[OpenWrt-Devel] [PATCH usign] Always pad fingerprints to 16 characters

Matthias Schiffer mschiffer at universe-factory.net
Sat May 16 11:29:00 EDT 2020

Fingerprints were not padded with zeros. This led to an ucert failure
when the first byte of the fingerprint is 00, as it expects the
fingerprint to have a constant length (and this expectation seems
reasonable to me).

Signed-off-by: Matthias Schiffer <mschiffer at universe-factory.net>

This issue was noticed as a spurious build failure in Gluon's CI - our
GHA CI generates a new build key for each build, and in 1 out of 256
builds, the fingerprint would start with a 0 byte and trigger the issue.

I'm also working on some ucert fixes (for example for the fact that it
was still working when only the first 4 bits of the fingerprint were 0,
as the trailing newline was considered as one of the expected 16
characters then.)

 main.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/main.c b/main.c
index ef47b282a7cc..ebfdfb0809c4 100644
--- a/main.c
+++ b/main.c
@@ -149,7 +149,7 @@ static void write_file(const char *name, const uint8_t *fingerprint,
 	if (comment)
 		fputs(comment, f);
-		fprintf(f, "%s %"PRIx64, prefix,
+		fprintf(f, "%s %016"PRIx64, prefix,
 	fprintf(f, "\n%s\n", buf);
@@ -177,7 +177,7 @@ static int verify(const char *msgfile)
 	if (!pubkeyfile) {
-		snprintf(buf, sizeof(buf), "%s/%"PRIx64, pubkeydir,
+		snprintf(buf, sizeof(buf), "%s/%016"PRIx64, pubkeydir,
 		pubkeyfile = buf;
@@ -276,7 +276,7 @@ static int fingerprint(void)
 		return 1;
-	fprintf(stdout, "%"PRIx64"\n", fingerprint_u64(fp));
+	fprintf(stdout, "%016"PRIx64"\n", fingerprint_u64(fp));
 	return 0;

openwrt-devel mailing list
openwrt-devel at lists.openwrt.org

More information about the openwrt-devel mailing list