0dc3d4b521
Only count the cert_table header once when performing the calculation and counting buffer sizes. The problem entered because of a mismerge of multiple signature support and "be1f3d8 Update the PE checksum field using the somewhat-underdocumented algorithm, so that we match the Microsoft implementation in our signature generation.". Originally image->cert_table held the full certificate table including the Microsoft _WINH_CERTIFICATE header and image->sigbuf pointed to the pkcs11 signature inside, so the two had to be checksummed separately. After multiple signature support, image->sigbuf points to the full certificate table because we now need the headers to decide where one signature ends and the next begins, so the correct checksum only needs to sum over the entire image->sigbuf. Signed-off-by: Steve McIntyre <93sam@debian.org> Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com> |
||
|---|---|---|
| docs | ||
| lib | ||
| src | ||
| tests | ||
| .gitmodules | ||
| autogen.sh | ||
| configure.ac | ||
| COPYING | ||
| LICENSE.GPLv3 | ||
| Makefile.am | ||
| NEWS | ||
| README | ||
sbsigntool - Signing utility for UEFI secure boot Copyright (C) 2102 Jeremy Kerr <jeremy.kerr@canonical.com> Copying and distribution of this file, with or without modification, are permitted in any medium without royalty provided the copyright notice and this notice are preserved. See file ./INSTALL for building and installation instructions. Main git repository: git://kernel.ubuntu.com/jk/sbsigntool.git sbsigntool is free software. See the file COPYING for copying conditions.