Skip to content

Fix Updater non-zero _verify->length() once again #8545

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 9 commits into from
Sep 13, 2022
Merged

Fix Updater non-zero _verify->length() once again #8545

Changes from 1 commit
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
a396196
Correctly offset when sigLen is present
mcspr Apr 19, 2022
40373f8
Allocate fixed size array for the RSA verifier
mcspr Apr 19, 2022
1e09be5
Merge branch 'master' into updater-fix-len-calc
mcspr Apr 21, 2022
f6ac4df
dup commit msg in the comment
mcspr May 19, 2022
943fabb
Merge remote-tracking branch 'origin/master' into updater-fix-len-calc
mcspr May 19, 2022
206456f
Merge remote-tracking branch 'origin/master' into updater-fix-len-calc
mcspr Jun 1, 2022
822b9fb
make use of language size helpers
mcspr Jun 1, 2022
3d59f0d
also make use of language byte packing
mcspr Jun 1, 2022
9e77a1a
Merge branch 'master' into updater-fix-len-calc
mcspr Aug 21, 2022
File filter

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
dup commit msg in the comment
  • Loading branch information
@mcspr
mcspr committed May 19, 2022
commit f6ac4dfeae5dea6b4ee56b0e64c7830778ae5d9b
9 changes: 5 additions & 4 deletions libraries/ESP8266WiFi/src/BearSSLHelpers.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -937,13 +937,14 @@ uint32_t SigningVerifier::length()
// directly inside the class function for ease of use.
extern "C" bool SigningVerifier_verify(PublicKey *_pubKey, UpdaterHashClass *hash, const void *signature, uint32_t signatureLen) {
if (_pubKey->isRSA()) {
bool ret;
unsigned char vrf[64];
if (hash->len() > 64) {
// see https://github.com/earlephilhower/bearssl-esp8266/blob/6105635531027f5b298aa656d44be2289b2d434f/inc/bearssl_rsa.h#L257
static constexpr int HashLengthMax = 64;
unsigned char vrf[HashLengthMax];
if (hash->len() > HashLengthMax) {
return false;
}
br_rsa_pkcs1_vrfy vrfy = br_rsa_pkcs1_vrfy_get_default();
ret = vrfy((const unsigned char *)signature, signatureLen, hash->oid(), hash->len(), _pubKey->getRSA(), vrf);
bool ret = vrfy((const unsigned char *)signature, signatureLen, hash->oid(), hash->len(), _pubKey->getRSA(), vrf);
if (!ret || memcmp(vrf, hash->hash(), sizeof(vrf)) ) {
return false;
} else {
Expand Down