aws-crt 0.1.4 → 0.1.5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 7617304a819da25587f46d5c40ea606a15790e649ff5a86af263fd47c2697092
-  data.tar.gz: 18085bd6162a6fe4a68cb781e2154e395f53017af70aee98a9c4cd02736240f0
+  metadata.gz: 9c3578992e03398bdf9bd93ddf82e7ce0405d4f1dde997cd1a524a9c67df6282
+  data.tar.gz: 0dfd9eecda72388ef0196c7f64b8a669ab747e3d6517aa7aa165d7e4d2b77b71
 SHA512:
-  metadata.gz: a78f55c2104cf590604a17aee492b93b0d303600d989175d2c9b35a4805d1fd1c857be4c49360c3ffb6224c15b4e7212c0850f9aed7f07c51e503bff1764dd30
-  data.tar.gz: cdeaad2db57abbce49d384d78329c5100b47c8a4afcf4e071996a05d680753db50a74179300ea69baf9c547b2c91fe0fe9fa037cf415715150d72fdd0958b2c2
+  metadata.gz: 8a24cb9ef29ec68853c2209c194b2aeedda14d97197da7f3f99d0d81c77ffddf2073f916133c439a961d774a4b1bef265dc7c4f2ea7efd579455d41b8687041d
+  data.tar.gz: 0f364196764d0405e6304d6320362971d927c71e249083e1b3d0bbba783a543eb1f9c860adf207cdba8c40cbbc75d2a539ae51c543bc244e3c2d1f35c9cec9ea

data/CHANGELOG.md

@@ -1,6 +1,11 @@
 Unreleased Changes
 ------------------
 
+0.1.5 (2022-04-05)
+------------------
+
+* Issue - Update to the latest aws-crt-ffi.
+
 0.1.4 (2022-03-15)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-0.1.4
+0.1.5

data/aws-crt-ffi/crt/aws-c-cal/CMakeLists.txt

@@ -173,6 +173,8 @@ if (NOT CMAKE_CROSSCOMPILING AND NOT BYO_CRYPTO)
     include(CTest)
     if (BUILD_TESTING)
         add_subdirectory(bin/sha256_profile)
+        add_subdirectory(bin/produce_x_platform_fuzz_corpus)
+        add_subdirectory(bin/run_x_platform_fuzz_corpus)
         add_subdirectory(tests)
     endif()
 endif()

data/aws-crt-ffi/crt/aws-c-cal/bin/produce_x_platform_fuzz_corpus/CMakeLists.txt

@@ -0,0 +1,30 @@
+
+project(produce_x_platform_fuzz_corpus C)
+
+list(APPEND CMAKE_MODULE_PATH "${CMAKE_INSTALL_PREFIX}/lib/cmake")
+
+file(GLOB PROFILE_SRC
+        "*.c"
+        )
+
+set(PROFILE_PROJECT_NAME produce_x_platform_fuzz_corpus)
+add_executable(${PROFILE_PROJECT_NAME} ${PROFILE_SRC})
+aws_set_common_properties(${PROFILE_PROJECT_NAME})
+
+
+target_include_directories(${PROFILE_PROJECT_NAME} PUBLIC
+        $<BUILD_INTERFACE:${CMAKE_CURRENT_SOURCE_DIR}/include>
+        $<INSTALL_INTERFACE:include>)
+
+target_link_libraries(${PROFILE_PROJECT_NAME} aws-c-cal)
+
+if (BUILD_SHARED_LIBS AND NOT WIN32)
+    message(INFO " produce_x_platform_fuzz_corpus will be built with shared libs, but you may need to set LD_LIBRARY_PATH=${CMAKE_INSTALL_PREFIX}/lib to run the application")
+endif()
+
+install(TARGETS ${PROFILE_PROJECT_NAME}
+        EXPORT ${PROFILE_PROJECT_NAME}-targets
+        COMPONENT Runtime
+        RUNTIME
+        DESTINATION bin
+        COMPONENT Runtime)

data/aws-crt-ffi/crt/aws-c-cal/bin/produce_x_platform_fuzz_corpus/main.c

@@ -0,0 +1,208 @@
+/**
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0.
+ */
+
+#include <aws/cal/cal.h>
+#include <aws/cal/ecc.h>
+#include <aws/cal/hash.h>
+
+#include <aws/common/command_line_parser.h>
+#include <aws/common/encoding.h>
+#include <aws/common/file.h>
+#include <aws/common/string.h>
+
+#include <inttypes.h>
+
+struct produce_corpus_ctx {
+    struct aws_allocator *allocator;
+    const char *root_path;
+};
+
+static struct aws_cli_option s_long_options[] = {
+    {"output-path", AWS_CLI_OPTIONS_REQUIRED_ARGUMENT, NULL, 'o'},
+    {"help", AWS_CLI_OPTIONS_NO_ARGUMENT, NULL, 'h'},
+    /* Per getopt(3) the last element of the array has to be filled with all zeros */
+    {NULL, AWS_CLI_OPTIONS_NO_ARGUMENT, NULL, 0},
+};
+
+static void s_usage(int exit_code) {
+
+    fprintf(stderr, "usage: produce_x_platform_fuzz_corpus [options]\n");
+    fprintf(stderr, "\n Options:\n\n");
+    fprintf(
+        stderr, "      --output-path DIRECTORY: path to output corpus to, default is the current working directory.\n");
+    fprintf(stderr, "  -h, --help\n");
+    fprintf(stderr, "            Display this message and quit.\n");
+    exit(exit_code);
+}
+
+static void s_parse_options(int argc, char **argv, struct produce_corpus_ctx *ctx) {
+    while (true) {
+        int option_index = 0;
+        int c = aws_cli_getopt_long(argc, argv, "o:h", s_long_options, &option_index);
+        if (c == -1) {
+            break;
+        }
+
+        switch (c) {
+            case 0:
+                /* getopt_long() returns 0 if an option.flag is non-null */
+                break;
+            case 'o':
+                ctx->root_path = aws_cli_optarg;
+                break;
+            case 'h':
+                s_usage(0);
+                break;
+            default:
+                fprintf(stderr, "Unknown option\n");
+                s_usage(1);
+        }
+    }
+}
+
+/**
+ * Runs thousands of ECDSA signatures, and dumps them out to a file. This assumes the same public key and
+ * message to sign scheme is used by the verifying program.
+ */
+int main(int argc, char *argv[]) {
+    struct aws_allocator *allocator = aws_default_allocator();
+    aws_cal_library_init(allocator);
+
+    struct produce_corpus_ctx ctx = {
+        .allocator = allocator,
+    };
+
+    s_parse_options(argc, argv, &ctx);
+
+    struct aws_byte_buf output_path;
+    aws_byte_buf_init(&output_path, allocator, 1024);
+    struct aws_byte_cursor sub_dir_cur;
+
+    if (ctx.root_path) {
+        struct aws_byte_cursor root_path = aws_byte_cursor_from_c_str(ctx.root_path);
+        aws_byte_buf_append_dynamic(&output_path, &root_path);
+
+        if (root_path.ptr[root_path.len - 1] != AWS_PATH_DELIM) {
+            aws_byte_buf_append_byte_dynamic(&output_path, (uint8_t)AWS_PATH_DELIM);
+        }
+    }
+
+#ifdef _WIN32
+    sub_dir_cur = aws_byte_cursor_from_c_str("windows\\");
+#elif __APPLE__
+    sub_dir_cur = aws_byte_cursor_from_c_str("darwin/");
+#else
+    sub_dir_cur = aws_byte_cursor_from_c_str("unix/");
+#endif
+
+    aws_byte_buf_append_dynamic(&output_path, &sub_dir_cur);
+    struct aws_string *directory = aws_string_new_from_buf(allocator, &output_path);
+    aws_directory_create(directory);
+    aws_string_destroy(directory);
+
+    struct aws_byte_cursor file_name = aws_byte_cursor_from_c_str("p256_sig_corpus.txt");
+    aws_byte_buf_append_dynamic(&output_path, &file_name);
+
+    struct aws_string *path = aws_string_new_from_buf(allocator, &output_path);
+    struct aws_string *mode = aws_string_new_from_c_str(allocator, "w");
+    FILE *output_file = aws_fopen_safe(path, mode);
+
+    if (!output_file) {
+        fprintf(
+            stderr,
+            "Error %s, while opening file to: %s\n",
+            aws_error_debug_str(aws_last_error()),
+            aws_string_c_str(path));
+        exit(-1);
+    }
+
+    aws_string_destroy(mode);
+    aws_string_destroy(path);
+    aws_byte_buf_clean_up(&output_path);
+
+    /* use pre-built private/pub key pairs, we'll fuzz via the input. */
+    uint8_t d[] = {
+        0x51, 0x9b, 0x42, 0x3d, 0x71, 0x5f, 0x8b, 0x58, 0x1f, 0x4f, 0xa8, 0xee, 0x59, 0xf4, 0x77, 0x1a,
+        0x5b, 0x44, 0xc8, 0x13, 0x0b, 0x4e, 0x3e, 0xac, 0xca, 0x54, 0xa5, 0x6d, 0xda, 0x72, 0xb4, 0x64,
+    };
+
+    struct aws_byte_cursor private_key = aws_byte_cursor_from_array(d, sizeof(d));
+
+    uint8_t x[] = {
+        0x1c, 0xcb, 0xe9, 0x1c, 0x07, 0x5f, 0xc7, 0xf4, 0xf0, 0x33, 0xbf, 0xa2, 0x48, 0xdb, 0x8f, 0xcc,
+        0xd3, 0x56, 0x5d, 0xe9, 0x4b, 0xbf, 0xb1, 0x2f, 0x3c, 0x59, 0xff, 0x46, 0xc2, 0x71, 0xbf, 0x83,
+    };
+
+    uint8_t y[] = {
+        0xce, 0x40, 0x14, 0xc6, 0x88, 0x11, 0xf9, 0xa2, 0x1a, 0x1f, 0xdb, 0x2c, 0x0e, 0x61, 0x13, 0xe0,
+        0x6d, 0xb7, 0xca, 0x93, 0xb7, 0x40, 0x4e, 0x78, 0xdc, 0x7c, 0xcd, 0x5c, 0xa8, 0x9a, 0x4c, 0xa9,
+    };
+
+    struct aws_byte_cursor pub_x = aws_byte_cursor_from_array(x, sizeof(x));
+    struct aws_byte_cursor pub_y = aws_byte_cursor_from_array(y, sizeof(y));
+
+    struct aws_ecc_key_pair *signing_key =
+        aws_ecc_key_pair_new_from_private_key(allocator, AWS_CAL_ECDSA_P256, &private_key);
+    struct aws_ecc_key_pair *verifying_key =
+        aws_ecc_key_pair_new_from_public_key(allocator, AWS_CAL_ECDSA_P256, &pub_x, &pub_y);
+
+    struct aws_byte_buf raw_buf;
+    aws_byte_buf_init(&raw_buf, allocator, 1024);
+
+    size_t max_iterations = 10000;
+    size_t count = 0;
+
+    struct aws_byte_cursor to_append = aws_byte_cursor_from_c_str("a");
+    struct aws_byte_buf to_sign;
+    aws_byte_buf_init(&to_sign, allocator, AWS_SHA256_LEN);
+
+    struct aws_byte_buf signature_output;
+    aws_byte_buf_init(&signature_output, allocator, aws_ecc_key_pair_signature_length(signing_key));
+
+    struct aws_byte_buf hex_buf;
+    aws_byte_buf_init(&hex_buf, allocator, 1024);
+
+    for (; count < max_iterations; ++count) {
+        struct aws_byte_cursor hash_input = aws_byte_cursor_from_buf(&raw_buf);
+
+        aws_sha256_compute(allocator, &hash_input, &to_sign, 0);
+        struct aws_byte_cursor signing_cur = aws_byte_cursor_from_buf(&to_sign);
+
+        int signing_val = aws_ecc_key_pair_sign_message(signing_key, &signing_cur, &signature_output);
+        (void)signing_val;
+
+        struct aws_byte_cursor signature_cur = aws_byte_cursor_from_buf(&signature_output);
+        int verify_val = aws_ecc_key_pair_verify_signature(verifying_key, &signing_cur, &signature_cur);
+
+        aws_hex_encode(&signature_cur, &hex_buf);
+        struct aws_byte_cursor hex_encoded_cur = aws_byte_cursor_from_buf(&hex_buf);
+
+        if (verify_val != AWS_OP_SUCCESS) {
+            fprintf(
+                stderr,
+                "Signature: \"" PRInSTR "\" was produced but could not be verified\n",
+                AWS_BYTE_CURSOR_PRI(hex_encoded_cur));
+        }
+
+        fprintf(output_file, PRInSTR "\n", AWS_BYTE_CURSOR_PRI(hex_encoded_cur));
+
+        aws_byte_buf_append_dynamic(&raw_buf, &to_append);
+        aws_byte_buf_reset(&hex_buf, true);
+        aws_byte_buf_reset(&to_sign, true);
+        aws_byte_buf_reset(&signature_output, true);
+    }
+
+    aws_byte_buf_clean_up(&hex_buf);
+    aws_byte_buf_clean_up(&signature_output);
+    aws_byte_buf_clean_up(&raw_buf);
+
+    aws_ecc_key_pair_release(verifying_key);
+    aws_ecc_key_pair_release(signing_key);
+
+    fclose(output_file);
+
+    aws_cal_library_clean_up();
+    return 0;
+}

data/aws-crt-ffi/crt/aws-c-cal/bin/run_x_platform_fuzz_corpus/CMakeLists.txt

@@ -0,0 +1,30 @@
+
+project(run_x_platform_fuzz_corpus C)
+
+list(APPEND CMAKE_MODULE_PATH "${CMAKE_INSTALL_PREFIX}/lib/cmake")
+
+file(GLOB PROFILE_SRC
+        "*.c"
+        )
+
+set(PROFILE_PROJECT_NAME run_x_platform_fuzz_corpus)
+add_executable(${PROFILE_PROJECT_NAME} ${PROFILE_SRC})
+aws_set_common_properties(${PROFILE_PROJECT_NAME})
+
+
+target_include_directories(${PROFILE_PROJECT_NAME} PUBLIC
+        $<BUILD_INTERFACE:${CMAKE_CURRENT_SOURCE_DIR}/include>
+        $<INSTALL_INTERFACE:include>)
+
+target_link_libraries(${PROFILE_PROJECT_NAME} aws-c-cal)
+
+if (BUILD_SHARED_LIBS AND NOT WIN32)
+    message(INFO " run_x_platform_fuzz_corpus will be built with shared libs, but you may need to set LD_LIBRARY_PATH=${CMAKE_INSTALL_PREFIX}/lib to run the application")
+endif()
+
+install(TARGETS ${PROFILE_PROJECT_NAME}
+        EXPORT ${PROFILE_PROJECT_NAME}-targets
+        COMPONENT Runtime
+        RUNTIME
+        DESTINATION bin
+        COMPONENT Runtime)

data/aws-crt-ffi/crt/aws-c-cal/bin/run_x_platform_fuzz_corpus/main.c

@@ -0,0 +1,244 @@
+/**
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0.
+ */
+
+#include <aws/cal/cal.h>
+#include <aws/cal/ecc.h>
+#include <aws/cal/hash.h>
+
+#include <aws/common/command_line_parser.h>
+#include <aws/common/encoding.h>
+#include <aws/common/file.h>
+#include <aws/common/string.h>
+
+#include <inttypes.h>
+
+struct run_corpus_ctx {
+    struct aws_allocator *allocator;
+    const char *root_path;
+};
+
+static struct aws_cli_option s_long_options[] = {
+    {"corpus-path", AWS_CLI_OPTIONS_REQUIRED_ARGUMENT, NULL, 'o'},
+    {"help", AWS_CLI_OPTIONS_NO_ARGUMENT, NULL, 'h'},
+    /* Per getopt(3) the last element of the array has to be filled with all zeros */
+    {NULL, AWS_CLI_OPTIONS_NO_ARGUMENT, NULL, 0},
+};
+
+static void s_usage(int exit_code) {
+
+    fprintf(stderr, "usage: run_x_platform_fuzz_corpus [options]\n");
+    fprintf(stderr, "\n Options:\n\n");
+    fprintf(
+        stderr,
+        "      --corpus-path DIRECTORY: path to scan for corpus files default is the current working directory.\n");
+    fprintf(stderr, "  -h, --help\n");
+    fprintf(stderr, "            Display this message and quit.\n");
+    exit(exit_code);
+}
+
+static void s_parse_options(int argc, char **argv, struct run_corpus_ctx *ctx) {
+    while (true) {
+        int option_index = 0;
+        int c = aws_cli_getopt_long(argc, argv, "o:h", s_long_options, &option_index);
+        if (c == -1) {
+            break;
+        }
+
+        switch (c) {
+            case 0:
+                /* getopt_long() returns 0 if an option.flag is non-null */
+                break;
+            case 'o':
+                ctx->root_path = aws_cli_optarg;
+                break;
+            case 'h':
+                s_usage(0);
+                break;
+            default:
+                fprintf(stderr, "Unknown option\n");
+                s_usage(1);
+        }
+    }
+}
+
+/**
+ * Attempts to load a corpus directory. If it's successful, it loads each platform's ECDSA corpus, and makes sure
+ * it can actually verify the signatures in it provided the same key and message to sign are used as those used
+ * to produce the signature.
+ */
+int main(int argc, char *argv[]) {
+    struct aws_allocator *allocator = aws_default_allocator();
+    aws_cal_library_init(allocator);
+
+    struct run_corpus_ctx ctx = {
+        .allocator = allocator,
+    };
+
+    s_parse_options(argc, argv, &ctx);
+
+    uint8_t x[] = {
+        0x1c, 0xcb, 0xe9, 0x1c, 0x07, 0x5f, 0xc7, 0xf4, 0xf0, 0x33, 0xbf, 0xa2, 0x48, 0xdb, 0x8f, 0xcc,
+        0xd3, 0x56, 0x5d, 0xe9, 0x4b, 0xbf, 0xb1, 0x2f, 0x3c, 0x59, 0xff, 0x46, 0xc2, 0x71, 0xbf, 0x83,
+    };
+
+    uint8_t y[] = {
+        0xce, 0x40, 0x14, 0xc6, 0x88, 0x11, 0xf9, 0xa2, 0x1a, 0x1f, 0xdb, 0x2c, 0x0e, 0x61, 0x13, 0xe0,
+        0x6d, 0xb7, 0xca, 0x93, 0xb7, 0x40, 0x4e, 0x78, 0xdc, 0x7c, 0xcd, 0x5c, 0xa8, 0x9a, 0x4c, 0xa9,
+    };
+
+    struct aws_byte_cursor pub_x = aws_byte_cursor_from_array(x, sizeof(x));
+    struct aws_byte_cursor pub_y = aws_byte_cursor_from_array(y, sizeof(y));
+
+    struct aws_ecc_key_pair *verifying_key =
+        aws_ecc_key_pair_new_from_public_key(allocator, AWS_CAL_ECDSA_P256, &pub_x, &pub_y);
+
+    struct aws_byte_buf scan_path;
+    aws_byte_buf_init(&scan_path, allocator, 1024);
+
+    if (ctx.root_path) {
+        struct aws_byte_cursor root_path = aws_byte_cursor_from_c_str(ctx.root_path);
+        aws_byte_buf_append_dynamic(&scan_path, &root_path);
+
+        /* if (root_path.ptr[root_path.len - 1] != AWS_PATH_DELIM) {
+            aws_byte_buf_append_byte_dynamic(&scan_path, (uint8_t)AWS_PATH_DELIM);
+        }*/
+    }
+
+    struct aws_string *scan_path_str = aws_string_new_from_buf(allocator, &scan_path);
+    struct aws_directory_iterator *dir_iter = aws_directory_entry_iterator_new(allocator, scan_path_str);
+
+    if (!dir_iter) {
+        fprintf(stderr, "Unable to load fuzz corpus from %s\n", aws_string_c_str(scan_path_str));
+        exit(-1);
+    }
+
+    struct aws_byte_cursor corpus_file_name = aws_byte_cursor_from_c_str("p256_sig_corpus.txt");
+    size_t corpus_runs = 0;
+    const struct aws_directory_entry *entry = aws_directory_entry_iterator_get_value(dir_iter);
+    while (entry) {
+        struct aws_string *corpus_file = NULL;
+
+        if (entry->file_type & AWS_FILE_TYPE_DIRECTORY) {
+            struct aws_string *potential_corpus_path = aws_string_new_from_cursor(allocator, &entry->path);
+            struct aws_directory_iterator *potential_corpus_dir =
+                aws_directory_entry_iterator_new(allocator, potential_corpus_path);
+
+            if (potential_corpus_dir) {
+                const struct aws_directory_entry *corpus_file_candidate =
+                    aws_directory_entry_iterator_get_value(potential_corpus_dir);
+
+                while (corpus_file_candidate) {
+                    struct aws_byte_cursor find_unused;
+                    if (aws_byte_cursor_find_exact(
+                            &corpus_file_candidate->relative_path, &corpus_file_name, &find_unused) == AWS_OP_SUCCESS) {
+                        corpus_file = aws_string_new_from_cursor(allocator, &corpus_file_candidate->path);
+                        break;
+                    }
+
+                    if (aws_directory_entry_iterator_next(potential_corpus_dir) != AWS_OP_SUCCESS) {
+                        break;
+                    }
+
+                    corpus_file_candidate = aws_directory_entry_iterator_get_value(potential_corpus_dir);
+                }
+
+                aws_directory_entry_iterator_destroy(potential_corpus_dir);
+            }
+        }
+
+        if (corpus_file) {
+            corpus_runs++;
+            fprintf(stdout, "Running corpus file found at %s:\n\n", aws_string_c_str(corpus_file));
+            struct aws_string *mode = aws_string_new_from_c_str(allocator, "r");
+            FILE *corpus_input_file = aws_fopen_safe(corpus_file, mode);
+
+            if (!corpus_input_file) {
+                fprintf(stderr, "Unable to open file at %s\n", aws_string_c_str(corpus_file));
+                exit(-1);
+            }
+
+            struct aws_byte_buf hex_decoded_buf;
+            aws_byte_buf_init(&hex_decoded_buf, allocator, 1024);
+
+            struct aws_byte_cursor to_append = aws_byte_cursor_from_c_str("a");
+            struct aws_byte_buf signed_value;
+            aws_byte_buf_init(&signed_value, allocator, AWS_SHA256_LEN);
+
+            struct aws_byte_buf to_hash;
+            aws_byte_buf_init(&to_hash, allocator, 1024);
+
+            char line_buf[1024];
+            AWS_ZERO_ARRAY(line_buf);
+            size_t signatures_processed = 0;
+            size_t signatures_failed = 0;
+
+            while (fgets(line_buf, 1024, corpus_input_file)) {
+
+                /* -1 to strip off the newline delimiter */
+                struct aws_byte_cursor line_cur = aws_byte_cursor_from_c_str(line_buf);
+                line_cur.len -= 1;
+
+                if (aws_hex_decode(&line_cur, &hex_decoded_buf) != AWS_OP_SUCCESS) {
+                    fprintf(
+                        stderr,
+                        "Invalid line in file detected. Could not hex decode.\n Line is " PRInSTR "\n",
+                        AWS_BYTE_CURSOR_PRI(line_cur));
+                    exit(-1);
+                }
+
+                struct aws_byte_cursor to_hash_cur = aws_byte_cursor_from_buf(&to_hash);
+                aws_sha256_compute(allocator, &to_hash_cur, &signed_value, 0);
+
+                struct aws_byte_cursor signed_value_cur = aws_byte_cursor_from_buf(&signed_value);
+                struct aws_byte_cursor signature_cur = aws_byte_cursor_from_buf(&hex_decoded_buf);
+
+                if (aws_ecc_key_pair_verify_signature(verifying_key, &signed_value_cur, &signature_cur)) {
+                    struct aws_byte_buf hex_encoded_sha;
+                    aws_byte_buf_init(&hex_encoded_sha, allocator, 1024);
+
+                    aws_hex_encode(&signed_value_cur, &hex_encoded_sha);
+                    struct aws_byte_cursor failed_sha = aws_byte_cursor_from_buf(&hex_encoded_sha);
+
+                    fprintf(
+                        stderr,
+                        "Failed to validate signature\n signature: " PRInSTR "\n message_signed: " PRInSTR "\n\n",
+                        AWS_BYTE_CURSOR_PRI(line_cur),
+                        AWS_BYTE_CURSOR_PRI(failed_sha));
+                    signatures_failed++;
+                    aws_byte_buf_clean_up(&hex_encoded_sha);
+                }
+
+                aws_byte_buf_reset(&hex_decoded_buf, true);
+                aws_byte_buf_reset(&signed_value, true);
+
+                aws_byte_buf_append_dynamic(&to_hash, &to_append);
+                AWS_ZERO_ARRAY(line_buf);
+                signatures_processed++;
+            }
+            fprintf(
+                stdout,
+                "Corpus verification complete with %d failures out of %d signatures processed\n\n",
+                (int)signatures_failed,
+                (int)signatures_processed);
+
+            aws_byte_buf_clean_up(&hex_decoded_buf);
+            fclose(corpus_input_file);
+            aws_string_destroy(mode);
+        }
+
+        if (aws_directory_entry_iterator_next(dir_iter)) {
+            break;
+        }
+
+        entry = aws_directory_entry_iterator_get_value(dir_iter);
+    }
+    aws_directory_entry_iterator_destroy(dir_iter);
+    aws_string_destroy(scan_path_str);
+
+    aws_ecc_key_pair_release(verifying_key);
+
+    aws_cal_library_clean_up();
+    return 0;
+}