add dts config

hc

2023-12-06 08f87f769b595151be1afeff53e144f543faa614

 kernel/fs/verity/signature.c
..
..
@@ -27,6 +27,27 @@
27
27
 static struct key *fsverity_keyring;
28
28
 
29
29
 /**
30
+ * fsverity_verify_signature() - check a verity file's signature
31
+ * @vi: the file's fsverity_info
32
+ * @signature: the file's built-in signature
33
+ * @sig_size: size of signature in bytes, or 0 if no signature
34
+ *
35
+ * If the file includes a signature of its fs-verity file digest, verify it
36
+ * against the certificates in the fs-verity keyring.
37
+ *
38
+ * Return: 0 on success (signature valid or not required); -errno on failure
39
+ */
40
+int fsverity_verify_signature(const struct fsverity_info *vi,
41
+			      const u8 *signature, size_t sig_size)
42
+{
43
+	unsigned int digest_algorithm =
44
+		vi->tree_params.hash_alg - fsverity_hash_algs;
45
+
46
+	return __fsverity_verify_signature(vi->inode, signature, sig_size,
47
+					   vi->file_digest, digest_algorithm);
48
+}
49
+
50
+/**
30
51
  * __fsverity_verify_signature() - check a verity file's signature
31
52
  * @inode: the file's inode
32
53
  * @signature: the file's signature
..
..
@@ -40,7 +61,7 @@
40
61
  * Return: 0 on success (signature valid or not required); -errno on failure
41
62
  */
42
63
 int __fsverity_verify_signature(const struct inode *inode, const u8 *signature,
43
-				u32 sig_size, const u8 *file_digest,
64
+				size_t sig_size, const u8 *file_digest,
44
65
 				unsigned int digest_algorithm)
45
66
 {
46
67
 	struct fsverity_formatted_digest *d;
..
..
@@ -69,8 +90,7 @@
69
90
 	memcpy(d->digest, file_digest, hash_alg->digest_size);
70
91
 
71
92
 	err = verify_pkcs7_signature(d, sizeof(*d) + hash_alg->digest_size,
72
-				     signature, sig_size,
73
-				     fsverity_keyring,
93
+				     signature, sig_size, fsverity_keyring,
74
94
 				     VERIFYING_UNSPECIFIED_SIGNATURE,
75
95
 				     NULL, NULL);
76
96
 	kfree(d);
..
..
@@ -95,34 +115,6 @@
95
115
 }
96
116
 EXPORT_SYMBOL_GPL(__fsverity_verify_signature);
97
117
 
98
-/**
99
- * fsverity_verify_signature() - check a verity file's signature
100
- * @vi: the file's fsverity_info
101
- * @desc: the file's fsverity_descriptor
102
- * @desc_size: size of @desc
103
- *
104
- * If the file's fs-verity descriptor includes a signature of the file digest,
105
- * verify it against the certificates in the fs-verity keyring.
106
- *
107
- * Return: 0 on success (signature valid or not required); -errno on failure
108
- */
109
-int fsverity_verify_signature(const struct fsverity_info *vi,
110
-			      const struct fsverity_descriptor *desc,
111
-			      size_t desc_size)
112
-{
113
-	const struct inode *inode = vi->inode;
114
-	const struct fsverity_hash_alg *hash_alg = vi->tree_params.hash_alg;
115
-	const u32 sig_size = le32_to_cpu(desc->sig_size);
116
-
117
-	if (sig_size > desc_size - sizeof(*desc)) {
118
-		fsverity_err(inode, "Signature overflows verity descriptor");
119
-		return -EBADMSG;
120
-	}
121
-
122
-	return __fsverity_verify_signature(inode, desc->signature, sig_size,
123
-				vi->file_digest, hash_alg - fsverity_hash_algs);
124
-}
125
-
126
118
 #ifdef CONFIG_SYSCTL
127
119
 static struct ctl_table_header *fsverity_sysctl_header;
128
120
 
..
..
@@ -131,13 +123,6 @@
131
123
 	{ .procname = "verity", },
132
124
 	{ }
133
125
 };
134
-
135
-/* shared constants to be used in various sysctls */
136
-static int sysctl_vals[] = { 0, 1, INT_MAX };
137
-
138
-#define SYSCTL_ZERO	((void *)&sysctl_vals[0])
139
-#define SYSCTL_ONE	((void *)&sysctl_vals[1])
140
-#define SYSCTL_INT_MAX	((void *)&sysctl_vals[2])
141
126
 
142
127
 static struct ctl_table fsverity_sysctl_table[] = {
143
128
 	{