NULL;
 
-		rc = mbedtls_pkcs7_signed_hash_verify(pkcs7, &x509, newcert, new_data_size);
+		rc = mbedtls_pkcs7_signed_hash_verify(pkcs7, &x509, hash, hash_len);
 
 		/* If you find a signing certificate, you are done */
 		if (rc == 0) {