Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package aws-c-cal for openSUSE:Factory checked in at 2025-12-01 11:14:45 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/aws-c-cal (Old) and /work/SRC/openSUSE:Factory/.aws-c-cal.new.14147 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "aws-c-cal" Mon Dec 1 11:14:45 2025 rev:25 rq:1320659 version:0.9.13 Changes: -------- --- /work/SRC/openSUSE:Factory/aws-c-cal/aws-c-cal.changes 2025-11-21 16:57:15.471825513 +0100 +++ /work/SRC/openSUSE:Factory/.aws-c-cal.new.14147/aws-c-cal.changes 2025-12-01 11:15:30.740071229 +0100 @@ -1,0 +2,10 @@ +Thu Nov 27 11:15:11 UTC 2025 - John Paul Adrian Glaubitz <[email protected]> + +- Update to version 0.9.13 + * Support static buffers in ecc signature helpers + by @DmitriyMusatkin in (#243) +- from version 0.9.12 + * Add helper to convert signature to padded r and s pair + by @DmitriyMusatkin in (#242) + +------------------------------------------------------------------- Old: ---- v0.9.11.tar.gz New: ---- v0.9.13.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ aws-c-cal.spec ++++++ --- /var/tmp/diff_new_pack.ZJUGmu/_old 2025-12-01 11:15:31.552105603 +0100 +++ /var/tmp/diff_new_pack.ZJUGmu/_new 2025-12-01 11:15:31.552105603 +0100 @@ -19,7 +19,7 @@ %define library_version 1.0.0 %define library_soversion 0unstable Name: aws-c-cal -Version: 0.9.11 +Version: 0.9.13 Release: 0 Summary: AWS C99 wrapper for cryptography primitives License: Apache-2.0 ++++++ v0.9.11.tar.gz -> v0.9.13.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/aws-c-cal-0.9.11/include/aws/cal/ecc.h new/aws-c-cal-0.9.13/include/aws/cal/ecc.h --- old/aws-c-cal-0.9.11/include/aws/cal/ecc.h 2025-11-19 20:17:19.000000000 +0100 +++ new/aws-c-cal-0.9.13/include/aws/cal/ecc.h 2025-11-26 19:34:13.000000000 +0100 @@ -190,6 +190,7 @@ /* * Helper to decode ECDSA signature from DER format to base components R and S. + * Does not pad and returns values as they are in DER. r and s might be smaller than coord size */ AWS_CAL_API int aws_ecc_decode_signature_der_to_raw( struct aws_allocator *allocator, @@ -198,6 +199,19 @@ struct aws_byte_cursor *out_s); /* + * Helper to decode ECDSA signature from DER format to padded R || S. + * Common jwt format. + * Pads each R and S to pad_to. + * Returns error if pad_to is less than len of r or s. + * use aws_ecc_decode_signature_der_to_raw if you need unpadded values + */ +AWS_CAL_API int aws_ecc_decode_signature_der_to_raw_padded( + struct aws_allocator *allocator, + struct aws_byte_cursor signature, + struct aws_byte_buf *out, + size_t pad_to); + +/* * Helper to encode ECDSA signature from raw format (R and S) to DER. * out_signature must be initialized and must be able to fit signature */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/aws-c-cal-0.9.11/source/ecc.c new/aws-c-cal-0.9.13/source/ecc.c --- old/aws-c-cal-0.9.11/source/ecc.c 2025-11-19 20:17:19.000000000 +0100 +++ new/aws-c-cal-0.9.13/source/ecc.c 2025-11-26 19:34:13.000000000 +0100 @@ -712,6 +712,22 @@ return key; } +static struct aws_byte_cursor s_null_byte_cursor = AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("\0"); + +static int s_write_component_padded(struct aws_byte_buf *buf, struct aws_byte_cursor component, size_t pad_to) { + for (size_t pad = 0; pad < pad_to - component.len; ++pad) { + if (aws_byte_buf_append(buf, &s_null_byte_cursor)) { + return AWS_OP_ERR; + } + } + + if (aws_byte_buf_append(buf, &component)) { + return AWS_OP_ERR; + } + + return AWS_OP_SUCCESS; +} + int aws_ecc_decode_signature_der_to_raw( struct aws_allocator *allocator, struct aws_byte_cursor signature, @@ -757,6 +773,44 @@ return AWS_OP_ERR; } +int aws_ecc_decode_signature_der_to_raw_padded( + struct aws_allocator *allocator, + struct aws_byte_cursor signature, + struct aws_byte_buf *out, + size_t pad_to) { + struct aws_byte_cursor r; + AWS_ZERO_STRUCT(r); + struct aws_byte_cursor s; + AWS_ZERO_STRUCT(s); + + AWS_ERROR_PRECONDITION(allocator); + AWS_ERROR_PRECONDITION(out); + AWS_ERROR_PRECONDITION(pad_to <= 256); + + if (aws_ecc_decode_signature_der_to_raw(allocator, signature, &r, &s)) { + return AWS_OP_ERR; + } + + if (r.len > pad_to || s.len > pad_to) { + return aws_raise_error(AWS_ERROR_INVALID_ARGUMENT); + } + + size_t available_write_space = out->capacity - out->len; + + if (available_write_space < (2 * pad_to)) { + return aws_raise_error(AWS_ERROR_INVALID_BUFFER_SIZE); + } + + size_t old_len = out->len; + + if (s_write_component_padded(out, r, pad_to) || s_write_component_padded(out, s, pad_to)) { + out->len = old_len; + return AWS_OP_ERR; + } + + return AWS_OP_SUCCESS; +} + static bool s_trim_zeros_predicate(uint8_t value) { return value == 0; } @@ -811,20 +865,6 @@ return AWS_OP_ERR; } -int s_write_coord_padded(struct aws_byte_buf *buf, struct aws_byte_cursor coord, size_t pad_to) { - for (size_t pad = 0; pad < pad_to - coord.len; ++pad) { - if (aws_byte_buf_append_byte_dynamic(buf, 0x0)) { - return AWS_OP_ERR; - } - } - - if (aws_byte_buf_append(buf, &coord)) { - return AWS_OP_ERR; - } - - return AWS_OP_SUCCESS; -} - /* * Export key to a sec1 container. Aka "EC PRIVATE KEY" in pem * ECPrivateKey ::= SEQUENCE { @@ -891,12 +931,12 @@ size_t coord_size = aws_ecc_key_coordinate_byte_size_from_curve_name(key_pair->curve_name); struct aws_byte_cursor pub_x_cur = aws_byte_cursor_from_buf(&key_pair->pub_x); - if (s_write_coord_padded(&pub_buf, pub_x_cur, coord_size)) { + if (s_write_component_padded(&pub_buf, pub_x_cur, coord_size)) { goto on_error_pub_key; } struct aws_byte_cursor pub_y_cur = aws_byte_cursor_from_buf(&key_pair->pub_y); - if (s_write_coord_padded(&pub_buf, pub_y_cur, coord_size)) { + if (s_write_component_padded(&pub_buf, pub_y_cur, coord_size)) { goto on_error_pub_key; } @@ -1088,12 +1128,12 @@ size_t coord_size = aws_ecc_key_coordinate_byte_size_from_curve_name(key_pair->curve_name); struct aws_byte_cursor pub_x_cur = aws_byte_cursor_from_buf(&key_pair->pub_x); - if (s_write_coord_padded(&pub_buf, pub_x_cur, coord_size)) { + if (s_write_component_padded(&pub_buf, pub_x_cur, coord_size)) { goto on_pub_error; } struct aws_byte_cursor pub_y_cur = aws_byte_cursor_from_buf(&key_pair->pub_y); - if (s_write_coord_padded(&pub_buf, pub_y_cur, coord_size)) { + if (s_write_component_padded(&pub_buf, pub_y_cur, coord_size)) { goto on_pub_error; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/aws-c-cal-0.9.11/tests/CMakeLists.txt new/aws-c-cal-0.9.13/tests/CMakeLists.txt --- old/aws-c-cal-0.9.11/tests/CMakeLists.txt 2025-11-19 20:17:19.000000000 +0100 +++ new/aws-c-cal-0.9.13/tests/CMakeLists.txt 2025-11-26 19:34:13.000000000 +0100 @@ -100,6 +100,7 @@ add_test_case(ecdsa_export_sec1_roundtrip) add_test_case(ecdsa_export_pkcs8_roundtrip) add_test_case(ecdsa_export_spki_roundtrip) +add_test_case(ecdsa_signature_decode_helper) add_test_case(rsa_encryption_roundtrip_pkcs1_from_user) add_test_case(rsa_encryption_roundtrip_oaep_sha256_from_user) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/aws-c-cal-0.9.11/tests/ecc_test.c new/aws-c-cal-0.9.13/tests/ecc_test.c --- old/aws-c-cal-0.9.11/tests/ecc_test.c 2025-11-19 20:17:19.000000000 +0100 +++ new/aws-c-cal-0.9.13/tests/ecc_test.c 2025-11-26 19:34:13.000000000 +0100 @@ -1019,6 +1019,55 @@ } AWS_TEST_CASE(ecdsa_signature_encode_helper_roundtrip, s_ecdsa_signature_encode_helper_roundtrip); +AWS_STATIC_STRING_FROM_LITERAL( + s_signature_value_short, + "3042021f2d2aadcebc1b3f78ecd112539ec0e3447b375f6a99ca0b27b54c31da0e6c5e021f47fb3dbdffb858f4ba8a03e7b483e6b8c946a80a" + "d846fa800ad8cac53f8ebd"); + +static int s_ecdsa_signature_decode_helper(struct aws_allocator *allocator, void *ctx) { + (void)ctx; + aws_cal_library_test_init(allocator); + + struct aws_byte_cursor signature_value_cursor = aws_byte_cursor_from_string(s_signature_value_short); + size_t binary_length = 0; + if (aws_hex_compute_decoded_len(signature_value_cursor.len, &binary_length)) { + return AWS_OP_ERR; + } + struct aws_byte_buf binary_signature; + AWS_ZERO_STRUCT(binary_signature); + + aws_byte_buf_init(&binary_signature, allocator, binary_length); + + ASSERT_SUCCESS(aws_hex_decode(&signature_value_cursor, &binary_signature)); + + struct aws_byte_cursor r; + AWS_ZERO_STRUCT(r); + struct aws_byte_cursor s; + AWS_ZERO_STRUCT(s); + struct aws_byte_cursor bin_cursor = aws_byte_cursor_from_buf(&binary_signature); + + uint8_t decoded[64] = {0}; + struct aws_byte_buf decoded_buf = aws_byte_buf_from_empty_array(decoded, 64); + + ASSERT_SUCCESS(aws_ecc_decode_signature_der_to_raw_padded(allocator, bin_cursor, &decoded_buf, 32)); + + uint8_t expected_out[] = {0x00, 0x2d, 0x2a, 0xad, 0xce, 0xbc, 0x1b, 0x3f, 0x78, 0xec, 0xd1, 0x12, 0x53, + 0x9e, 0xc0, 0xe3, 0x44, 0x7b, 0x37, 0x5f, 0x6a, 0x99, 0xca, 0x0b, 0x27, 0xb5, + 0x4c, 0x31, 0xda, 0x0e, 0x6c, 0x5e, 0x00, 0x47, 0xfb, 0x3d, 0xbd, 0xff, 0xb8, + 0x58, 0xf4, 0xba, 0x8a, 0x03, 0xe7, 0xb4, 0x83, 0xe6, 0xb8, 0xc9, 0x46, 0xa8, + 0x0a, 0xd8, 0x46, 0xfa, 0x80, 0x0a, 0xd8, 0xca, 0xc5, 0x3f, 0x8e, 0xbd}; + struct aws_byte_cursor expected_out_cur = aws_byte_cursor_from_array(expected_out, sizeof(expected_out)); + + ASSERT_BIN_ARRAYS_EQUALS(expected_out_cur.ptr, expected_out_cur.len, decoded_buf.buffer, decoded_buf.len); + + aws_byte_buf_clean_up(&decoded_buf); + aws_byte_buf_clean_up(&binary_signature); + + aws_cal_library_clean_up(); + return AWS_OP_SUCCESS; +} +AWS_TEST_CASE(ecdsa_signature_decode_helper, s_ecdsa_signature_decode_helper); + static int s_ecdsa_export_sec1_roundtrip(struct aws_allocator *allocator, void *ctx) { (void)ctx; aws_cal_library_test_init(allocator);
