BaseTools/Pkcs7Sign: Update the test certificates & Readme.md

[mirror_edk2.git] / BaseTools / Source / Python / Pkcs7Sign / Pkcs7Sign.py

diff --git a/BaseTools/Source/Python/Pkcs7Sign/Pkcs7Sign.py b/BaseTools/Source/Python/Pkcs7Sign/Pkcs7Sign.py
index b9f8c066a7c357c98fa29ed544e2dd61fb2b7c28..ef79f80eddf39377379a2dfed54b82e6309fadc7 100644 (file)
--- a/BaseTools/Source/Python/Pkcs7Sign/Pkcs7Sign.py
+++ b/BaseTools/Source/Python/Pkcs7Sign/Pkcs7Sign.py
@@ -6,7 +6,7 @@
 #\r
 # This tool has been tested with OpenSSL.\r
 #\r
-# Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>\r
+# Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>\r
 # This program and the accompanying materials\r
 # are licensed and made available under the terms and conditions of the BSD License\r
 # which accompanies this distribution.  The full text of the license may be found at\r
@@ -109,7 +109,7 @@ if __name__ == '__main__':
   # Verify that Open SSL command is available\r
   #\r
   try:\r
-    Process = subprocess.Popen('%s version' % (OpenSslCommand), stdout=subprocess.PIPE, stderr=subprocess.PIPE)\r
+    Process = subprocess.Popen('%s version' % (OpenSslCommand), stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True)\r
   except:\r
     print 'ERROR: Open SSL command not available.  Please verify PATH or set OPENSSL_PATH'\r
     sys.exit(1)\r
@@ -197,13 +197,13 @@ if __name__ == '__main__':
         print 'ERROR: test other public cert file %s missing' % (args.OtherPublicCertFileName)\r
         sys.exit(1)\r
 \r
-    format = "Q%ds" % len(args.InputFileBuffer)\r
-    FullInputFileBuffer = struct.pack(format,args.MonotonicCountValue, args.InputFileBuffer)\r
+    format = "%dsQ" % len(args.InputFileBuffer)\r
+    FullInputFileBuffer = struct.pack(format, args.InputFileBuffer, args.MonotonicCountValue)\r
 \r
     #\r
     # Sign the input file using the specified private key and capture signature from STDOUT\r
     #\r
-    Process = subprocess.Popen('%s smime -sign -binary -signer "%s" -outform DER -md sha256 -certfile "%s"' % (OpenSslCommand, args.SignerPrivateCertFileName, args.OtherPublicCertFileName), stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE)\r
+    Process = subprocess.Popen('%s smime -sign -binary -signer "%s" -outform DER -md sha256 -certfile "%s"' % (OpenSslCommand, args.SignerPrivateCertFileName, args.OtherPublicCertFileName), stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True)\r
     Signature = Process.communicate(input=FullInputFileBuffer)[0]\r
     if Process.returncode <> 0:\r
       sys.exit(Process.returncode)\r
@@ -261,8 +261,8 @@ if __name__ == '__main__':
     args.SignatureBuffer = args.InputFileBuffer[0:SignatureSize]\r
     args.InputFileBuffer = args.InputFileBuffer[SignatureSize:]\r
 \r
-    format = "Q%ds" % len(args.InputFileBuffer)\r
-    FullInputFileBuffer = struct.pack(format,args.MonotonicCountValue, args.InputFileBuffer)\r
+    format = "%dsQ" % len(args.InputFileBuffer)\r
+    FullInputFileBuffer = struct.pack(format, args.InputFileBuffer, args.MonotonicCountValue)\r
 \r
     #\r
     # Save output file contents from input file\r
@@ -272,7 +272,7 @@ if __name__ == '__main__':
     #\r
     # Verify signature\r
     #\r
-    Process = subprocess.Popen('%s smime -verify -inform DER -content %s -CAfile %s' % (OpenSslCommand, args.OutputFileName, args.TrustedPublicCertFileName), stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE)\r
+    Process = subprocess.Popen('%s smime -verify -inform DER -content %s -CAfile %s' % (OpenSslCommand, args.OutputFileName, args.TrustedPublicCertFileName), stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True)\r
     Process.communicate(input=args.SignatureBuffer)[0]\r
     if Process.returncode <> 0:\r
       print 'ERROR: Verification failed'\r