sbsigntool fix (was Re: [PATCH] Fix PE/COFF checksum calculation)

James Bottomley James.Bottomley at HansenPartnership.com
Thu Jun 13 16:54:21 BST 2019 

On Thu, 2019-06-13 at 13:53 +0100, Steve McIntyre wrote:
> Sharing with others too. No idea if James is having mail problems or
> something...

Sorry, no, sbsigntool has been somewhat low on my list of things to
look after for a while (I was hoping after engine support it would just
be complete).

Let me actually dust off the git tree and have a look at the problem.

James


> On Mon, Apr 29, 2019 at 03:55:10PM +0100, Steve McIntyre wrote:
> > Hi James!
> > 
> > Not had a response yet, I guess you're busy. Would a mailing list
> > somewhere be better for this?
> > 
> > On Fri, Apr 19, 2019 at 11:14:46PM +0100, Steve McIntyre wrote:
> > > Hi James,
> > > 
> > > Only count the cert_table header once when performing the
> > > calculation
> > > and counting buffer sizes.
> > > 
> > > Signed-off-by: Steve McIntyre <93sam at debian.org>
> > > ---
> > > src/image.c | 6 +-----
> > > 1 file changed, 1 insertion(+), 5 deletions(-)
> > > 
> > > diff --git a/src/image.c b/src/image.c
> > > index 745191f..3ada37b 100644
> > > --- a/src/image.c
> > > +++ b/src/image.c
> > > @@ -162,7 +162,6 @@ static void
> > > image_pecoff_update_checksum(struct image *image)
> > > {
> > > 	bool is_signed = image->sigsize && image->sigbuf;
> > > 	uint32_t checksum;
> > > -	struct cert_table_header *cert_table = image-
> > > >cert_table;
> > > 
> > > 	/* We carefully only include the signature data in the checksum
> > > (and
> > > 	 * in the file length) if we're outputting the
> > > signature.  Otherwise,
> > > @@ -180,16 +179,13 @@ static void
> > > image_pecoff_update_checksum(struct image *image)
> > > 			(void *)(image->checksum + 1));
> > > 
> > > 	if (is_signed) {
> > > -		checksum = csum_bytes(checksum,
> > > -				cert_table,
> > > sizeof(*cert_table));
> > > -
> > > 		checksum = csum_bytes(checksum, image->sigbuf, image-
> > > >sigsize);
> > > 	}
> > > 
> > > 	checksum += image->data_size;
> > > 
> > > 	if (is_signed)
> > > -		checksum += sizeof(*cert_table) + image-
> > > >sigsize;
> > > +		checksum += image->sigsize;
> > > 
> > > 	*(image->checksum) = cpu_to_le32(checksum);
> > > }
> > > -- 
> > > 2.20.1
> > > 
> > > 
> > 
> > -- 
> > Steve McIntyre, Cambridge, UK.                                steve
> > @einval.com
> > Is there anybody out there?

More information about the Efi mailing list