From jwboyer@redhat.com Tue Dec 11 11:12:04 2012 Return-Path: jwboyer@redhat.com Received: from zmta04.collab.prod.int.phx2.redhat.com (LHLO zmta04.collab.prod.int.phx2.redhat.com) (10.5.81.11) by zmail14.collab.prod.int.phx2.redhat.com with LMTP; Tue, 11 Dec 2012 11:12:04 -0500 (EST) Received: from int-mx02.intmail.prod.int.phx2.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) by zmta04.collab.prod.int.phx2.redhat.com (Postfix) with ESMTP id 02F16D0D4D for ; Tue, 11 Dec 2012 11:12:04 -0500 (EST) Received: from hansolo.jdub.homelinux.org ([10.3.113.16]) by int-mx02.intmail.prod.int.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id qBBGC1N7022642 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Tue, 11 Dec 2012 11:12:03 -0500 Date: Tue, 11 Dec 2012 11:12:01 -0500 From: Josh Boyer To: pjones@redhat.com Cc: mjg59@srcf.ucam.org Subject: [PATCH] Fix SignatureSize field when importing a new cert Message-ID: <20121211161200.GA999@hansolo.jdub.homelinux.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.21 (2010-09-15) X-Scanned-By: MIMEDefang 2.67 on 10.5.11.12 Status: RO Content-Length: 842 Lines: 25 The SignatureSize field should be the length of the certificate plus 16 per the UEFI spec. Remove the extraneous addition of sizeof(EFI_SIGNATURE_DATA) from the calculation so that certs enrolled in MokListRT are parsable. --- src/mokutil.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/mokutil-0.1.0/src/mokutil.c b/mokutil-0.1.0/src/mokutil.c index ca46488..f94aee4 100644 --- a/mokutil-0.1.0/src/mokutil.c +++ b/mokutil-0.1.0/src/mokutil.c @@ -485,8 +485,7 @@ import_moks (char **files, uint32_t total) CertList->SignatureListSize = sizes[i] + sizeof(EFI_SIGNATURE_LIST) + sizeof(EFI_SIGNATURE_DATA) - 1; CertList->SignatureHeaderSize = 0; - CertList->SignatureSize = sizes[i] + - sizeof(EFI_SIGNATURE_DATA) + 16; + CertList->SignatureSize = sizes[i] + 16; CertData->SignatureOwner = SHIM_LOCK_GUID; fd = open (files[i], O_RDONLY); -- 1.8.0.1