From fd553e841af7661a4837a0dce4f580edb86e797f Mon Sep 17 00:00:00 2001
From: Jeremy Kerr <jeremy.kerr@canonical.com>
Date: Wed, 22 Aug 2012 16:50:04 +0800
Subject: [PATCH] sbvarsign: WIN_CERTIFICATE.dwLength should include the header
 size

Despite what the Authenticode spec says ("dwLength is set to the length
of bCertificate"), the MS var sign tool and EDK2 sources include the
header in the dwLength size.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
---
 src/sbvarsign.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/sbvarsign.c b/src/sbvarsign.c
index c1e0c84..3fc4599 100644
--- a/src/sbvarsign.c
+++ b/src/sbvarsign.c
@@ -273,7 +273,7 @@ static int add_auth_descriptor(struct varsign_context *ctx)
 	auth = talloc_size(ctx, sizeof(*auth) + len);
 
 	auth->TimeStamp = timestamp;
-	auth->AuthInfo.Hdr.dwLength = len + sizeof(EFI_GUID);
+	auth->AuthInfo.Hdr.dwLength = len + sizeof(auth->AuthInfo);
 	auth->AuthInfo.Hdr.wRevision = 0x0200;
 	auth->AuthInfo.Hdr.wCertificateType = 0x0EF1;
 	auth->AuthInfo.CertType = cert_pkcs7_guid;