efikeygen: Account for the signature size in bundle_signature()

In ea7a2c4, when bundling the signature, the bitstring type field is being set manually with a hacky offset. That offset is only valid with specific signature types, and so with any signature of a different size, this is just corrupting data either in the signature or after it. This change from Egor fixes the egregious hack to manually set the type so that it computes the location based on the signature length, rather than hard-coding a value. Signed-off-by: Peter Jones <[email protected]>
rhboot · Mar 7, 2024 · 7aa22f8 · 7aa22f8
1 parent 1793a67
commit 7aa22f8
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/src/efikeygen.c b/src/efikeygen.c
@@ -141,7 +141,8 @@ bundle_signature(cms_context *cms, SECItem *sigder, SECItem *data,
 		errx(1, "could not encode certificate: %s",
 			PORT_ErrorToString(PORT_GetError()));
 
-	sigder->data[sigder->len - 261] = DER_BIT_STRING;
+	//Note: offset is signature size + 5 bytes for DER encoding
+	sigder->data[sigder->len - (signature->len + 5)] = DER_BIT_STRING;
 
 	return 0;
 }