[PATCH] channel_curl: fix HASH_final return value check
12 views
Skip to first unread message
Ayoub Zaki
Jun 18, 2026, 10:47:14 AM (7 days ago) Jun 18
to swup...@googlegroups.com, Ayoub Zaki
Commit 9b4671d3 ("fix(openssl): correctly handle failure of
EVP_DigestFinal") changed swupdate_HASH_final() to return 0 on success
and -EIO on failure but did not update the caller in channel_get_file()
which still tested for: != 1
As a result every SSL-enabled channel download fails to compute the
SHA1 and leaves channel_data->sha1hash empty and trips the checksum
mismatch in server_process_update_artifact(). This breaks all hawkBit
deployments built with CONFIG_SURICATTA_SSL=y and surfaces as the
misleading "No suitable .swu image found" error.
Test the return value against < 0 to match the new convention shared
with the mbedtls backend.
Signed-off-by: Ayoub Zaki <ayoub...@embetrix.com>
---
corelib/channel_curl.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/corelib/channel_curl.c b/corelib/channel_curl.c
index d37cf95b..f02e79ca 100644
--- a/corelib/channel_curl.c
+++ b/corelib/channel_curl.c
@@ -1507,7 +1507,7 @@ channel_op_res_t channel_get_file(channel_t *this, void *data)
unsigned char sha1hash[SWUPDATE_SHA_DIGEST_LENGTH];
unsigned int md_len;
(void)md_len;
- if (swupdate_HASH_final(channel_data->dgst, sha1hash, &md_len) != 1) {
+ if (swupdate_HASH_final(channel_data->dgst, sha1hash, &md_len) < 0) {
ERROR("Cannot compute checksum.");
goto cleanup_file;
}
--
2.43.0
EVP_DigestFinal") changed swupdate_HASH_final() to return 0 on success
and -EIO on failure but did not update the caller in channel_get_file()
which still tested for: != 1
As a result every SSL-enabled channel download fails to compute the
SHA1 and leaves channel_data->sha1hash empty and trips the checksum
mismatch in server_process_update_artifact(). This breaks all hawkBit
deployments built with CONFIG_SURICATTA_SSL=y and surfaces as the
misleading "No suitable .swu image found" error.
Test the return value against < 0 to match the new convention shared
with the mbedtls backend.
Signed-off-by: Ayoub Zaki <ayoub...@embetrix.com>
---
corelib/channel_curl.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/corelib/channel_curl.c b/corelib/channel_curl.c
index d37cf95b..f02e79ca 100644
--- a/corelib/channel_curl.c
+++ b/corelib/channel_curl.c
@@ -1507,7 +1507,7 @@ channel_op_res_t channel_get_file(channel_t *this, void *data)
unsigned char sha1hash[SWUPDATE_SHA_DIGEST_LENGTH];
unsigned int md_len;
(void)md_len;
- if (swupdate_HASH_final(channel_data->dgst, sha1hash, &md_len) != 1) {
+ if (swupdate_HASH_final(channel_data->dgst, sha1hash, &md_len) < 0) {
ERROR("Cannot compute checksum.");
goto cleanup_file;
}
--
2.43.0
Stefano Babic
Jun 18, 2026, 11:06:01 AM (7 days ago) Jun 18
to Ayoub Zaki, swup...@googlegroups.com
Hi Ayoub,
Acked-by: Stefano Babic <stefan...@swupdate.org>
I will release then a 2026.05.1 in the week-end...
Thanks,
Stefano
--
_______________________________________________________________________
Nabla Software Engineering GmbH
Hirschstr. 111A | 86156 Augsburg | Tel: +49 821 45592596
Geschäftsführer : Stefano Babic | HRB 40522 Augsburg
E-Mail: sba...@nabladev.com
I will release then a 2026.05.1 in the week-end...
Thanks,
Stefano
--
_______________________________________________________________________
Nabla Software Engineering GmbH
Hirschstr. 111A | 86156 Augsburg | Tel: +49 821 45592596
Geschäftsführer : Stefano Babic | HRB 40522 Augsburg
E-Mail: sba...@nabladev.com
Reply all
Reply to author
Forward
0 new messages