* wireless-regdb: Fix regulatory.bin signing with new M2Crypto
@ 2026-02-16 19:58 Ben Hutchings
0 siblings, 0 replies; only message in thread
From: Ben Hutchings @ 2026-02-16 19:58 UTC (permalink / raw)
To: linux-wireless; +Cc: wireless-regdb
[-- Attachment #1: Type: text/plain, Size: 1079 bytes --]
In M2Crypto version 0.45.1, the default hash algorithm for
M2Crypto.RSA.sign() changed from SHA-1 to SHA-256. Since the
signature on regulatory.bin uses a SHA-1 hash, db2bin.py generates
invalid signatures for regulatory.bin if a recent version of M2Crypto
is installed.
I reported this incompatible change as
<https://todo.sr.ht/~mcepl/m2crypto/389>.
There is an obvious workaround, which is to add an explicit
algo='sha1' parameter. This works with old and new versions of
M2Crypto.
Signed-off-by: Ben Hutchings <benh@debian.org>
---
--- a/db2bin.py
+++ b/db2bin.py
@@ -131,13 +131,13 @@ if len(sys.argv) > 3:
key = RSA.load_key(sys.argv[3])
hash = hashlib.sha1()
hash.update(output.getvalue())
- sig = key.sign(hash.digest())
+ sig = key.sign(hash.digest(), algo='sha1')
# write it to file
siglen.set(len(sig))
# sign again
hash = hashlib.sha1()
hash.update(output.getvalue())
- sig = key.sign(hash.digest())
+ sig = key.sign(hash.digest(), algo='sha1')
output.write(sig)
else:
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2026-02-16 19:58 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-02-16 19:58 wireless-regdb: Fix regulatory.bin signing with new M2Crypto Ben Hutchings
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox