Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package aws-c-cal for openSUSE:Factory checked in at 2025-11-21 16:56:19 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/aws-c-cal (Old) and /work/SRC/openSUSE:Factory/.aws-c-cal.new.2061 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "aws-c-cal" Fri Nov 21 16:56:19 2025 rev:24 rq:1319058 version:0.9.11 Changes: -------- --- /work/SRC/openSUSE:Factory/aws-c-cal/aws-c-cal.changes 2025-11-11 19:21:28.263810567 +0100 +++ /work/SRC/openSUSE:Factory/.aws-c-cal.new.2061/aws-c-cal.changes 2025-11-21 16:57:15.471825513 +0100 @@ -1,0 +2,10 @@ +Thu Nov 20 08:28:21 UTC 2025 - John Paul Adrian Glaubitz <[email protected]> + +- Update to version 0.9.11 + * Fix byo for ecc from asn1 by @DmitriyMusatkin in (#241) +- from version 0.9.10 + * Relax EC keygen to work on all platforms by @DmitriyMusatkin in (#240) +- from version 0.9.9 + * Remove skip test by @azkrishpy in (#239) + +------------------------------------------------------------------- Old: ---- v0.9.8.tar.gz New: ---- v0.9.11.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ aws-c-cal.spec ++++++ --- /var/tmp/diff_new_pack.1agHhN/_old 2025-11-21 16:57:16.347862429 +0100 +++ /var/tmp/diff_new_pack.1agHhN/_new 2025-11-21 16:57:16.351862597 +0100 @@ -19,7 +19,7 @@ %define library_version 1.0.0 %define library_soversion 0unstable Name: aws-c-cal -Version: 0.9.8 +Version: 0.9.11 Release: 0 Summary: AWS C99 wrapper for cryptography primitives License: Apache-2.0 ++++++ v0.9.8.tar.gz -> v0.9.11.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/aws-c-cal-0.9.8/include/aws/cal/ecc.h new/aws-c-cal-0.9.11/include/aws/cal/ecc.h --- old/aws-c-cal-0.9.8/include/aws/cal/ecc.h 2025-10-31 20:07:34.000000000 +0100 +++ new/aws-c-cal-0.9.11/include/aws/cal/ecc.h 2025-11-19 20:17:19.000000000 +0100 @@ -74,21 +74,14 @@ enum aws_ecc_curve_name curve_name, const struct aws_byte_cursor *priv_key); -#if !defined(AWS_OS_IOS) /** * Creates an Elliptic Curve public/private key pair that can be used for signing and verifying. * Returns a new instance of aws_ecc_key_pair if the key was successfully built. * Otherwise returns NULL. - * Note: On Apple platforms this function is only supported on MacOS. This is - * due to usage of SecItemExport, which is only available on MacOS 10.7+ - * (yes, MacOS only and no other Apple platforms). There are alternatives for - * ios and other platforms, but they are ugly to use. Hence for now it only - * supports this call on MacOS. */ AWS_CAL_API struct aws_ecc_key_pair *aws_ecc_key_pair_new_generate_random( struct aws_allocator *allocator, enum aws_ecc_curve_name curve_name); -#endif /* !AWS_OS_IOS */ /** * Creates an Elliptic Curve public key that can be used for verifying. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/aws-c-cal-0.9.8/source/darwin/securityframework_ecc.c new/aws-c-cal-0.9.11/source/darwin/securityframework_ecc.c --- old/aws-c-cal-0.9.8/source/darwin/securityframework_ecc.c 2025-10-31 20:07:34.000000000 +0100 +++ new/aws-c-cal-0.9.11/source/darwin/securityframework_ecc.c 2025-11-19 20:17:19.000000000 +0100 @@ -388,8 +388,7 @@ return NULL; } -#if defined(AWS_OS_MACOS) -struct aws_ecc_key_pair *aws_ecc_key_pair_new_generate_random( +struct aws_ecc_key_pair *aws_ecc_key_pair_new_generate_random_impl( struct aws_allocator *allocator, enum aws_ecc_curve_name curve_name) { struct commoncrypto_ecc_key_pair *cc_key_pair = @@ -399,10 +398,10 @@ return NULL; } - CFDataRef sec_key_export_data = NULL; CFStringRef key_size_cf_str = NULL; CFMutableDictionaryRef key_attributes = NULL; - struct aws_der_decoder *decoder = NULL; + CFErrorRef error = NULL; + CFDataRef keyData = NULL; aws_atomic_init_int(&cc_key_pair->key_pair.ref_count, 1); cc_key_pair->key_pair.impl = cc_key_pair; @@ -439,67 +438,42 @@ CFDictionaryAddValue(key_attributes, kSecAttrKeySizeInBits, key_size_cf_str); - CFErrorRef error = NULL; - cc_key_pair->priv_key_ref = SecKeyCreateRandomKey(key_attributes, &error); if (error) { aws_raise_error(AWS_ERROR_SYS_CALL_FAILURE); - CFRelease(error); goto error; } cc_key_pair->pub_key_ref = SecKeyCopyPublicKey(cc_key_pair->priv_key_ref); - /* OKAY up to here was incredibly reasonable, after this we get attacked by the bad API design - * dragons. - * - * Summary: Apple assumed we'd never need the raw key data. Apple was wrong. So we have to export each component - * into the OpenSSL format (just fancy words for DER), but the public key and private key are exported separately - * for some reason. Anyways, we export the keys, use our handy dandy DER decoder and grab the raw key data out. */ - OSStatus ret_code = SecItemExport(cc_key_pair->priv_key_ref, kSecFormatOpenSSL, 0, NULL, &sec_key_export_data); - - if (ret_code != errSecSuccess) { + /* Get external representation and parse out components. + * SecKeyCopyExternalRepresentation should return 0x | x | y | d for private key */ + keyData = SecKeyCopyExternalRepresentation(cc_key_pair->priv_key_ref, &error); + + if (!keyData || error) { + if (error) { + AWS_LOGF_ERROR( + AWS_LS_CAL_ECC, "SecKeyCopyExternalRepresentation call failed with %ld", CFErrorGetCode(error)); + } aws_raise_error(AWS_ERROR_SYS_CALL_FAILURE); goto error; } - /* now we need to DER decode data */ - struct aws_byte_cursor key_cur = - aws_byte_cursor_from_array(CFDataGetBytePtr(sec_key_export_data), CFDataGetLength(sec_key_export_data)); - - decoder = aws_der_decoder_new(allocator, key_cur); + struct aws_byte_cursor key_data_cur = + aws_byte_cursor_from_array(CFDataGetBytePtr(keyData), CFDataGetLength(keyData)); - if (!decoder) { - goto error; - } - - struct aws_byte_cursor pub_x; - AWS_ZERO_STRUCT(pub_x); - struct aws_byte_cursor pub_y; - AWS_ZERO_STRUCT(pub_y); - struct aws_byte_cursor priv_d; - AWS_ZERO_STRUCT(priv_d); - - if (aws_der_decoder_load_ecc_key_pair(decoder, &pub_x, &pub_y, &priv_d, &curve_name)) { + size_t total_buffer_size = key_coordinate_size * 3 + 1; + if (key_data_cur.len != total_buffer_size) { + AWS_LOGF_ERROR(AWS_LS_CAL_ECC, "Something went wrong. Apple Security Framework didn't return full key data."); + aws_raise_error(AWS_ERROR_SYS_CALL_FAILURE); goto error; } - AWS_ASSERT( - priv_d.len == key_coordinate_size && pub_x.len == key_coordinate_size && pub_y.len == key_coordinate_size && - "Apple Security Framework had better have exported the full pair."); - - size_t total_buffer_size = key_coordinate_size * 3 + 1; - - if (aws_byte_buf_init(&cc_key_pair->key_pair.key_buf, allocator, total_buffer_size)) { + if (aws_byte_buf_init_copy_from_cursor(&cc_key_pair->key_pair.key_buf, allocator, key_data_cur)) { goto error; } - aws_byte_buf_write_u8(&cc_key_pair->key_pair.key_buf, s_preamble); - aws_byte_buf_append(&cc_key_pair->key_pair.key_buf, &pub_x); - aws_byte_buf_append(&cc_key_pair->key_pair.key_buf, &pub_y); - aws_byte_buf_append(&cc_key_pair->key_pair.key_buf, &priv_d); - /* cc_key_pair->key_pair.key_buf is contiguous memory, so just load up the offsets. */ cc_key_pair->key_pair.pub_x = aws_byte_buf_from_array(cc_key_pair->key_pair.key_buf.buffer + 1, key_coordinate_size); @@ -511,36 +485,34 @@ cc_key_pair->key_pair.curve_name = curve_name; cc_key_pair->key_pair.vtable = &s_key_pair_vtable; - CFRelease(sec_key_export_data); + CFRelease(keyData); CFRelease(key_size_cf_str); CFRelease(key_attributes); - aws_der_decoder_destroy(decoder); return &cc_key_pair->key_pair; error: - if (decoder) { - aws_der_decoder_destroy(decoder); + if (keyData) { + CFRelease(keyData); } if (key_attributes) { CFRelease(key_attributes); } - if (sec_key_export_data) { - CFRelease(sec_key_export_data); - } - if (key_size_cf_str) { CFRelease(key_size_cf_str); } + if (error) { + CFRelease(error); + } + s_destroy_key(&cc_key_pair->key_pair); return NULL; } -#endif /* AWS_OS_MACOS */ -struct aws_ecc_key_pair *aws_ecc_key_pair_new_from_asn1( +struct aws_ecc_key_pair *aws_ecc_key_pair_new_from_asn1_impl( struct aws_allocator *allocator, const struct aws_byte_cursor *encoded_keys) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/aws-c-cal-0.9.8/source/ecc.c new/aws-c-cal-0.9.11/source/ecc.c --- old/aws-c-cal-0.9.8/source/ecc.c 2025-10-31 20:07:34.000000000 +0100 +++ new/aws-c-cal-0.9.11/source/ecc.c 2025-11-19 20:17:19.000000000 +0100 @@ -71,6 +71,12 @@ enum aws_ecc_curve_name curve_name, const struct aws_byte_cursor *priv_key); +typedef struct aws_ecc_key_pair *(aws_ecc_key_pair_new_from_asn1_fn)(struct aws_allocator *allocator, + const struct aws_byte_cursor *encoded_keys); + +typedef struct aws_ecc_key_pair *(aws_ecc_key_pair_new_generate_random_fn)(struct aws_allocator *allocator, + enum aws_ecc_curve_name curve_name); + #ifndef BYO_CRYPTO extern struct aws_ecc_key_pair *aws_ecc_key_pair_new_from_public_key_impl( @@ -84,6 +90,14 @@ enum aws_ecc_curve_name curve_name, const struct aws_byte_cursor *priv_key); +extern struct aws_ecc_key_pair *aws_ecc_key_pair_new_from_asn1_impl( + struct aws_allocator *allocator, + const struct aws_byte_cursor *encoded_keys); + +extern struct aws_ecc_key_pair *aws_ecc_key_pair_new_generate_random_impl( + struct aws_allocator *allocator, + enum aws_ecc_curve_name curve_name); + #else /* BYO_CRYPTO */ struct aws_ecc_key_pair *aws_ecc_key_pair_new_from_public_key_impl( @@ -108,6 +122,22 @@ abort(); } +struct aws_ecc_key_pair *aws_ecc_key_pair_new_from_asn1_impl( + struct aws_allocator *allocator, + const struct aws_byte_cursor *encoded_keys) { + (void)allocator; + (void)encoded_keys; + abort(); +} + +struct aws_ecc_key_pair *aws_ecc_key_pair_new_generate_random_impl( + struct aws_allocator *allocator, + enum aws_ecc_curve_name curve_name) { + (void)allocator; + (void)curve_name; + abort(); +} + #endif /* BYO_CRYPTO */ static aws_ecc_key_pair_new_from_public_key_fn *s_ecc_key_pair_new_from_public_key_fn = @@ -116,6 +146,11 @@ static aws_ecc_key_pair_new_from_private_key_fn *s_ecc_key_pair_new_from_private_key_fn = aws_ecc_key_pair_new_from_private_key_impl; +static aws_ecc_key_pair_new_from_asn1_fn *s_ecc_key_pair_new_from_asn1_fn = aws_ecc_key_pair_new_from_asn1_impl; + +static aws_ecc_key_pair_new_generate_random_fn *s_ecc_key_pair_new_generate_random1_fn = + aws_ecc_key_pair_new_generate_random_impl; + struct aws_ecc_key_pair *aws_ecc_key_pair_new_from_public_key( struct aws_allocator *allocator, enum aws_ecc_curve_name curve_name, @@ -131,6 +166,18 @@ return s_ecc_key_pair_new_from_private_key_fn(allocator, curve_name, priv_key); } +struct aws_ecc_key_pair *aws_ecc_key_pair_new_from_asn1( + struct aws_allocator *allocator, + const struct aws_byte_cursor *encoded_keys) { + return s_ecc_key_pair_new_from_asn1_fn(allocator, encoded_keys); +} + +struct aws_ecc_key_pair *aws_ecc_key_pair_new_generate_random( + struct aws_allocator *allocator, + enum aws_ecc_curve_name curve_name) { + return s_ecc_key_pair_new_generate_random1_fn(allocator, curve_name); +} + static void s_aws_ecc_key_pair_destroy(struct aws_ecc_key_pair *key_pair) { if (key_pair) { AWS_FATAL_ASSERT(key_pair->vtable->destroy && "ECC KEY PAIR destroy function must be included on the vtable"); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/aws-c-cal-0.9.8/source/unix/opensslcrypto_ecc.c new/aws-c-cal-0.9.11/source/unix/opensslcrypto_ecc.c --- old/aws-c-cal-0.9.8/source/unix/opensslcrypto_ecc.c 2025-10-31 20:07:34.000000000 +0100 +++ new/aws-c-cal-0.9.11/source/unix/opensslcrypto_ecc.c 2025-11-19 20:17:19.000000000 +0100 @@ -191,7 +191,7 @@ return &key_impl->key_pair; } -struct aws_ecc_key_pair *aws_ecc_key_pair_new_generate_random( +struct aws_ecc_key_pair *aws_ecc_key_pair_new_generate_random_impl( struct aws_allocator *allocator, enum aws_ecc_curve_name curve_name) { struct libcrypto_ecc_key *key_impl = aws_mem_calloc(allocator, 1, sizeof(struct libcrypto_ecc_key)); @@ -313,7 +313,7 @@ return NULL; } -struct aws_ecc_key_pair *aws_ecc_key_pair_new_from_asn1( +struct aws_ecc_key_pair *aws_ecc_key_pair_new_from_asn1_impl( struct aws_allocator *allocator, const struct aws_byte_cursor *encoded_keys) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/aws-c-cal-0.9.8/source/windows/bcrypt_ecc.c new/aws-c-cal-0.9.11/source/windows/bcrypt_ecc.c --- old/aws-c-cal-0.9.8/source/windows/bcrypt_ecc.c 2025-10-31 20:07:34.000000000 +0100 +++ new/aws-c-cal-0.9.11/source/windows/bcrypt_ecc.c 2025-11-19 20:17:19.000000000 +0100 @@ -363,7 +363,7 @@ return s_alloc_pair_and_init_buffers(allocator, curve_name, *public_key_x, *public_key_y, empty); } -struct aws_ecc_key_pair *aws_ecc_key_pair_new_generate_random( +struct aws_ecc_key_pair *aws_ecc_key_pair_new_generate_random_impl( struct aws_allocator *allocator, enum aws_ecc_curve_name curve_name) { aws_thread_call_once(&s_ecdsa_thread_once, s_load_alg_handle, NULL); @@ -432,7 +432,7 @@ return NULL; } -struct aws_ecc_key_pair *aws_ecc_key_pair_new_from_asn1( +struct aws_ecc_key_pair *aws_ecc_key_pair_new_from_asn1_impl( struct aws_allocator *allocator, const struct aws_byte_cursor *encoded_keys) { struct aws_der_decoder *decoder = aws_der_decoder_new(allocator, *encoded_keys); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/aws-c-cal-0.9.8/tests/hkdf_test.c new/aws-c-cal-0.9.11/tests/hkdf_test.c --- old/aws-c-cal-0.9.8/tests/hkdf_test.c 2025-10-31 20:07:34.000000000 +0100 +++ new/aws-c-cal-0.9.11/tests/hkdf_test.c 2025-11-19 20:17:19.000000000 +0100 @@ -16,14 +16,6 @@ static int s_hkdf_derive_test_case_1(struct aws_allocator *allocator, void *ctx) { (void)ctx; -#if defined(AWS_OS_LINUX) -# if defined(OPENSSL_IS_OPENSSL) -# if OPENSSL_VERSION_NUMBER < 0x10100000 - return AWS_OP_SKIP; -# endif -# endif -#endif - aws_cal_library_init(allocator); uint8_t ikm[] = {0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, @@ -58,14 +50,6 @@ static int s_hkdf_derive_test_case_2(struct aws_allocator *allocator, void *ctx) { (void)ctx; -#if defined(AWS_OS_LINUX) -# if defined(OPENSSL_IS_OPENSSL) -# if OPENSSL_VERSION_NUMBER < 0x10100000 - return AWS_OP_SKIP; -# endif -# endif -#endif - aws_cal_library_init(allocator); uint8_t ikm[] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, @@ -114,14 +98,6 @@ static int s_hkdf_derive_test_case_3(struct aws_allocator *allocator, void *ctx) { (void)ctx; -#if defined(AWS_OS_LINUX) -# if defined(OPENSSL_IS_OPENSSL) -# if OPENSSL_VERSION_NUMBER < 0x10100000 - return AWS_OP_SKIP; -# endif -# endif -#endif - aws_cal_library_init(allocator); uint8_t ikm[] = {0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
