Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use 2nd stack for update signature verification #7149

Merged
merged 3 commits into from
Mar 14, 2020
Merged

Use 2nd stack for update signature verification #7149

merged 3 commits into from
Mar 14, 2020

Conversation

earlephilhower
Copy link
Collaborator

Fixes #7145

When doing a signed update, the signature calculation can use a lot of
stack, so move it silently to the BearSSL second stack.

Also fix a memory leak of signature-bytes found by @JiriBilek

@earlephilhower
Use 2nd stack for update signature verification
fe02cb3 
Fixes esp8266#7145

When doing a signed update, the signature calculation can use a lot of
stack, so move it silently to the BearSSL second stack.

Also fix a memory leak of signature-bytes found by @JiriBilek
@JiriBilek
Copy link
Contributor

Apologies for a silly question: how can I test it? Is it fine just to get and replace changed files in my nearly-up-to-date repository copy?

@earlephilhower
Copy link
Collaborator Author

You can try that, or use the GIT method described here:
https://help.github.com/en/github/collaborating-with-issues-and-pull-requests/checking-out-pull-requests-locally

@JiriBilek
Copy link
Contributor

Tested on my application, the stack size remains the same before and after the update (not a big surprise, though), no crashes so far.
Thanks for a quick fix!

@earlephilhower earlephilhower added this to the 2.7.0 milestone Mar 11, 2020
@earlephilhower earlephilhower requested a review from d-a-v March 11, 2020 23:05
@earlephilhower earlephilhower merged commit e252873 into esp8266:master Mar 14, 2020
@earlephilhower earlephilhower deleted the safesign branch March 14, 2020 23:10
@bastidest
Copy link

I found this issue while debugging OTA signature verification problems. This PR seems to break the signed OTA updates for me. It seems to be stuck right after calling thunk_SigningVerifier_verify(_pubKey, hash, signature, signatureLen);

After this patch it works fine again:

@@ -899,7 +899,7 @@
 
 bool SigningVerifier::verify(UpdaterHashClass *hash, const void *signature, uint32_t signatureLen) {
   if (!_pubKey || !hash || !signature || signatureLen != length()) return false;
-#if !CORE_MOCK
+#if CORE_MOCK
     return thunk_SigningVerifier_verify(_pubKey, hash, signature, signatureLen);
 #else
     return SigningVerifier_verify(_pubKey, hash, signature, signatureLen);

I don't know if that is directly related with this PR, otherwise I can open an issue.

@devyte
Copy link
Collaborator

devyte commented May 9, 2020

Please open a new issue and follow the template instructions.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@JiriBilek JiriBilek JiriBilek left review comments

@d-a-v d-a-v d-a-v approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
2.7.0
Development

Successfully merging this pull request may close these issues.

httpUpdateSigned crashes on verification when the digital signature does not match
5 participants
@earlephilhower @JiriBilek @bastidest @devyte @d-a-v