[OpenWrt-Devel] [PATCH usign] Always pad fingerprints to 16 characters
Matthias Schiffer
mschiffer at universe-factory.net
Sat May 16 11:29:00 EDT 2020
Fingerprints were not padded with zeros. This led to an ucert failure
when the first byte of the fingerprint is 00, as it expects the
fingerprint to have a constant length (and this expectation seems
reasonable to me).
Signed-off-by: Matthias Schiffer <mschiffer at universe-factory.net>
---
This issue was noticed as a spurious build failure in Gluon's CI - our
GHA CI generates a new build key for each build, and in 1 out of 256
builds, the fingerprint would start with a 0 byte and trigger the issue.
I'm also working on some ucert fixes (for example for the fact that it
was still working when only the first 4 bits of the fingerprint were 0,
as the trailing newline was considered as one of the expected 16
characters then.)
main.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/main.c b/main.c
index ef47b282a7cc..ebfdfb0809c4 100644
--- a/main.c
+++ b/main.c
@@ -149,7 +149,7 @@ static void write_file(const char *name, const uint8_t *fingerprint,
if (comment)
fputs(comment, f);
else
- fprintf(f, "%s %"PRIx64, prefix,
+ fprintf(f, "%s %016"PRIx64, prefix,
fingerprint_u64(fingerprint));
fprintf(f, "\n%s\n", buf);
fclose(f);
@@ -177,7 +177,7 @@ static int verify(const char *msgfile)
}
if (!pubkeyfile) {
- snprintf(buf, sizeof(buf), "%s/%"PRIx64, pubkeydir,
+ snprintf(buf, sizeof(buf), "%s/%016"PRIx64, pubkeydir,
fingerprint_u64(sig.fingerprint));
pubkeyfile = buf;
}
@@ -276,7 +276,7 @@ static int fingerprint(void)
else
return 1;
- fprintf(stdout, "%"PRIx64"\n", fingerprint_u64(fp));
+ fprintf(stdout, "%016"PRIx64"\n", fingerprint_u64(fp));
return 0;
}
--
2.26.2
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
More information about the openwrt-devel
mailing list