arduino/esp8266
1
0
Fork 0
mirror of https://github.com/esp8266/Arduino.git synced 2025-04-27 21:16:50 +03:00
Code

Permit using the Updater _hash function, even if we don't have a signature appended to the image (#8507)

Browse Source 
The _hash and _verify functionality of the Updater class are pretty much entwined. But it might be useful to calculate the hash, even without a signature present in the image itself. This change permits that by allowing a zero-length signature.

For reference, one possible use case is where the expected hash is provided separately to the uploaded image. Another is to provide generic post-upload validation of the image: the hash function permits a convenient way of inspecting the complete image against arbitrary conditions; this is particularly useful after HTTP client OTA updates.

(It's fair that reading the whole image back out of flash is not very efficient, but that's not the concern of this PR.)
This commit is contained in:
Edd Inglis 2022-04-11 12:14:26 +01:00 committed by GitHub
parent 520233f73e
commit f78c6332f0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 30 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
cores/esp8266/Updater.cpp
View File

@ -223,19 +223,29 @@ bool UpdaterClass::end(bool evenIfRemaining){
_size = progress();
}
uint32_t sigLen = 0;
if (_verify) {
const uint32_t expectedSigLen = _verify->length();
// If expectedSigLen is non-zero, we expect the last four bytes of the buffer to
// contain a matching length field, preceded by the bytes of the signature itself.
// But if expectedSigLen is zero, we expect neither a signature nor a length field;
uint32_t sigLen = 0;
if (expectedSigLen > 0) {
ESP.flashRead(_startAddress + _size - sizeof(uint32_t), &sigLen, sizeof(uint32_t));
}
#ifdef DEBUG_UPDATER
DEBUG_UPDATER.printf_P(PSTR("[Updater] sigLen: %d\n"), sigLen);
#endif
if (sigLen != _verify->length()) {
if (sigLen != expectedSigLen) {
_setError(UPDATE_ERROR_SIGN);
_reset();
return false;
}
int binSize = _size - sigLen - sizeof(uint32_t) /* The siglen word */;
int binSize = _size;
if (expectedSigLen > 0) {
_size -= (sigLen + sizeof(uint32_t) /* The siglen word */);
}
_hash->begin();
#ifdef DEBUG_UPDATER
DEBUG_UPDATER.printf_P(PSTR("[Updater] Adjusted binsize: %d\n"), binSize);
@ -254,7 +264,10 @@ bool UpdaterClass::end(bool evenIfRemaining){
for (int i=0; i<_hash->len(); i++) DEBUG_UPDATER.printf(" %02x", ret[i]);
DEBUG_UPDATER.printf("\n");
#endif
uint8_t *sig = (uint8_t*)malloc(sigLen);
uint8_t *sig = nullptr; // Safe to free if we don't actually malloc
if (expectedSigLen > 0) {
sig = (uint8_t*)malloc(sigLen);
if (!sig) {
_setError(UPDATE_ERROR_SIGN);
_reset();
@ -268,6 +281,7 @@ bool UpdaterClass::end(bool evenIfRemaining){
}
DEBUG_UPDATER.printf("\n");
#endif
}
if (!_verify->verify(_hash, (void *)sig, sigLen)) {
free(sig);
_setError(UPDATE_ERROR_SIGN);