Skip to content

Adding pkeyutl tool to the CLI #2575

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 11 commits into
base: main
Choose a base branch
from
Open

Adding pkeyutl tool to the CLI #2575

wants to merge 11 commits into from

Conversation

smittals2
Copy link
Contributor

@smittals2 smittals2 commented Jul 24, 2025
edited
Loading

Description of changes:

Add pkeutl tool with:
-help
-in
-out
-sign
-verify
-inkey
-sigfile
-pubin
-passin (awaiting #2555 to flesh this out)

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.

@smittals2 smittals2 requested a review from a team as a code owner July 24, 2025 23:45
kingstjo
kingstjo reviewed Jul 25, 2025
View reviewed changes
@smittals2 smittals2 marked this pull request as draft July 28, 2025 23:13
@smittals2 smittals2 marked this pull request as ready for review July 30, 2025 05:40
@codecov-commenter
Copy link

codecov-commenter commented Jul 30, 2025
edited
Loading

Codecov Report

❌ Patch coverage is 58.63309% with 115 lines in your changes missing coverage. Please review.
✅ Project coverage is 78.64%. Comparing base (f10416a) to head (53e5039).
⚠️ Report is 28 commits behind head on main.

Files with missing lines Patch % Lines
tool-openssl/pkeyutl.cc 63.38% 67 Missing ⚠️
tool-openssl/pkeyutl_test.cc 49.47% 48 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #2575      +/-   ##
==========================================
- Coverage   78.73%   78.64%   -0.09%     
==========================================
  Files         645      647       +2     
  Lines      110626   111022     +396     
  Branches    15644    15706      +62     
==========================================
+ Hits        87101    87315     +214     
- Misses      22824    23010     +186     
+ Partials      701      697       -4

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

kingstjo added a commit to kingstjo/aws-lc that referenced this pull request Jul 31, 2025
@kingstjo
fix(genrsa_test): remove redundant file operations causing Windows ac…
37ac664 
…cess violations

Remove redundant ReadFileToString operations in FileOutput test that were
causing 0xc0000005 access violations in Windows/MSYS2 CI environments.

ValidateKeyFile already confirms file existence, validity, and proper
content, making the additional file reads unnecessary and problematic
due to Windows file handle conflicts.

Also renamed FileVsStdoutOutput to FileOutput to better reflect the
actual test purpose.

Fixes Windows CI failures similar to those seen in PR aws#2575.

🤖 Assisted by Amazon Q Developer
@justsmth
Copy link
Contributor

The msys2/ucrt64 CI failures seem related:

tool-openssl/tool_openssl_test failed to complete: exit status 0xc0000005

A "0xc0000005" exit status seems to be associated with memory access violations on Windows.

@smittals2
Copy link
Contributor Author

The msys2/ucrt64 CI failures seem related:

tool-openssl/tool_openssl_test failed to complete: exit status 0xc0000005

A "0xc0000005" exit status seems to be associated with memory access violations on Windows.

Yea I've been trying to debug why we see this. Before opening the file, we stat it to make sure it exists. In this particular use case, the file is created by the test harness, opened via BIO APIs and populated by the pkeyutl tool, and then fails when we try to read the file subsequently to validate it's contents. I added additional explicit instructions to close any BIO handles that may create resource contention but continued seeing this error.

We can see this in the logs here:

> DEBUG: ReadFileToString - Starting for path: C:\Users\RUNNER~1\AppData\Local\Temp\aws91A.tmp
> DEBUG: ReadFileToString - Checking if file exists with stat()
> DEBUG: ReadFileToString - File exists, size: 32 bytes
> DEBUG: ReadFileToString - Opening file stream
> tool-openssl/tool_openssl_test
> tool-openssl/tool_openssl_test failed to complete: exit status 0xc0000005

We also only see this access violation in msys2 ucrt64 - (Ninja/MinGW) builds. For example msys2 ucrt64 with MSYS Makefiles doesn't fail (neither do any of the other Windows CI checks).

My two pending investigation avenues are as follows:

  1. Looking at the Cmake, the two build dimensions we see the error in are special cased:

    aws-lc/.github/workflows/windows-alt.yml

    Line 244 in 1a5b9eb

    - name: Run tests
    . Maybe the diff shell is impacting which libraries our test executable links to
  2. Using the BIO APIs to access the same tmp files doesn't cause an issue, but using ReadFileToString which uses the native C++ file reading APIs does, so maybe there's some edge case/bug in these two build dimensions.

@smittals2 smittals2 force-pushed the pkeyutl_tool branch 3 times, most recently from 5486a85 to 47fde32 Compare August 1, 2025 00:09
github-actions[bot]
github-actions bot reviewed Aug 1, 2025
View reviewed changes
Copy link
Contributor

@github-actions github-actions bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

clang-tidy made some suggestions

tool-openssl/pkeyutl_test.cc Outdated
const int buffer_size = 1024;
std::vector<char> buffer(buffer_size);
std::string output;
int bytes_read;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

warning: variable 'bytes_read' is not initialized [cppcoreguidelines-init-variables]

Suggested change
int bytes_read;
int bytes_read = 0;

@justsmth
Copy link
Contributor

justsmth commented Aug 1, 2025

2. Using the BIO APIs to access the same tmp files doesn't cause an issue, but using ReadFileToString which uses the native C++ file reading APIs does, so maybe there's some edge case/bug in these two build dimensions.

I suspect the issue might be that it's linking to the wrong C++ runtime when the test runs.

I have a couple of ideas we could try to debug these tests:

  • echo $PATH prior to test execution to verify "/ucrt64/bin" is listed first. (The PATH can affect which DLLs get loaded.) We use a "Windows" path above: cygpath -w ${SYSROOT}/bin >> $GITHUB_PATH, but perhaps we should used mixed: cygpath -m ${SYSROOT}/bin >> $GITHUB_PATH
  • Run dumpbin /dependents <executable> or dumpbin /imports <executable> to compare executables across the different tests. (Actually, ldd might work in these environments as well.)
  • Since the issue seems to be with linking to the C++ standard library, perhaps we could try adding -static-libstdc++ in CFLAGS or something?

@justsmth justsmth force-pushed the pkeyutl_tool branch 4 times, most recently from 7a59b75 to dd09936 Compare August 4, 2025 15:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@github-actions github-actions[bot] github-actions[bot] left review comments

@kingstjo kingstjo kingstjo left review comments

At least 2 approving reviews are required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@smittals2 @codecov-commenter @justsmth @kingstjo