Change the way private key and cert are embedded.
OpenSSL seems to serialize bigints as signed value, which means the ECC key may end up being 33 bytes instead of the 32 bytes we're expecting, causing build to fail. The shell script extraction is now replaced by a build.rs script that uses OpenSSL to extract the content and do sanity checks. Forcing generating cryptographic materials now always generate a key and a certificate (useful to compile/flash multiple keys without them being considered as clones). The self-signed CA is left untouched.
This commit is contained in:
Jean-Michel Picod
2
.gitignore
vendored
2
.gitignore
vendored
@@ -3,5 +3,3 @@ Cargo.lock
|
||||
|
||||
# Prevent people from commiting sensitive files.
|
||||
crypto_data/
|
||||
src/ctap/key_material.rs
|
||||
|
||||
|
||||
Reference in New Issue
Block a user