From 7aa22f8ad82427006fcc9b737aadefc2a69eac9d Mon Sep 17 00:00:00 2001
From: Egor Ignatov <egori@altlinux.org>
Date: Thu, 7 Mar 2024 13:07:27 -0500
Subject: [PATCH] efikeygen: Account for the signature size in
 bundle_signature()

In ea7a2c41f92d, when bundling the signature, the bitstring type field
is being set manually with a hacky offset.  That offset is only valid
with specific signature types, and so with any signature of a different
size, this is just corrupting data either in the signature or after it.

This change from Egor fixes the egregious hack to manually set the type
so that it computes the location based on the signature length, rather
than hard-coding a value.

Signed-off-by: Peter Jones <pjones@redhat.com>
---
 src/efikeygen.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/efikeygen.c b/src/efikeygen.c
index f09ea88..74e6011 100644
--- a/src/efikeygen.c
+++ b/src/efikeygen.c
@@ -141,7 +141,8 @@ bundle_signature(cms_context *cms, SECItem *sigder, SECItem *data,
 		errx(1, "could not encode certificate: %s",
 			PORT_ErrorToString(PORT_GetError()));
 
-	sigder->data[sigder->len - 261] = DER_BIT_STRING;
+	//Note: offset is signature size + 5 bytes for DER encoding
+	sigder->data[sigder->len - (signature->len + 5)] = DER_BIT_STRING;
 
 	return 0;
 }