[PATCH] wireless-regdb: Fix regulatory.bin signing with new M2Crypto
Ben Hutchings
benh at debian.org
Mon Feb 16 12:01:58 PST 2026
In M2Crypto version 0.45.1, the default hash algorithm for
M2Crypto.RSA.sign() changed from SHA-1 to SHA-256. Since the
signature on regulatory.bin uses a SHA-1 hash, db2bin.py generates
invalid signatures for regulatory.bin if a recent version of M2Crypto
is installed.
I reported this incompatible change as
<https://todo.sr.ht/~mcepl/m2crypto/389>.
There is an obvious workaround, which is to add an explicit
algo='sha1' parameter. This works with old and new versions of
M2Crypto.
Signed-off-by: Ben Hutchings <benh at debian.org>
---
Re-sending this with the [PATCH] prefix.
Ben.
--- a/db2bin.py
+++ b/db2bin.py
@@ -131,13 +131,13 @@ if len(sys.argv) > 3:
key = RSA.load_key(sys.argv[3])
hash = hashlib.sha1()
hash.update(output.getvalue())
- sig = key.sign(hash.digest())
+ sig = key.sign(hash.digest(), algo='sha1')
# write it to file
siglen.set(len(sig))
# sign again
hash = hashlib.sha1()
hash.update(output.getvalue())
- sig = key.sign(hash.digest())
+ sig = key.sign(hash.digest(), algo='sha1')
output.write(sig)
else:
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/wireless-regdb/attachments/20260216/e810b605/attachment.sig>
More information about the wireless-regdb
mailing list