Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package aws-c-cal for openSUSE:Factory
checked in at 2024-11-21 15:19:39
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/aws-c-cal (Old)
and /work/SRC/openSUSE:Factory/.aws-c-cal.new.28523 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "aws-c-cal"
Thu Nov 21 15:19:39 2024 rev:12 rq:1225588 version:0.8.1
Changes:
--------
--- /work/SRC/openSUSE:Factory/aws-c-cal/aws-c-cal.changes 2024-10-27
11:25:19.630534177 +0100
+++ /work/SRC/openSUSE:Factory/.aws-c-cal.new.28523/aws-c-cal.changes
2024-11-21 15:19:51.728532719 +0100
@@ -1,0 +2,8 @@
+Thu Nov 21 10:41:52 UTC 2024 - John Paul Adrian Glaubitz
<adrian.glaub...@suse.com>
+
+- Update to version 0.8.1
+ * chore: Modified bug issue template to add checkbox to
+ report potential regression. by @ashishdhingra in (#199)
+ * RSA PKCS1.5 SHA1 signing by @DmitriyMusatkin in (#201)
+
+-------------------------------------------------------------------
Old:
----
v0.8.0.tar.gz
New:
----
v0.8.1.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ aws-c-cal.spec ++++++
--- /var/tmp/diff_new_pack.hCkFid/_old 2024-11-21 15:19:53.580609707 +0100
+++ /var/tmp/diff_new_pack.hCkFid/_new 2024-11-21 15:19:53.596610372 +0100
@@ -19,7 +19,7 @@
%define library_version 1.0.0
%define library_soversion 0unstable
Name: aws-c-cal
-Version: 0.8.0
+Version: 0.8.1
Release: 0
Summary: AWS C99 wrapper for cryptography primitives
License: Apache-2.0
++++++ v0.8.0.tar.gz -> v0.8.1.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/aws-c-cal-0.8.0/.github/ISSUE_TEMPLATE/bug-report.yml
new/aws-c-cal-0.8.1/.github/ISSUE_TEMPLATE/bug-report.yml
--- old/aws-c-cal-0.8.0/.github/ISSUE_TEMPLATE/bug-report.yml 2024-10-23
18:57:41.000000000 +0200
+++ new/aws-c-cal-0.8.1/.github/ISSUE_TEMPLATE/bug-report.yml 2024-11-16
00:46:20.000000000 +0100
@@ -12,6 +12,14 @@
description: What is the problem? A clear and concise description of the
bug.
validations:
required: true
+ - type: checkboxes
+ id: regression
+ attributes:
+ label: Regression Issue
+ description: What is a regression? If it worked in a previous version
but doesn't in the latest version, it's considered a regression. In this case,
please provide specific version number in the report.
+ options:
+ - label: Select this option if this issue appears to be a regression.
+ required: false
- type: textarea
id: expected
attributes:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/aws-c-cal-0.8.0/.github/workflows/issue-regression-labeler.yml
new/aws-c-cal-0.8.1/.github/workflows/issue-regression-labeler.yml
--- old/aws-c-cal-0.8.0/.github/workflows/issue-regression-labeler.yml
1970-01-01 01:00:00.000000000 +0100
+++ new/aws-c-cal-0.8.1/.github/workflows/issue-regression-labeler.yml
2024-11-16 00:46:20.000000000 +0100
@@ -0,0 +1,32 @@
+# Apply potential regression label on issues
+name: issue-regression-label
+on:
+ issues:
+ types: [opened, edited]
+jobs:
+ add-regression-label:
+ runs-on: ubuntu-latest
+ permissions:
+ issues: write
+ steps:
+ - name: Fetch template body
+ id: check_regression
+ uses: actions/github-script@v7
+ env:
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ TEMPLATE_BODY: ${{ github.event.issue.body }}
+ with:
+ script: |
+ const regressionPattern = /\[x\] Select this option if this issue
appears to be a regression\./i;
+ const template = `${process.env.TEMPLATE_BODY}`
+ const match = regressionPattern.test(template);
+ core.setOutput('is_regression', match);
+ - name: Manage regression label
+ env:
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ run: |
+ if [ "${{ steps.check_regression.outputs.is_regression }}" == "true"
]; then
+ gh issue edit ${{ github.event.issue.number }} --add-label
"potential-regression" -R ${{ github.repository }}
+ else
+ gh issue edit ${{ github.event.issue.number }} --remove-label
"potential-regression" -R ${{ github.repository }}
+ fi
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/aws-c-cal-0.8.0/include/aws/cal/rsa.h
new/aws-c-cal-0.8.1/include/aws/cal/rsa.h
--- old/aws-c-cal-0.8.0/include/aws/cal/rsa.h 2024-10-23 18:57:41.000000000
+0200
+++ new/aws-c-cal-0.8.1/include/aws/cal/rsa.h 2024-11-16 00:46:20.000000000
+0100
@@ -19,6 +19,7 @@
enum aws_rsa_signature_algorithm {
AWS_CAL_RSA_SIGNATURE_PKCS1_5_SHA256,
+ AWS_CAL_RSA_SIGNATURE_PKCS1_5_SHA1,
AWS_CAL_RSA_SIGNATURE_PSS_SHA256,
};
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/aws-c-cal-0.8.0/source/darwin/securityframework_rsa.c
new/aws-c-cal-0.8.1/source/darwin/securityframework_rsa.c
--- old/aws-c-cal-0.8.0/source/darwin/securityframework_rsa.c 2024-10-23
18:57:41.000000000 +0200
+++ new/aws-c-cal-0.8.1/source/darwin/securityframework_rsa.c 2024-11-16
00:46:20.000000000 +0100
@@ -132,6 +132,9 @@
case AWS_CAL_RSA_SIGNATURE_PKCS1_5_SHA256:
*out = kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA256;
return AWS_OP_SUCCESS;
+ case AWS_CAL_RSA_SIGNATURE_PKCS1_5_SHA1:
+ *out = kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA1;
+ return AWS_OP_SUCCESS;
case AWS_CAL_RSA_SIGNATURE_PSS_SHA256:
#if (defined(__MAC_OS_X_VERSION_MAX_ALLOWED) &&
(__MAC_OS_X_VERSION_MAX_ALLOWED >= 101300 /* macOS 10.13 */)) || \
(defined(__IPHONE_OS_VERSION_MAX_ALLOWED) &&
(__IPHONE_OS_VERSION_MAX_ALLOWED >= 110000 /* iOS v11 */)) || \
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/aws-c-cal-0.8.0/source/rsa.c
new/aws-c-cal-0.8.1/source/rsa.c
--- old/aws-c-cal-0.8.0/source/rsa.c 2024-10-23 18:57:41.000000000 +0200
+++ new/aws-c-cal-0.8.1/source/rsa.c 2024-11-16 00:46:20.000000000 +0100
@@ -145,7 +145,8 @@
AWS_PRECONDITION(aws_byte_cursor_is_valid(&digest));
AWS_FATAL_ASSERT(
- algorithm == AWS_CAL_RSA_SIGNATURE_PKCS1_5_SHA256 || algorithm ==
AWS_CAL_RSA_SIGNATURE_PSS_SHA256);
+ algorithm == AWS_CAL_RSA_SIGNATURE_PKCS1_5_SHA256 || algorithm ==
AWS_CAL_RSA_SIGNATURE_PKCS1_5_SHA1 ||
+ algorithm == AWS_CAL_RSA_SIGNATURE_PSS_SHA256);
if (digest.len > AWS_SHA256_LEN) {
AWS_LOGF_ERROR(
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/aws-c-cal-0.8.0/source/unix/openssl_rsa.c
new/aws-c-cal-0.8.1/source/unix/openssl_rsa.c
--- old/aws-c-cal-0.8.0/source/unix/openssl_rsa.c 2024-10-23
18:57:41.000000000 +0200
+++ new/aws-c-cal-0.8.1/source/unix/openssl_rsa.c 2024-11-16
00:46:20.000000000 +0100
@@ -241,6 +241,15 @@
EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()),
"EVP_PKEY_CTX_set_signature_md")) {
return AWS_OP_ERR;
}
+ } else if (algorithm == AWS_CAL_RSA_SIGNATURE_PKCS1_5_SHA1) {
+ if (s_reinterpret_evp_error_as_crt(
+ EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING),
"EVP_PKEY_CTX_set_rsa_padding")) {
+ return AWS_OP_ERR;
+ }
+ if (s_reinterpret_evp_error_as_crt(
+ EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha1()),
"EVP_PKEY_CTX_set_signature_md")) {
+ return AWS_OP_ERR;
+ }
} else if (algorithm == AWS_CAL_RSA_SIGNATURE_PSS_SHA256) {
if (s_reinterpret_evp_error_as_crt(
EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PSS_PADDING),
"EVP_PKEY_CTX_set_rsa_padding")) {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/aws-c-cal-0.8.0/source/windows/bcrypt_rsa.c
new/aws-c-cal-0.8.1/source/windows/bcrypt_rsa.c
--- old/aws-c-cal-0.8.0/source/windows/bcrypt_rsa.c 2024-10-23
18:57:41.000000000 +0200
+++ new/aws-c-cal-0.8.1/source/windows/bcrypt_rsa.c 2024-11-16
00:46:20.000000000 +0100
@@ -181,6 +181,9 @@
if (algorithm == AWS_CAL_RSA_SIGNATURE_PKCS1_5_SHA256) {
info->pkcs1.pszAlgId = BCRYPT_SHA256_ALGORITHM;
return AWS_OP_SUCCESS;
+ } else if (algorithm == AWS_CAL_RSA_SIGNATURE_PKCS1_5_SHA1) {
+ info->pkcs1.pszAlgId = BCRYPT_SHA1_ALGORITHM;
+ return AWS_OP_SUCCESS;
} else if (algorithm == AWS_CAL_RSA_SIGNATURE_PSS_SHA256) {
info->pss.pszAlgId = BCRYPT_SHA256_ALGORITHM;
info->pss.cbSalt = 32;
@@ -203,6 +206,8 @@
}
ULONG length_written = 0;
+ bool is_pkcs1_padding =
+ (algorithm == AWS_CAL_RSA_SIGNATURE_PKCS1_5_SHA256 || algorithm ==
AWS_CAL_RSA_SIGNATURE_PKCS1_5_SHA1);
NTSTATUS status = BCryptSignHash(
key_pair_impl->key_handle,
&padding_info,
@@ -211,7 +216,7 @@
out->buffer + out->len,
(ULONG)(out->capacity - out->len),
(ULONG *)&length_written,
- algorithm == AWS_CAL_RSA_SIGNATURE_PKCS1_5_SHA256 ? BCRYPT_PAD_PKCS1 :
BCRYPT_PAD_PSS);
+ is_pkcs1_padding ? BCRYPT_PAD_PKCS1 : BCRYPT_PAD_PSS);
if (s_reinterpret_bc_error_as_crt(status, "BCryptSignHash")) {
goto on_error;
@@ -244,6 +249,8 @@
return aws_raise_error(AWS_ERROR_CAL_UNSUPPORTED_ALGORITHM);
}
/* okay, now we've got a windows compatible signature, let's verify it. */
+ bool is_pkcs1_padding =
+ (algorithm == AWS_CAL_RSA_SIGNATURE_PKCS1_5_SHA256 || algorithm ==
AWS_CAL_RSA_SIGNATURE_PKCS1_5_SHA1);
NTSTATUS status = BCryptVerifySignature(
key_pair_impl->key_handle,
&padding_info,
@@ -251,7 +258,7 @@
(ULONG)digest.len,
signature.ptr,
(ULONG)signature.len,
- algorithm == AWS_CAL_RSA_SIGNATURE_PKCS1_5_SHA256 ? BCRYPT_PAD_PKCS1 :
BCRYPT_PAD_PSS);
+ is_pkcs1_padding ? BCRYPT_PAD_PKCS1 : BCRYPT_PAD_PSS);
if (status == STATUS_INVALID_SIGNATURE) {
return aws_raise_error(AWS_ERROR_CAL_SIGNATURE_VALIDATION_FAILED);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/aws-c-cal-0.8.0/tests/CMakeLists.txt
new/aws-c-cal-0.8.1/tests/CMakeLists.txt
--- old/aws-c-cal-0.8.0/tests/CMakeLists.txt 2024-10-23 18:57:41.000000000
+0200
+++ new/aws-c-cal-0.8.1/tests/CMakeLists.txt 2024-11-16 00:46:20.000000000
+0100
@@ -77,15 +77,18 @@
add_test_case(rsa_encryption_roundtrip_oaep_sha512_from_user)
add_test_case(rsa_signing_roundtrip_pkcs1_sha256_from_user)
add_test_case(rsa_signing_roundtrip_pss_sha256_from_user)
+add_test_case(rsa_signing_roundtrip_pkcs1_sha1_from_user)
add_test_case(rsa_getters)
add_test_case(rsa_private_pkcs1_der_parsing)
add_test_case(rsa_public_pkcs1_der_parsing)
add_test_case(rsa_verify_signing_pkcs1_sha256)
+add_test_case(rsa_verify_signing_pkcs1_sha1)
add_test_case(rsa_verify_signing_pss_sha256)
add_test_case(rsa_decrypt_pkcs1)
add_test_case(rsa_decrypt_oaep256)
add_test_case(rsa_decrypt_oaep512)
add_test_case(rsa_signing_mismatch_pkcs1_sha256)
+add_test_case(rsa_signing_mismatch_pkcs1_sha1)
add_test_case(aes_cbc_NIST_CBCGFSbox256_case_1)
add_test_case(aes_cbc_NIST_CBCVarKey256_case_254)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/aws-c-cal-0.8.0/tests/rsa_test.c
new/aws-c-cal-0.8.1/tests/rsa_test.c
--- old/aws-c-cal-0.8.0/tests/rsa_test.c 2024-10-23 18:57:41.000000000
+0200
+++ new/aws-c-cal-0.8.1/tests/rsa_test.c 2024-11-16 00:46:20.000000000
+0100
@@ -186,6 +186,11 @@
"TYJ45P3c94lQIQD3SVJ3XMSAyAEWTE2pcj0F/oPzzxLcXK9cyv2Iphe4XuBjWCOVdHgFg"
"rD/yAA8b+B94AqE9U/B2+k9/C3Bz2YApo=";
+static const char *TEST_RSA_SIGNATURE_PKCS1_SHA1 =
+ "QJxUx+4OM+v1wh0z0PJWMeGBdvjhQHxjFCdzDLeNH6zoJpgPtFXNk6i83ff75MgPpW0m33"
+ "zrrzLWfzLojZFi2KFXYu1Y39We3AfREEOyG+porTmxNQ4dJH29joXS0XNf52dJpN04Lw3WN"
+ "XUHDP6eG2K71uXlsus2Tm0uBe4TF0g=";
+
static const char *TEST_RSA_SIGNATURE_PSS =
"j//04sVoqQVSmUgH+Id0oad7OgW+hGnIqx6hjr28VnVk75Obig+n3tJGWd0r+3S4ARxf2fK"
"7taVvJXISQ5aWJAYx6QRgR+25rcE96eOfi6L7ShIZIUYFzGxhc9wpUMGbqHEIhm+8QP7uNo4D"
"FmaPzJMgGDKL2qhedxnjtg3p8E4=";
@@ -247,6 +252,44 @@
}
AWS_TEST_CASE(rsa_verify_signing_pkcs1_sha256,
s_rsa_verify_signing_pkcs1_sha256);
+static int s_rsa_verify_signing_pkcs1_sha1(struct aws_allocator *allocator,
void *ctx) {
+ (void)ctx;
+ struct aws_byte_cursor message =
aws_byte_cursor_from_c_str(TEST_ENCRYPTION_STRING);
+
+ aws_cal_library_init(allocator);
+
+ struct aws_byte_buf public_key_buf;
+ ASSERT_SUCCESS(s_byte_buf_decoded_from_base64_cur(
+ allocator, aws_byte_cursor_from_c_str(TEST_PKCS1_RSA_PUBLIC_KEY_1024),
&public_key_buf));
+ struct aws_rsa_key_pair *key_pair_public =
+ aws_rsa_key_pair_new_from_public_key_pkcs1(allocator,
aws_byte_cursor_from_buf(&public_key_buf));
+ ASSERT_NOT_NULL(key_pair_public);
+
+ uint8_t hash[AWS_SHA1_LEN];
+ AWS_ZERO_ARRAY(hash);
+ struct aws_byte_buf hash_value = aws_byte_buf_from_empty_array(hash,
sizeof(hash));
+ aws_sha1_compute(allocator, &message, &hash_value, 0);
+ struct aws_byte_cursor hash_cur = aws_byte_cursor_from_buf(&hash_value);
+
+ struct aws_byte_buf signature_buf;
+ ASSERT_SUCCESS(s_byte_buf_decoded_from_base64_cur(
+ allocator, aws_byte_cursor_from_c_str(TEST_RSA_SIGNATURE_PKCS1_SHA1),
&signature_buf));
+ struct aws_byte_cursor signature_cur =
aws_byte_cursor_from_buf(&signature_buf);
+
+ ASSERT_SUCCESS(aws_rsa_key_pair_verify_signature(
+ key_pair_public, AWS_CAL_RSA_SIGNATURE_PKCS1_5_SHA1, hash_cur,
signature_cur));
+
+ aws_byte_buf_clean_up(&hash_value);
+ aws_byte_buf_clean_up(&signature_buf);
+ aws_byte_buf_clean_up(&public_key_buf);
+ aws_rsa_key_pair_release(key_pair_public);
+
+ aws_cal_library_clean_up();
+
+ return AWS_OP_SUCCESS;
+}
+AWS_TEST_CASE(rsa_verify_signing_pkcs1_sha1, s_rsa_verify_signing_pkcs1_sha1);
+
static int s_rsa_verify_signing_pss_sha256(struct aws_allocator *allocator,
void *ctx) {
(void)ctx;
struct aws_byte_cursor message =
aws_byte_cursor_from_c_str(TEST_ENCRYPTION_STRING);
@@ -410,7 +453,12 @@
uint8_t hash[AWS_SHA256_LEN];
AWS_ZERO_ARRAY(hash);
struct aws_byte_buf hash_value = aws_byte_buf_from_empty_array(hash,
sizeof(hash));
- aws_sha256_compute(allocator, &message, &hash_value, 0);
+ if (algo == AWS_CAL_RSA_SIGNATURE_PKCS1_5_SHA1) {
+ aws_sha1_compute(allocator, &message, &hash_value, 0);
+ } else {
+ aws_sha256_compute(allocator, &message, &hash_value, 0);
+ }
+
struct aws_byte_cursor hash_cur = aws_byte_cursor_from_buf(&hash_value);
/*since our apis work by appending to buffer, lets make sure they dont
@@ -494,6 +542,20 @@
}
AWS_TEST_CASE(rsa_signing_roundtrip_pkcs1_sha256_from_user,
s_rsa_signing_roundtrip_pkcs1_sha256_from_user);
+static int s_rsa_signing_roundtrip_pkcs1_sha1_from_user(struct aws_allocator
*allocator, void *ctx) {
+ (void)ctx;
+
+ aws_cal_library_init(allocator);
+
+ ASSERT_SUCCESS(s_rsa_signing_roundtrip_from_user(
+ allocator, AWS_CAL_RSA_SIGNATURE_PKCS1_5_SHA1,
TEST_RSA_SIGNATURE_PKCS1_SHA1));
+
+ aws_cal_library_clean_up();
+
+ return AWS_OP_SUCCESS;
+}
+AWS_TEST_CASE(rsa_signing_roundtrip_pkcs1_sha1_from_user,
s_rsa_signing_roundtrip_pkcs1_sha1_from_user);
+
static int s_rsa_signing_roundtrip_pss_sha256_from_user(struct aws_allocator
*allocator, void *ctx) {
(void)ctx;
@@ -747,3 +809,59 @@
return AWS_OP_SUCCESS;
}
AWS_TEST_CASE(rsa_signing_mismatch_pkcs1_sha256,
s_rsa_signing_mismatch_pkcs1_sha256);
+
+static int s_rsa_signing_mismatch_pkcs1_sha1(struct aws_allocator *allocator,
void *ctx) {
+ (void)ctx;
+ struct aws_byte_cursor message =
aws_byte_cursor_from_c_str(TEST_ENCRYPTION_STRING);
+
+ aws_cal_library_init(allocator);
+
+ struct aws_byte_buf public_key_buf;
+ ASSERT_SUCCESS(s_byte_buf_decoded_from_base64_cur(
+ allocator,
aws_byte_cursor_from_c_str(TEST_PKCS1_RSA_PRIVATE_KEY_1024), &public_key_buf));
+ struct aws_rsa_key_pair *key_pair_private =
+ aws_rsa_key_pair_new_from_private_key_pkcs1(allocator,
aws_byte_cursor_from_buf(&public_key_buf));
+ ASSERT_NOT_NULL(key_pair_private);
+
+ uint8_t hash[AWS_SHA1_LEN];
+ AWS_ZERO_ARRAY(hash);
+ struct aws_byte_buf hash_value = aws_byte_buf_from_empty_array(hash,
sizeof(hash));
+ aws_sha1_compute(allocator, &message, &hash_value, 0);
+ struct aws_byte_cursor hash_cur = aws_byte_cursor_from_buf(&hash_value);
+
+ struct aws_byte_buf signature_buf;
+ ASSERT_SUCCESS(aws_byte_buf_init(&signature_buf, allocator,
aws_rsa_key_pair_signature_length(key_pair_private)));
+ ASSERT_SUCCESS(
+ aws_rsa_key_pair_sign_message(key_pair_private,
AWS_CAL_RSA_SIGNATURE_PKCS1_5_SHA1, hash_cur, &signature_buf));
+ struct aws_byte_cursor signature_cur =
aws_byte_cursor_from_buf(&signature_buf);
+
+ hash[5] += 59; /* modify digest to force signature mismatch */
+
+ ASSERT_ERROR(
+ AWS_ERROR_CAL_SIGNATURE_VALIDATION_FAILED,
+ aws_rsa_key_pair_verify_signature(
+ key_pair_private, AWS_CAL_RSA_SIGNATURE_PKCS1_5_SHA1, hash_cur,
signature_cur));
+
+ hash[5] -= 59; /* undo digest modification and corrupt signature */
+ signature_buf.buffer[5] += 59;
+ ASSERT_ERROR(
+ AWS_ERROR_CAL_SIGNATURE_VALIDATION_FAILED,
+ aws_rsa_key_pair_verify_signature(
+ key_pair_private, AWS_CAL_RSA_SIGNATURE_PKCS1_5_SHA1, hash_cur,
signature_cur));
+
+ struct aws_byte_cursor short_signature_cur =
aws_byte_cursor_from_c_str("bad signature");
+ ASSERT_ERROR(
+ AWS_ERROR_CAL_SIGNATURE_VALIDATION_FAILED,
+ aws_rsa_key_pair_verify_signature(
+ key_pair_private, AWS_CAL_RSA_SIGNATURE_PKCS1_5_SHA1, hash_cur,
short_signature_cur));
+
+ aws_byte_buf_clean_up(&hash_value);
+ aws_byte_buf_clean_up(&signature_buf);
+ aws_byte_buf_clean_up(&public_key_buf);
+ aws_rsa_key_pair_release(key_pair_private);
+
+ aws_cal_library_clean_up();
+
+ return AWS_OP_SUCCESS;
+}
+AWS_TEST_CASE(rsa_signing_mismatch_pkcs1_sha1,
s_rsa_signing_mismatch_pkcs1_sha1);
