Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
yourfritz-host: workaround "number of zero blocks going into md5 calc…
…ulation" bug Most probably an AVM bug in their signing code. In case ./var/signature tarball member starts exactly 1 KB before the end of a 10KB block only 2 zero-blocks (both 512 bytes big) are taken into account while calculating the md5 sum, in all other cases 4 zero-blocks (2 for ./var/signature + 2 for EoA marker) are considered. git-svn-id: http://svn.freetz.org/trunk@14861 f5190166-0702-4917-9039-51ec32eddaf5
- Loading branch information
Showing
2 changed files
with
41 additions
and
0 deletions.
There are no files selected for viewing
24 changes: 24 additions & 0 deletions
24
tools/make/yourfritz-host/patches/030-signing_zero_blocks_going_into_md5.patch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,24 @@ | ||
| --- signimage/sign_image | ||
| +++ signimage/sign_image | ||
| @@ -362,7 +354,11 @@ | ||
| # blocks with a size of 512 octets) # | ||
| # # | ||
| #################################################################################### | ||
| -"$YF_SIGNIMAGE_DD" if=/dev/zero of="$tmp/1K.bin" bs=512 count=2 status=none 2>/dev/null | ||
| +zero_blocks_in_md5=4 # 2 blocks ./var/signature member + 2 blocks EOA marker | ||
| +if [ $(( ( copy_blocks + 2 ) % 20 )) -eq 0 ]; then | ||
| + zero_blocks_in_md5=2 # 2 blocks ./var/signature member only | ||
| +fi | ||
| +"$YF_SIGNIMAGE_DD" if=/dev/zero of="$tmp/zero_blocks_in_md5.bin" bs=512 count=$zero_blocks_in_md5 status=none 2>/dev/null | ||
| #################################################################################### | ||
| # # | ||
| # generate the signature file # | ||
| @@ -374,7 +370,7 @@ | ||
| # # | ||
| ##################################A################################################# | ||
| echo -en "Signing the image hash (\x1B[1m$hash_algo\x1B[0m) with RSA key from \x1B[1m${name_prefix}.${private_extension}\x1B[0m ... " 1>&2 | ||
| -"$YF_SIGNIMAGE_DD" if="$image_file" bs=512 count=$copy_blocks status=none 2>&1 | cat - "$tmp/1K.bin" "$tmp/1K.bin" | | ||
| +"$YF_SIGNIMAGE_DD" if="$image_file" bs=512 count=$copy_blocks status=none 2>&1 | cat - "$tmp/zero_blocks_in_md5.bin" | | ||
| "$YF_SIGNIMAGE_OPENSSL" dgst -$hash_algo -sign "${name_prefix}.${private_extension}" -out "$tmp/var/signature" -passin "pass:$KEYPASSWORD" | ||
| rc=$? | ||
| if [ $rc -eq 0 ]; then |
17 changes: 17 additions & 0 deletions
17
tools/make/yourfritz-host/patches/040-signing_multiple_mktemps.patch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,17 @@ | ||
| --- signimage/sign_image | ||
| +++ signimage/sign_image | ||
| @@ -343,14 +343,6 @@ | ||
| fi | ||
| #################################################################################### | ||
| # # | ||
| -# prepare a temporary directory and cleanup on exit # | ||
| -# # | ||
| -#################################################################################### | ||
| -tmp=$(mktemp -d) | ||
| -[ $? -eq 127 ] && tmp="/tmp/tmp.$(date +%s).$$" && mkdir -p "$tmp" | ||
| -trap "rm -r \"$tmp\"" EXIT HUP | ||
| -#################################################################################### | ||
| -# # | ||
| # create a subdirectory 'var' to prepare a TAR file of our signature later # | ||
| # # | ||
| #################################################################################### |