From steve at einval.com Thu Jun 13 13:53:24 2019 From: steve at einval.com (Steve McIntyre) Date: Thu, 13 Jun 2019 13:53:24 +0100 Subject: sbsigntool fix (was Re: [PATCH] Fix PE/COFF checksum calculation) In-Reply-To: <20190429145453.GA23588@tack.einval.com> References: <20190419221445.24924-1-93sam@debian.org> <20190419221445.24924-2-93sam@debian.org> <20190429145453.GA23588@tack.einval.com> Message-ID: <20190613125318.GC24998@tack.einval.com> Sharing with others too. No idea if James is having mail problems or something... On Mon, Apr 29, 2019 at 03:55:10PM +0100, Steve McIntyre wrote: >Hi James! > >Not had a response yet, I guess you're busy. Would a mailing list >somewhere be better for this? > >On Fri, Apr 19, 2019 at 11:14:46PM +0100, Steve McIntyre wrote: >>Hi James, >> >>Only count the cert_table header once when performing the calculation >>and counting buffer sizes. >> >>Signed-off-by: Steve McIntyre <93sam at debian.org> >>--- >> src/image.c | 6 +----- >> 1 file changed, 1 insertion(+), 5 deletions(-) >> >>diff --git a/src/image.c b/src/image.c >>index 745191f..3ada37b 100644 >>--- a/src/image.c >>+++ b/src/image.c >>@@ -162,7 +162,6 @@ static void image_pecoff_update_checksum(struct image *image) >> { >> bool is_signed = image->sigsize && image->sigbuf; >> uint32_t checksum; >>- struct cert_table_header *cert_table = image->cert_table; >> >> /* We carefully only include the signature data in the checksum (and >> * in the file length) if we're outputting the signature. Otherwise, >>@@ -180,16 +179,13 @@ static void image_pecoff_update_checksum(struct image *image) >> (void *)(image->checksum + 1)); >> >> if (is_signed) { >>- checksum = csum_bytes(checksum, >>- cert_table, sizeof(*cert_table)); >>- >> checksum = csum_bytes(checksum, image->sigbuf, image->sigsize); >> } >> >> checksum += image->data_size; >> >> if (is_signed) >>- checksum += sizeof(*cert_table) + image->sigsize; >>+ checksum += image->sigsize; >> >> *(image->checksum) = cpu_to_le32(checksum); >> } >>-- >>2.20.1 >> >> >-- >Steve McIntyre, Cambridge, UK. steve at einval.com >Is there anybody out there? -- Steve McIntyre, Cambridge, UK. steve at einval.com Into the distance, a ribbon of black Stretched to the point of no turning back From James.Bottomley at HansenPartnership.com Thu Jun 13 16:54:21 2019 From: James.Bottomley at HansenPartnership.com (James Bottomley) Date: Thu, 13 Jun 2019 08:54:21 -0700 Subject: sbsigntool fix (was Re: [PATCH] Fix PE/COFF checksum calculation) In-Reply-To: <20190613125318.GC24998@tack.einval.com> References: <20190419221445.24924-1-93sam@debian.org> <20190419221445.24924-2-93sam@debian.org> <20190429145453.GA23588@tack.einval.com> <20190613125318.GC24998@tack.einval.com> Message-ID: <1560441261.3329.33.camel@HansenPartnership.com> On Thu, 2019-06-13 at 13:53 +0100, Steve McIntyre wrote: > Sharing with others too. No idea if James is having mail problems or > something... Sorry, no, sbsigntool has been somewhat low on my list of things to look after for a while (I was hoping after engine support it would just be complete). Let me actually dust off the git tree and have a look at the problem. James > On Mon, Apr 29, 2019 at 03:55:10PM +0100, Steve McIntyre wrote: > > Hi James! > > > > Not had a response yet, I guess you're busy. Would a mailing list > > somewhere be better for this? > > > > On Fri, Apr 19, 2019 at 11:14:46PM +0100, Steve McIntyre wrote: > > > Hi James, > > > > > > Only count the cert_table header once when performing the > > > calculation > > > and counting buffer sizes. > > > > > > Signed-off-by: Steve McIntyre <93sam at debian.org> > > > --- > > > src/image.c | 6 +----- > > > 1 file changed, 1 insertion(+), 5 deletions(-) > > > > > > diff --git a/src/image.c b/src/image.c > > > index 745191f..3ada37b 100644 > > > --- a/src/image.c > > > +++ b/src/image.c > > > @@ -162,7 +162,6 @@ static void > > > image_pecoff_update_checksum(struct image *image) > > > { > > > bool is_signed = image->sigsize && image->sigbuf; > > > uint32_t checksum; > > > - struct cert_table_header *cert_table = image- > > > >cert_table; > > > > > > /* We carefully only include the signature data in the checksum > > > (and > > > * in the file length) if we're outputting the > > > signature. Otherwise, > > > @@ -180,16 +179,13 @@ static void > > > image_pecoff_update_checksum(struct image *image) > > > (void *)(image->checksum + 1)); > > > > > > if (is_signed) { > > > - checksum = csum_bytes(checksum, > > > - cert_table, > > > sizeof(*cert_table)); > > > - > > > checksum = csum_bytes(checksum, image->sigbuf, image- > > > >sigsize); > > > } > > > > > > checksum += image->data_size; > > > > > > if (is_signed) > > > - checksum += sizeof(*cert_table) + image- > > > >sigsize; > > > + checksum += image->sigsize; > > > > > > *(image->checksum) = cpu_to_le32(checksum); > > > } > > > -- > > > 2.20.1 > > > > > > > > > > -- > > Steve McIntyre, Cambridge, UK. steve > > @einval.com > > Is there anybody out there? From steve at einval.com Thu Jun 13 16:57:11 2019 From: steve at einval.com (Steve McIntyre) Date: Thu, 13 Jun 2019 16:57:11 +0100 Subject: sbsigntool fix (was Re: [PATCH] Fix PE/COFF checksum calculation) In-Reply-To: <1560441261.3329.33.camel@HansenPartnership.com> References: <20190419221445.24924-1-93sam@debian.org> <20190419221445.24924-2-93sam@debian.org> <20190429145453.GA23588@tack.einval.com> <20190613125318.GC24998@tack.einval.com> <1560441261.3329.33.camel@HansenPartnership.com> Message-ID: <20190613155703.GF24998@tack.einval.com> On Thu, Jun 13, 2019 at 08:54:21AM -0700, James Bottomley wrote: >On Thu, 2019-06-13 at 13:53 +0100, Steve McIntyre wrote: >> Sharing with others too. No idea if James is having mail problems or >> something... > >Sorry, no, sbsigntool has been somewhat low on my list of things to >look after for a while (I was hoping after engine support it would just >be complete). > >Let me actually dust off the git tree and have a look at the problem. ACK, thanks! -- Steve McIntyre, Cambridge, UK. steve at einval.com < sladen> I actually stayed in a hotel and arrived to find a post-it note stuck to the mini-bar saying "Paul: This fridge and fittings are the correct way around and do not need altering"