Skip to content

Implement dgst CLI command #2638

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Oct 6, 2025
Merged

Implement dgst CLI command #2638

merged 4 commits into from
Oct 6, 2025

Conversation

nhatnghiho
Copy link
Contributor

Issues:

Resolves #CryptoAlg-3383

Description of changes:

Re-implement dgst cli commands with the following options:
-binary
-sha256 (and a handful of other digest algorithms)
-sigopt
-passin
-sign
-out
-verify
-signature
-keyform

Call-outs:

Waiting for #2555 to implement -passin

Testing:

How is this change tested (unit tests, fuzz tests, etc.)? Are there any testing steps to be verified by the reviewer?

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.

@nhatnghiho nhatnghiho requested a review from a team as a code owner August 25, 2025 15:49
github-actions[bot]
github-actions bot reviewed Aug 25, 2025
View reviewed changes
Copy link
Contributor

@github-actions github-actions bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

clang-tidy made some suggestions

@codecov-commenter
Copy link

codecov-commenter commented Aug 25, 2025
edited
Loading

Codecov Report

❌ Patch coverage is 58.59729% with 183 lines in your changes missing coverage. Please review.
✅ Project coverage is 78.90%. Comparing base (154edc9) to head (8b97425).

Files with missing lines Patch % Lines
tool-openssl/dgst.cc 68.35% 75 Missing ⚠️
tool-openssl/dgst_test.cc 48.63% 75 Missing ⚠️
tool-openssl/test_util.h 6.66% 14 Missing ⚠️
tool/args.cc 12.50% 14 Missing ⚠️
tool-openssl/ordered_args.cc 77.27% 5 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #2638      +/-   ##
==========================================
+ Coverage   78.81%   78.90%   +0.08%     
==========================================
  Files         667      667              
  Lines      114088   114343     +255     
  Branches    16063    16107      +44     
==========================================
+ Hits        89923    90225     +302     
+ Misses      23390    23340      -50     
- Partials      775      778       +3

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

justsmth
justsmth reviewed Aug 27, 2025
View reviewed changes
justsmth
justsmth reviewed Aug 27, 2025
View reviewed changes
@justsmth justsmth requested a review from smittals2 October 3, 2025 16:55
smittals2
smittals2 reviewed Oct 3, 2025
View reviewed changes
tool-openssl/internal.h
bool GetBoolArgument(bool *out, const std::string &arg_name,
const ordered_args_map_t &args);

bool GetExclusiveBoolArgument(std::string *out_arg, const argument_t *templates,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

just curious on reasoning here. Why do we want to do exclusive bool arguments at the parsing layer, as opposed to for example writing a func at tool level to validate parsed options?

Copy link
Contributor Author

@nhatnghiho nhatnghiho Oct 3, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since the supported digest suite is fairly large, I think that doing it the parsing layer makes more sense. Otherwise, we'd need to 1) maintain a list of supported digests (in addition to the arg templates), 2) parse the arguments a 2nd time to get the digest names, and 3) check for mutual exclusivity. Computationally, it's the same amount of work either way but doing it at the parsing layer is much cleaner.

And since we're already relying on the kExclusiveBooleanArgument type for the parsing, might as well make it a util function rather than a one-off function in the digest tool. I thought it'd be useful in the future if we ever need to do handle multiple exclusive bool args again.

@justsmth justsmth merged commit eaaa97b into aws:main Oct 6, 2025
364 of 369 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@github-actions github-actions[bot] github-actions[bot] left review comments

@justsmth justsmth justsmth approved these changes

@smittals2 smittals2 smittals2 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@nhatnghiho @codecov-commenter @justsmth @smittals2