Refactor ec key import #229
Conversation
| python3 -c "from urllib.request import urlretrieve; urlretrieve('${{ env.BUILDER_HOST }}/${{ env.BUILDER_SOURCE }}/${{ env.BUILDER_VERSION }}/builder.pyz?run=${{ env.RUN }}', 'builder')" | ||
| chmod a+x builder | ||
| ./builder build -p ${{ env.PACKAGE_NAME }} --compiler=gcc --cmake-extra=-DASSERT_LOCK_HELD=ON --coverage |
There was a problem hiding this comment.
> aws --region us-east-1 secretsmanager get-secret-value --secret-id codecov-token
No token found for aws-c-cal, check https://app.codecov.io/github/awslabs/aws-c-cal/settings for token and add it to codecov-token in secret-manager.
This actually failed, but I didn't have the non-zero exit code in the builder...
Should be fixed by awslabs/aws-crt-builder#340
Also, I put the token in the secrete manager now, so it should work now.
Welcome to Codecov 🎉Once you merge this PR into your default branch, you're all set! Codecov will compare coverage reports and display results in all future pull requests. Thanks for integrating Codecov - We've got you covered ☂️ |
| struct aws_byte_cursor *out_public_y_coord, | ||
| struct aws_byte_cursor *out_private_d, | ||
| enum aws_ecc_curve_name *out_curve_name) { | ||
|
|
There was a problem hiding this comment.
let's add a protection against the params are passed in as NULL.
Handle them to fail instead of crash, as this is a public interface.
| aws_byte_cursor_advance(&public_key, 1); | ||
| *out_public_x_coord = public_key; | ||
| out_public_x_coord->len = key_coordinate_size; | ||
| out_public_y_coord->ptr = public_key.ptr + key_coordinate_size; |
There was a problem hiding this comment.
we should add some protection here for possible buffer overflow against bad input or something.
probably use aws_byte_cursor_advance instead?
| * Helper to load keypair from various ASN1 format. | ||
| * Note: there are several formats in the wild: Sec1 and PKCS8 for private key and X509 for public key. | ||
| * This function attempts to automatically recognize the format and load from it. | ||
| * Depending on data available in the asn, either private or public key might remain uninitialized. |
There was a problem hiding this comment.
looks like we zero them out in the implementation
| } | ||
|
|
||
| bool curve_name_recognized = false; | ||
| struct aws_byte_cursor version_cur; |
There was a problem hiding this comment.
AWS_ZERO_STRUCT(version_cur);?
| decoder, out_public_x_coord, out_public_y_coord, out_private_d, out_curve_name) == AWS_OP_SUCCESS) { | ||
| return AWS_OP_SUCCESS; | ||
| } | ||
|
|
There was a problem hiding this comment.
should we reset the decoder here as well?
OR does it make more sense to reset the decode on failure in each of the parsing function?
3 participants
Issue #, if available:
Description of changes:
Replace the logic of iterating through the asn1 structure looking for fields that seem to match expected ec key, with approach of looking for several concrete key structures.
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.