- Notifications
You must be signed in to change notification settings - Fork13.3k
Permit using the Updater _hash function, even if we don't have a signature appended to the image#8507
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
Merged
Uh oh!
There was an error while loading.Please reload this page.
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.Learn more about bidirectional Unicode characters
…ature appended to the image
d-a-v approved these changesMar 13, 2022
Collaborator
d-a-v left a comment
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
LGTM
ContributorAuthor
einglis commentedMar 14, 2022
Ty |
blue-wind-25 commentedApr 12, 2022
After comparing with the old code, I would like to clarify line 247: shouldn't it be: because the former will cause line 276 to read from the wrong address. Thank you. |
ContributorAuthor
einglis commentedApr 12, 2022
Good spot,@blue-wind-25. I think you're right. |
blue-wind-25 commentedApr 12, 2022
Great, thank you for the confirmation :-) |
mcspr added a commit that referenced this pull requestSep 13, 2022
Amends#8507I took the liberty to also do some refactoring; specifically, fixing signed vs. unsigned mismatch in len, using pointer object vs. the original manual malloc & free, try to have named constants for certain addresses and lengths, plus localize printing of u8 arrays.The suggested test to have a 'dummy' verifier works just fine. (...how it actually works and gets the hash to compare with is a whole other question, though)Another issue noticed while testing, in the underlying bearssl api there's an actual limit for hash length.https://github.com/earlephilhower/bearssl-esp8266/blob/6105635531027f5b298aa656d44be2289b2d434f/inc/bearssl_rsa.h#L257
6 tasks
hasenradball pushed a commit to hasenradball/Arduino that referenced this pull requestNov 18, 2024
…ature appended to the image (esp8266#8507)The _hash and _verify functionality of the Updater class are pretty much entwined. But it might be useful to calculate the hash, even without a signature present in the image itself. This change permits that by allowing a zero-length signature.For reference, one possible use case is where the expected hash is provided separately to the uploaded image. Another is to provide generic post-upload validation of the image: the hash function permits a convenient way of inspecting the complete image against arbitrary conditions; this is particularly useful after HTTP client OTA updates.(It's fair that reading the whole image back out of flash is not very efficient, but that's not the concern of this PR.)
hasenradball pushed a commit to hasenradball/Arduino that referenced this pull requestNov 18, 2024
Amendsesp8266#8507I took the liberty to also do some refactoring; specifically, fixing signed vs. unsigned mismatch in len, using pointer object vs. the original manual malloc & free, try to have named constants for certain addresses and lengths, plus localize printing of u8 arrays.The suggested test to have a 'dummy' verifier works just fine. (...how it actually works and gets the hash to compare with is a whole other question, though)Another issue noticed while testing, in the underlying bearssl api there's an actual limit for hash length.https://github.com/earlephilhower/bearssl-esp8266/blob/6105635531027f5b298aa656d44be2289b2d434f/inc/bearssl_rsa.h#L257
Sign up for freeto join this conversation on GitHub. Already have an account?Sign in to comment
Labels
None yet
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
NOTE: Re-submission of PR#8472 due to user error :(
The _hash and _verify functionality of the Updater class are pretty much entwined. But it might be useful to calculate the hash, even without a signature present in the image itself. This change permits that by allowing a zero-length signature.
For reference, one possible use case is where the expected hash is provided separately to the uploaded image. Another is to provide generic post-upload validation of the image: the hash function permits a convenient way of inspecting the complete image against arbitrary conditions; this is particularly useful after HTTP client OTA updates.
(It's fair that reading the whole image back out of flash is not very efficient, but that's not the concern of this PR.)