func fixupEmptyAuth()

in aws_signing_helper/tpm_signer.go [287:327]

• 31 lines of code
• 15 McCabe index (conditional complexity)

func fixupEmptyAuth(tpmData *[]byte) {
	var pos int = 0

	// Skip the SEQUENCE tag and length
	if len(*tpmData) < 2 || (*tpmData)[0] != 0x30 {
		return
	}

	// Don't care what the SEQUENCE length is, just skip it
	pos = 1
	lenByte := (*tpmData)[pos]
	if lenByte < 0x80 {
		pos = pos + 1
	} else if lenByte < 0x85 {
		pos = pos + 1 + int(lenByte) - 0x80
	} else {
		return
	}

	if len(*tpmData) <= pos {
		return
	}

	// Use asn1.Unmarshal to eat the OID; we care about 'rest'
	var oid asn1.ObjectIdentifier
	rest, err := asn1.Unmarshal((*tpmData)[pos:], &oid)
	if err != nil || rest == nil || !oid.Equal(oidLoadableKey) || len(rest) < 5 {
		return
	}

	// If the OPTIONAL EXPLICIT BOOLEAN [0] exists, it'll be here
	pos = len(*tpmData) - len(rest)

	if (*tpmData)[pos] == 0xa0 && // Tag
		(*tpmData)[pos+1] == 0x03 && // length
		(*tpmData)[pos+2] == 0x01 &&
		(*tpmData)[pos+3] == 0x01 &&
		(*tpmData)[pos+4] == 0x01 {
		(*tpmData)[pos+4] = 0xff
	}
}