[openwrt/openwrt] px5g-wolfssl: Fix certificate signature

LEDE Commits lede-commits at lists.infradead.org
Tue Jan 26 22:00:10 EST 2021 

aparcar pushed a commit to openwrt/openwrt.git, branch master:
https://git.openwrt.org/ff2087d9a9db86c6c5a7fec258fec66bff8e4f9c

commit ff2087d9a9db86c6c5a7fec258fec66bff8e4f9c
Author: Jeffrey Elms <jeff at wolfssl.com>
AuthorDate: Tue Jan 26 18:28:14 2021 -0800

    px5g-wolfssl: Fix certificate signature
    
    Certificate signature algorithm was being set after call to
    `wc_MakeCert`, resulting in a mismatch between specified signature in
    certificate and the actual signature type.
    
    Signed-off-by: Jeffrey Elms <jeff at wolfssl.com>
    [fix commit subject, use COMMITCOUNT]
    Signed-off-by: Paul Spooren <mail at aparcar.org>
---
 package/utils/px5g-wolfssl/Makefile       | 2 +-
 package/utils/px5g-wolfssl/px5g-wolfssl.c | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/package/utils/px5g-wolfssl/Makefile b/package/utils/px5g-wolfssl/Makefile
index be36f9f33d..90296008d6 100644
--- a/package/utils/px5g-wolfssl/Makefile
+++ b/package/utils/px5g-wolfssl/Makefile
@@ -5,7 +5,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=px5g-wolfssl
-PKG_RELEASE:=1
+PKG_RELEASE:=$(COMMITCOUNT)
 PKG_LICENSE:=GPL-2.0-or-later
 
 PKG_USE_MIPS16:=0
diff --git a/package/utils/px5g-wolfssl/px5g-wolfssl.c b/package/utils/px5g-wolfssl/px5g-wolfssl.c
index b937d220ca..763d7b4b71 100644
--- a/package/utils/px5g-wolfssl/px5g-wolfssl.c
+++ b/package/utils/px5g-wolfssl/px5g-wolfssl.c
@@ -232,8 +232,10 @@ int selfsigned(WC_RNG *rng, char **arg) {
           subject, fstr, tstr);
 
   if (type == EC_KEY_TYPE) {
+    newCert.sigType = CTC_SHA256wECDSA;
     ret = wc_MakeCert(&newCert, derBuf, sizeof(derBuf), NULL, &ecKey, rng);
   } else {
+    newCert.sigType = CTC_SHA256wRSA;
     ret = wc_MakeCert(&newCert, derBuf, sizeof(derBuf), &rsaKey, NULL, rng);
   }
   if (ret <= 0) {
@@ -242,11 +244,9 @@ int selfsigned(WC_RNG *rng, char **arg) {
   }
 
   if (type == EC_KEY_TYPE) {
-    newCert.sigType = CTC_SHA256wECDSA;
     ret = wc_SignCert(newCert.bodySz, newCert.sigType, derBuf, sizeof(derBuf),
                       NULL, &ecKey, rng);
   } else {
-    newCert.sigType = CTC_SHA256wRSA;
     ret = wc_SignCert(newCert.bodySz, newCert.sigType, derBuf, sizeof(derBuf),
                       &rsaKey, NULL, rng);
   }

More information about the lede-commits mailing list