Fix Updater non-zero _verify->length() once again (#8545)

Amends #8507 I took the liberty to also do some refactoring; specifically, fixing signed vs. unsigned mismatch in len, using pointer object vs. the original manual malloc & free, try to have named constants for certain addresses and lengths, plus localize printing of u8 arrays. The suggested test to have a 'dummy' verifier works just fine. (...how it actually works and gets the hash to compare with is a whole other question, though) Another issue noticed while testing, in the underlying bearssl api there's an actual limit for hash length. 6105635531/inc/bearssl_rsa.h (L257)
2025-08-05 13:16:13 +03:00 · 2022-09-13 15:57:42 +03:00
parent 313b3c07ec
commit a0c7a85649
3 changed files with 63 additions and 39 deletions
--- a/tools/signing.py
+++ b/tools/signing.py
@@ -4,6 +4,7 @@
 import argparse
 import hashlib
 import os
+import struct
 import subprocess
 import sys

@@ -30,7 +31,7 @@ def sign_and_write(data, priv_key, out_file):
        with open(out_file, "wb") as out:
            out.write(data)
            out.write(signout)
-            out.write(b'\x00\x01\x00\x00')
+            out.write(struct.pack("<L", len(signout))) # u32, little-endian
            sys.stderr.write("Signed binary: " + out_file + "\n")

 def sign_and_write_legacy(data, priv_key, out_file):
@@ -47,7 +48,7 @@ def sign_and_write_legacy(data, priv_key, out_file):
        with open(out_file, "wb") as out:
            out.write(data)
            out.write(signout)
-            out.write(b'\x00\x01\x00\x00')
+            out.write(struct.pack("<L", len(signout))) # u32, little-endian
            sys.stderr.write("Legacy signed binary: " + out_file + "\n")

 def main():