fs-verity: don't pass whole descriptor to fsverity_verify_signature()

Now that fsverity_get_descriptor() validates the sig_size field, fsverity_verify_signature() doesn't need to do it. Just change the prototype of fsverity_verify_signature() to take the signature directly rather than take a fsverity_descriptor. Link: https://lore.kernel.org/r/20210115181819.34732-3-ebiggers@kernel.org Reviewed-by: Victor Hsieh <victorhsieh@google.com> Reviewed-by: Jaegeuk Kim <jaegeuk@kernel.org> Reviewed-by: Amy Parker <enbyamy@gmail.com> Reviewed-by: Chao Yu <yuchao0@huawei.com> Signed-off-by: Eric Biggers <ebiggers@google.com>
author: Eric Biggers <ebiggers@google.com> 2021-01-15 10:18:15 -0800
committer: Eric Biggers <ebiggers@google.com> 2021-02-07 14:51:09 -0800
commit: fab634c4de4604aefaaa9dc25d0e1a2cb7a961ab (patch)
tree: 48f94c89cb86c43b472738346720887757e839e2 /fs/verity/open.c
parent: c2c8261151b32f1956fc4ecd71c9a3e7972084b6 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/fs/verity/open.c b/fs/verity/open.c
index a987bb785e9b..60ff8af7219f 100644
--- a/fs/verity/open.c
+++ b/fs/verity/open.c
@@ -181,7 +181,8 @@ struct fsverity_info *fsverity_create_info(const struct inode *inode,
 		 vi->tree_params.hash_alg->name,
 		 vi->tree_params.digest_size, vi->file_digest);
 
-	err = fsverity_verify_signature(vi, desc, desc_size);
+	err = fsverity_verify_signature(vi, desc->signature,
+					le32_to_cpu(desc->sig_size));
 out:
 	if (err) {
 		fsverity_free_info(vi);
author	Eric Biggers <ebiggers@google.com>	2021-01-15 10:18:15 -0800
committer	Eric Biggers <ebiggers@google.com>	2021-02-07 14:51:09 -0800
commit	fab634c4de4604aefaaa9dc25d0e1a2cb7a961ab (patch)
tree	48f94c89cb86c43b472738346720887757e839e2 /fs/verity/open.c
parent	c2c8261151b32f1956fc4ecd71c9a3e7972084b6 (diff)