aws-crt 0.1.9 → 0.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +5 -0
- data/VERSION +1 -1
- data/aws-crt-ffi/crt/aws-c-auth/include/aws/auth/auth.h +1 -0
- data/aws-crt-ffi/crt/aws-c-auth/include/aws/auth/aws_imds_client.h +5 -0
- data/aws-crt-ffi/crt/aws-c-auth/include/aws/auth/credentials.h +5 -0
- data/aws-crt-ffi/crt/aws-c-auth/include/aws/auth/private/aws_signing.h +1 -0
- data/aws-crt-ffi/crt/aws-c-auth/include/aws/auth/private/credentials_utils.h +2 -0
- data/aws-crt-ffi/crt/aws-c-auth/include/aws/auth/signing_config.h +1 -0
- data/aws-crt-ffi/crt/aws-c-auth/source/auth.c +3 -1
- data/aws-crt-ffi/crt/aws-c-auth/source/aws_imds_client.c +146 -63
- data/aws-crt-ffi/crt/aws-c-auth/source/aws_signing.c +41 -19
- data/aws-crt-ffi/crt/aws-c-auth/source/credentials_provider_imds.c +1 -0
- data/aws-crt-ffi/crt/aws-c-auth/source/credentials_utils.c +1 -0
- data/aws-crt-ffi/crt/aws-c-auth/source/signable_http_request.c +2 -1
- data/aws-crt-ffi/crt/aws-c-auth/source/signing_config.c +25 -0
- data/aws-crt-ffi/crt/aws-c-auth/tests/CMakeLists.txt +3 -0
- data/aws-crt-ffi/crt/aws-c-auth/tests/aws_imds_client_test.c +197 -31
- data/aws-crt-ffi/crt/aws-c-auth/tests/credentials_provider_imds_tests.c +16 -18
- data/aws-crt-ffi/crt/aws-c-auth/tests/sigv4_signing_tests.c +3 -1
- data/aws-crt-ffi/crt/aws-c-cal/include/aws/cal/private/opensslcrypto_common.h +22 -0
- data/aws-crt-ffi/crt/aws-c-cal/source/darwin/commoncrypto_aes.c +46 -17
- data/aws-crt-ffi/crt/aws-c-cal/source/unix/openssl_aes.c +1 -0
- data/aws-crt-ffi/crt/aws-c-cal/source/unix/openssl_platform_init.c +7 -0
- data/aws-crt-ffi/crt/aws-c-cal/source/unix/openssl_rsa.c +59 -2
- data/aws-crt-ffi/crt/aws-c-cal/source/unix/opensslcrypto_ecc.c +1 -0
- data/aws-crt-ffi/crt/aws-c-common/CMakeLists.txt +13 -1
- data/aws-crt-ffi/crt/aws-c-common/THIRD-PARTY-LICENSES.txt +28 -7
- data/aws-crt-ffi/crt/aws-c-common/bin/system_info/CMakeLists.txt +18 -0
- data/aws-crt-ffi/crt/aws-c-common/bin/system_info/print_system_info.c +48 -0
- data/aws-crt-ffi/crt/aws-c-common/include/aws/common/allocator.h +23 -0
- data/aws-crt-ffi/crt/aws-c-common/include/aws/common/byte_buf.h +12 -0
- data/aws-crt-ffi/crt/aws-c-common/include/aws/common/cross_process_lock.h +35 -0
- data/aws-crt-ffi/crt/aws-c-common/include/aws/common/hash_table.h +1 -0
- data/aws-crt-ffi/crt/aws-c-common/include/aws/common/priority_queue.h +24 -0
- data/aws-crt-ffi/crt/aws-c-common/include/aws/common/private/system_info_priv.h +37 -0
- data/aws-crt-ffi/crt/aws-c-common/include/aws/common/system_info.h +47 -0
- data/aws-crt-ffi/crt/aws-c-common/include/aws/common/system_resource_util.h +30 -0
- data/aws-crt-ffi/crt/aws-c-common/include/aws/testing/aws_test_harness.h +3 -2
- data/aws-crt-ffi/crt/aws-c-common/source/allocator.c +64 -13
- data/aws-crt-ffi/crt/aws-c-common/source/android/logging.c +14 -0
- data/aws-crt-ffi/crt/aws-c-common/source/common.c +3 -3
- data/aws-crt-ffi/crt/aws-c-common/source/file.c +96 -35
- data/aws-crt-ffi/crt/aws-c-common/source/linux/system_info.c +24 -0
- data/aws-crt-ffi/crt/aws-c-common/source/memtrace.c +10 -3
- data/aws-crt-ffi/crt/aws-c-common/source/platform_fallback_stubs/system_info.c +21 -0
- data/aws-crt-ffi/crt/aws-c-common/source/posix/cross_process_lock.c +141 -0
- data/aws-crt-ffi/crt/aws-c-common/source/posix/system_info.c +1 -1
- data/aws-crt-ffi/crt/aws-c-common/source/posix/system_resource_utils.c +32 -0
- data/aws-crt-ffi/crt/aws-c-common/source/priority_queue.c +24 -0
- data/aws-crt-ffi/crt/aws-c-common/source/system_info.c +80 -0
- data/aws-crt-ffi/crt/aws-c-common/source/task_scheduler.c +2 -2
- data/aws-crt-ffi/crt/aws-c-common/source/windows/cross_process_lock.c +93 -0
- data/aws-crt-ffi/crt/aws-c-common/source/windows/system_resource_utils.c +31 -0
- data/aws-crt-ffi/crt/aws-c-common/tests/CMakeLists.txt +16 -0
- data/aws-crt-ffi/crt/aws-c-common/tests/alloc_test.c +83 -22
- data/aws-crt-ffi/crt/aws-c-common/tests/cross_process_lock_tests.c +116 -0
- data/aws-crt-ffi/crt/aws-c-common/tests/file_test.c +103 -0
- data/aws-crt-ffi/crt/aws-c-common/tests/priority_queue_test.c +36 -0
- data/aws-crt-ffi/crt/aws-c-common/tests/system_info_tests.c +19 -0
- data/aws-crt-ffi/crt/aws-c-common/tests/system_resource_util_test.c +37 -0
- data/aws-crt-ffi/crt/aws-c-http/include/aws/http/connection.h +9 -0
- data/aws-crt-ffi/crt/aws-c-http/include/aws/http/http.h +1 -0
- data/aws-crt-ffi/crt/aws-c-http/include/aws/http/private/connection_impl.h +5 -4
- data/aws-crt-ffi/crt/aws-c-http/include/aws/http/private/connection_manager_system_vtable.h +10 -18
- data/aws-crt-ffi/crt/aws-c-http/include/aws/http/private/proxy_impl.h +5 -1
- data/aws-crt-ffi/crt/aws-c-http/include/aws/http/private/request_response_impl.h +5 -0
- data/aws-crt-ffi/crt/aws-c-http/include/aws/http/request_response.h +10 -0
- data/aws-crt-ffi/crt/aws-c-http/source/connection.c +5 -2
- data/aws-crt-ffi/crt/aws-c-http/source/connection_manager.c +22 -21
- data/aws-crt-ffi/crt/aws-c-http/source/h1_connection.c +102 -17
- data/aws-crt-ffi/crt/aws-c-http/source/h1_stream.c +1 -0
- data/aws-crt-ffi/crt/aws-c-http/source/http.c +3 -0
- data/aws-crt-ffi/crt/aws-c-http/source/proxy_connection.c +2 -2
- data/aws-crt-ffi/crt/aws-c-http/tests/CMakeLists.txt +2 -0
- data/aws-crt-ffi/crt/aws-c-http/tests/test_connection_manager.c +18 -18
- data/aws-crt-ffi/crt/aws-c-http/tests/test_h1_client.c +111 -1
- data/aws-crt-ffi/crt/aws-c-http/tests/test_proxy.c +2 -2
- data/aws-crt-ffi/crt/aws-c-http/tests/test_stream_manager.c +2 -2
- data/aws-crt-ffi/crt/aws-c-io/include/aws/io/retry_strategy.h +1 -1
- data/aws-crt-ffi/crt/aws-c-io/source/exponential_backoff_retry_strategy.c +1 -1
- data/aws-crt-ffi/crt/aws-c-io/source/pkcs11_tls_op_handler.c +2 -4
- data/aws-crt-ffi/crt/aws-lc/CMakeLists.txt +16 -8
- data/aws-crt-ffi/crt/aws-lc/cmake/go.cmake +6 -0
- data/aws-crt-ffi/crt/aws-lc/crypto/CMakeLists.txt +6 -9
- data/aws-crt-ffi/crt/aws-lc/crypto/asn1/a_time.c +34 -1
- data/aws-crt-ffi/crt/aws-lc/crypto/asn1/a_utctm.c +4 -1
- data/aws-crt-ffi/crt/aws-lc/crypto/asn1/asn1_test.cc +41 -0
- data/aws-crt-ffi/crt/aws-lc/crypto/bio/bio_mem.c +6 -7
- data/aws-crt-ffi/crt/aws-lc/crypto/bio/bio_test.cc +152 -16
- data/aws-crt-ffi/crt/aws-lc/crypto/bio/connect.c +6 -12
- data/aws-crt-ffi/crt/aws-lc/crypto/bio/fd.c +2 -2
- data/aws-crt-ffi/crt/aws-lc/crypto/bio/file.c +20 -8
- data/aws-crt-ffi/crt/aws-lc/crypto/bio/socket.c +2 -2
- data/aws-crt-ffi/crt/aws-lc/crypto/bio/socket_helper.c +2 -2
- data/aws-crt-ffi/crt/aws-lc/crypto/blake2/blake2.c +11 -1
- data/aws-crt-ffi/crt/aws-lc/crypto/bytestring/cbb.c +13 -3
- data/aws-crt-ffi/crt/aws-lc/crypto/bytestring/cbs.c +9 -0
- data/aws-crt-ffi/crt/aws-lc/crypto/chacha/asm/chacha-armv8.pl +1 -1
- data/aws-crt-ffi/crt/aws-lc/crypto/chacha/chacha.c +49 -8
- data/aws-crt-ffi/crt/aws-lc/crypto/chacha/chacha_test.cc +110 -0
- data/aws-crt-ffi/crt/aws-lc/crypto/chacha/internal.h +8 -1
- data/aws-crt-ffi/crt/aws-lc/crypto/compiler_test.cc +4 -1
- data/aws-crt-ffi/crt/aws-lc/crypto/conf/conf_test.cc +1 -0
- data/aws-crt-ffi/crt/aws-lc/crypto/crypto_test.cc +9 -0
- data/aws-crt-ffi/crt/aws-lc/crypto/curve25519/curve25519.c +189 -108
- data/aws-crt-ffi/crt/aws-lc/crypto/curve25519/curve25519_nohw.c +78 -6
- data/aws-crt-ffi/crt/aws-lc/crypto/curve25519/ed25519_test.cc +9 -0
- data/aws-crt-ffi/crt/aws-lc/crypto/curve25519/internal.h +24 -10
- data/aws-crt-ffi/crt/aws-lc/crypto/curve25519/spake25519.c +4 -4
- data/aws-crt-ffi/crt/aws-lc/crypto/curve25519/x25519_test.cc +80 -11
- data/aws-crt-ffi/crt/aws-lc/crypto/decrepit/evp/evp_do_all.c +2 -0
- data/aws-crt-ffi/crt/aws-lc/crypto/digest_extra/digest_extra.c +8 -0
- data/aws-crt-ffi/crt/aws-lc/crypto/digest_extra/digest_test.cc +110 -45
- data/aws-crt-ffi/crt/aws-lc/crypto/dsa/dsa_test.cc +8 -2
- data/aws-crt-ffi/crt/aws-lc/crypto/dsa/internal.h +18 -0
- data/aws-crt-ffi/crt/aws-lc/crypto/dynamic_loading_test.c +8 -5
- data/aws-crt-ffi/crt/aws-lc/crypto/ec_extra/ec_derive.c +4 -3
- data/aws-crt-ffi/crt/aws-lc/crypto/ec_extra/hash_to_curve.c +6 -18
- data/aws-crt-ffi/crt/aws-lc/crypto/endian_test.cc +308 -0
- data/aws-crt-ffi/crt/aws-lc/crypto/err/ssl.errordata +2 -0
- data/aws-crt-ffi/crt/aws-lc/crypto/evp_extra/evp_extra_test.cc +2 -0
- data/aws-crt-ffi/crt/aws-lc/crypto/evp_extra/evp_test.cc +11 -1
- data/aws-crt-ffi/crt/aws-lc/crypto/evp_extra/evp_tests.txt +25 -0
- data/aws-crt-ffi/crt/aws-lc/crypto/evp_extra/p_ec_asn1.c +1 -1
- data/aws-crt-ffi/crt/aws-lc/crypto/evp_extra/p_kem.c +2 -2
- data/aws-crt-ffi/crt/aws-lc/crypto/evp_extra/p_rsa_asn1.c +1 -0
- data/aws-crt-ffi/crt/aws-lc/crypto/evp_extra/print.c +7 -6
- data/aws-crt-ffi/crt/aws-lc/crypto/evp_extra/scrypt.c +13 -1
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/CMakeLists.txt +13 -4
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/aes/aes_nohw.c +18 -6
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/bcm.c +12 -4
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/bn/bn_assert_test.cc +77 -0
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/bn/bn_test.cc +30 -0
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/bn/bytes.c +112 -22
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/bn/div.c +12 -5
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/bn/exponentiation.c +54 -1
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/bn/gcd.c +5 -6
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/bn/internal.h +37 -15
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/bn/montgomery.c +4 -11
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/bn/montgomery_inv.c +51 -15
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/cipher/aead.c +2 -2
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/digest/digest.c +29 -6
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/digest/digests.c +89 -0
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/digest/internal.h +4 -0
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/ec/ec.c +19 -36
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/ec/ec_key.c +3 -3
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/ec/ec_montgomery.c +9 -7
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/ec/ec_test.cc +33 -9
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/ec/internal.h +17 -12
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/ec/p224-64.c +5 -8
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/ec/p256-nistz.c +8 -8
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/ec/p256.c +9 -8
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/ec/p384.c +33 -16
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/ec/p521.c +14 -6
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/ec/scalar.c +26 -24
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/ec/simple_mul.c +8 -5
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/ec/wnaf.c +3 -3
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/ecdsa/ecdsa.c +9 -3
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/evp/evp.c +43 -12
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/evp/p_ec.c +4 -3
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/hmac/hmac.c +3 -1
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/modes/xts.c +26 -3
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/rand/cpu_jitter_test.cc +1 -1
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/rand/internal.h +20 -11
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/rand/rand.c +10 -10
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/rand/urandom.c +2 -2
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/rsa/internal.h +59 -0
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/rsa/padding.c +9 -3
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/rsa/rsa.c +7 -0
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/rsa/rsa_impl.c +51 -60
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/service_indicator/service_indicator.c +5 -2
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/service_indicator/service_indicator_test.cc +205 -5
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/sha/asm/sha1-armv8.pl +1 -1
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/sha/asm/sha512-armv8.pl +1 -1
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/sha/internal.h +8 -0
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/sha/sha3.c +37 -15
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/sha/sha3_test.cc +115 -110
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/sha/sha512.c +55 -1
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/sshkdf/sshkdf.c +2 -2
- data/aws-crt-ffi/crt/aws-lc/crypto/hmac_extra/hmac_test.cc +12 -0
- data/aws-crt-ffi/crt/aws-lc/crypto/hmac_extra/hmac_tests.txt +10 -0
- data/aws-crt-ffi/crt/aws-lc/crypto/hrss/asm/poly_rq_mul.S +2 -6
- data/aws-crt-ffi/crt/aws-lc/crypto/impl_dispatch_test.cc +9 -1
- data/aws-crt-ffi/crt/aws-lc/crypto/internal.h +90 -8
- data/aws-crt-ffi/crt/aws-lc/crypto/kem/kem.c +28 -27
- data/aws-crt-ffi/crt/aws-lc/crypto/kyber/kem_kyber.h +14 -0
- data/aws-crt-ffi/crt/aws-lc/crypto/obj/obj_dat.h +52 -2
- data/aws-crt-ffi/crt/aws-lc/crypto/obj/obj_mac.num +5 -0
- data/aws-crt-ffi/crt/aws-lc/crypto/obj/objects.txt +7 -0
- data/aws-crt-ffi/crt/aws-lc/crypto/perlasm/arm-xlate.pl +3 -14
- data/aws-crt-ffi/crt/aws-lc/crypto/perlasm/ppc-xlate.pl +1 -5
- data/aws-crt-ffi/crt/aws-lc/crypto/perlasm/x86_64-xlate.pl +4 -15
- data/aws-crt-ffi/crt/aws-lc/crypto/perlasm/x86asm.pl +4 -13
- data/aws-crt-ffi/crt/aws-lc/crypto/poly1305/poly1305_arm_asm.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/crypto/rand_extra/deterministic.c +4 -3
- data/aws-crt-ffi/crt/aws-lc/crypto/rand_extra/fuchsia.c +4 -4
- data/aws-crt-ffi/crt/aws-lc/crypto/rand_extra/rand_test.cc +0 -63
- data/aws-crt-ffi/crt/aws-lc/crypto/rand_extra/windows.c +41 -19
- data/aws-crt-ffi/crt/aws-lc/crypto/rsa_extra/rsa_test.cc +3 -3
- data/aws-crt-ffi/crt/aws-lc/crypto/siphash/siphash.c +12 -5
- data/aws-crt-ffi/crt/aws-lc/crypto/siphash/siphash_test.cc +5 -5
- data/aws-crt-ffi/crt/aws-lc/crypto/stack/stack.c +68 -46
- data/aws-crt-ffi/crt/aws-lc/crypto/trust_token/pmbtoken.c +4 -4
- data/aws-crt-ffi/crt/aws-lc/crypto/trust_token/voprf.c +2 -2
- data/aws-crt-ffi/crt/aws-lc/crypto/x509/by_dir.c +0 -6
- data/aws-crt-ffi/crt/aws-lc/crypto/x509/internal.h +4 -1
- data/aws-crt-ffi/crt/aws-lc/crypto/x509/x509_lu.c +33 -9
- data/aws-crt-ffi/crt/aws-lc/crypto/x509/x509_test.cc +87 -0
- data/aws-crt-ffi/crt/aws-lc/crypto/x509/x509_trs.c +1 -1
- data/aws-crt-ffi/crt/aws-lc/crypto/x509/x509_vfy.c +35 -13
- data/aws-crt-ffi/crt/aws-lc/crypto/x509v3/v3_lib.c +2 -0
- data/aws-crt-ffi/crt/aws-lc/crypto/x509v3/v3_purp.c +4 -6
- data/aws-crt-ffi/crt/aws-lc/generated-src/crypto_test_data.cc +179 -151
- data/aws-crt-ffi/crt/aws-lc/generated-src/err_data.c +353 -349
- data/aws-crt-ffi/crt/aws-lc/generated-src/ios-aarch64/crypto/chacha/chacha-armv8.S +4 -14
- data/aws-crt-ffi/crt/aws-lc/generated-src/ios-aarch64/crypto/cipher_extra/chacha20_poly1305_armv8.S +4 -14
- data/aws-crt-ffi/crt/aws-lc/generated-src/ios-aarch64/crypto/fipsmodule/aesv8-armx.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/ios-aarch64/crypto/fipsmodule/aesv8-gcm-armv8-unroll8.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/ios-aarch64/crypto/fipsmodule/aesv8-gcm-armv8.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/ios-aarch64/crypto/fipsmodule/armv8-mont.S +4 -14
- data/aws-crt-ffi/crt/aws-lc/generated-src/ios-aarch64/crypto/fipsmodule/bn-armv8.S +4 -14
- data/aws-crt-ffi/crt/aws-lc/generated-src/ios-aarch64/crypto/fipsmodule/ghash-neon-armv8.S +4 -14
- data/aws-crt-ffi/crt/aws-lc/generated-src/ios-aarch64/crypto/fipsmodule/ghashv8-armx.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/ios-aarch64/crypto/fipsmodule/keccak1600-armv8.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/ios-aarch64/crypto/fipsmodule/md5-armv8.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/ios-aarch64/crypto/fipsmodule/p256-armv8-asm.S +4 -14
- data/aws-crt-ffi/crt/aws-lc/generated-src/ios-aarch64/crypto/fipsmodule/p256_beeu-armv8-asm.S +4 -14
- data/aws-crt-ffi/crt/aws-lc/generated-src/ios-aarch64/crypto/fipsmodule/sha1-armv8.S +4 -14
- data/aws-crt-ffi/crt/aws-lc/generated-src/ios-aarch64/crypto/fipsmodule/sha256-armv8.S +4 -14
- data/aws-crt-ffi/crt/aws-lc/generated-src/ios-aarch64/crypto/fipsmodule/sha512-armv8.S +4 -14
- data/aws-crt-ffi/crt/aws-lc/generated-src/ios-aarch64/crypto/fipsmodule/vpaes-armv8.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/ios-aarch64/crypto/test/trampoline-armv8.S +4 -14
- data/aws-crt-ffi/crt/aws-lc/generated-src/ios-arm/crypto/chacha/chacha-armv4.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/ios-arm/crypto/fipsmodule/aesv8-armx.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/ios-arm/crypto/fipsmodule/armv4-mont.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/ios-arm/crypto/fipsmodule/bsaes-armv7.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/ios-arm/crypto/fipsmodule/ghash-armv4.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/ios-arm/crypto/fipsmodule/ghashv8-armx.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/ios-arm/crypto/fipsmodule/sha1-armv4-large.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/ios-arm/crypto/fipsmodule/sha256-armv4.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/ios-arm/crypto/fipsmodule/sha512-armv4.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/ios-arm/crypto/fipsmodule/vpaes-armv7.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/ios-arm/crypto/test/trampoline-armv4.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-aarch64/crypto/chacha/chacha-armv8.S +4 -14
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-aarch64/crypto/cipher_extra/chacha20_poly1305_armv8.S +4 -14
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-aarch64/crypto/fipsmodule/aesv8-armx.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-aarch64/crypto/fipsmodule/aesv8-gcm-armv8-unroll8.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-aarch64/crypto/fipsmodule/aesv8-gcm-armv8.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-aarch64/crypto/fipsmodule/armv8-mont.S +4 -14
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-aarch64/crypto/fipsmodule/bn-armv8.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-aarch64/crypto/fipsmodule/ghash-neon-armv8.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-aarch64/crypto/fipsmodule/ghashv8-armx.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-aarch64/crypto/fipsmodule/keccak1600-armv8.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-aarch64/crypto/fipsmodule/md5-armv8.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-aarch64/crypto/fipsmodule/p256-armv8-asm.S +4 -14
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-aarch64/crypto/fipsmodule/p256_beeu-armv8-asm.S +4 -14
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-aarch64/crypto/fipsmodule/sha1-armv8.S +4 -14
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-aarch64/crypto/fipsmodule/sha256-armv8.S +4 -14
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-aarch64/crypto/fipsmodule/sha512-armv8.S +4 -14
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-aarch64/crypto/fipsmodule/vpaes-armv8.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-aarch64/crypto/test/trampoline-armv8.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-arm/crypto/chacha/chacha-armv4.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-arm/crypto/fipsmodule/aesv8-armx.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-arm/crypto/fipsmodule/armv4-mont.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-arm/crypto/fipsmodule/bsaes-armv7.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-arm/crypto/fipsmodule/ghash-armv4.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-arm/crypto/fipsmodule/ghashv8-armx.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-arm/crypto/fipsmodule/sha1-armv4-large.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-arm/crypto/fipsmodule/sha256-armv4.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-arm/crypto/fipsmodule/sha512-armv4.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-arm/crypto/fipsmodule/vpaes-armv7.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-arm/crypto/test/trampoline-armv4.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-ppc64le/crypto/fipsmodule/aesp8-ppc.S +1 -5
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-ppc64le/crypto/fipsmodule/ghashp8-ppc.S +1 -5
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-ppc64le/crypto/test/trampoline-ppc.S +1 -5
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86/crypto/chacha/chacha-x86.S +3 -12
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86/crypto/fipsmodule/aesni-x86.S +3 -12
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86/crypto/fipsmodule/bn-586.S +4 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86/crypto/fipsmodule/co-586.S +4 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86/crypto/fipsmodule/ghash-ssse3-x86.S +3 -12
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86/crypto/fipsmodule/ghash-x86.S +3 -12
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86/crypto/fipsmodule/md5-586.S +4 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86/crypto/fipsmodule/sha1-586.S +4 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86/crypto/fipsmodule/sha256-586.S +3 -12
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86/crypto/fipsmodule/sha512-586.S +3 -12
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86/crypto/fipsmodule/vpaes-x86.S +3 -12
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86/crypto/fipsmodule/x86-mont.S +3 -12
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86/crypto/test/trampoline-x86.S +3 -12
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86_64/crypto/chacha/chacha-x86_64.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86_64/crypto/cipher_extra/aes128gcmsiv-x86_64.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86_64/crypto/cipher_extra/aesni-sha1-x86_64.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86_64/crypto/cipher_extra/aesni-sha256-x86_64.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86_64/crypto/cipher_extra/chacha20_poly1305_x86_64.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86_64/crypto/fipsmodule/aesni-gcm-avx512.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86_64/crypto/fipsmodule/aesni-gcm-x86_64.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86_64/crypto/fipsmodule/aesni-x86_64.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86_64/crypto/fipsmodule/aesni-xts-avx512.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86_64/crypto/fipsmodule/ghash-ssse3-x86_64.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86_64/crypto/fipsmodule/ghash-x86_64.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86_64/crypto/fipsmodule/md5-x86_64.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86_64/crypto/fipsmodule/p256-x86_64-asm.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86_64/crypto/fipsmodule/p256_beeu-x86_64-asm.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86_64/crypto/fipsmodule/rdrand-x86_64.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86_64/crypto/fipsmodule/rsaz-avx2.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86_64/crypto/fipsmodule/sha1-x86_64.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86_64/crypto/fipsmodule/sha256-x86_64.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86_64/crypto/fipsmodule/sha512-x86_64.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86_64/crypto/fipsmodule/vpaes-x86_64.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86_64/crypto/fipsmodule/x86_64-mont.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86_64/crypto/fipsmodule/x86_64-mont5.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86_64/crypto/test/trampoline-x86_64.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86/crypto/chacha/chacha-x86.S +3 -12
- data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86/crypto/fipsmodule/aesni-x86.S +3 -12
- data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86/crypto/fipsmodule/bn-586.S +3 -12
- data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86/crypto/fipsmodule/co-586.S +3 -12
- data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86/crypto/fipsmodule/ghash-ssse3-x86.S +3 -12
- data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86/crypto/fipsmodule/ghash-x86.S +3 -12
- data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86/crypto/fipsmodule/md5-586.S +3 -12
- data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86/crypto/fipsmodule/sha1-586.S +3 -12
- data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86/crypto/fipsmodule/sha256-586.S +3 -12
- data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86/crypto/fipsmodule/sha512-586.S +3 -12
- data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86/crypto/fipsmodule/vpaes-x86.S +3 -12
- data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86/crypto/fipsmodule/x86-mont.S +3 -12
- data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86/crypto/test/trampoline-x86.S +3 -12
- data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86_64/crypto/chacha/chacha-x86_64.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86_64/crypto/cipher_extra/aes128gcmsiv-x86_64.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86_64/crypto/cipher_extra/aesni-sha1-x86_64.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86_64/crypto/cipher_extra/aesni-sha256-x86_64.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86_64/crypto/cipher_extra/chacha20_poly1305_x86_64.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86_64/crypto/fipsmodule/aesni-gcm-avx512.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86_64/crypto/fipsmodule/aesni-gcm-x86_64.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86_64/crypto/fipsmodule/aesni-x86_64.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86_64/crypto/fipsmodule/aesni-xts-avx512.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86_64/crypto/fipsmodule/ghash-ssse3-x86_64.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86_64/crypto/fipsmodule/ghash-x86_64.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86_64/crypto/fipsmodule/md5-x86_64.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86_64/crypto/fipsmodule/p256-x86_64-asm.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86_64/crypto/fipsmodule/p256_beeu-x86_64-asm.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86_64/crypto/fipsmodule/rdrand-x86_64.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86_64/crypto/fipsmodule/rsaz-avx2.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86_64/crypto/fipsmodule/sha1-x86_64.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86_64/crypto/fipsmodule/sha256-x86_64.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86_64/crypto/fipsmodule/sha512-x86_64.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86_64/crypto/fipsmodule/vpaes-x86_64.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86_64/crypto/fipsmodule/x86_64-mont.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86_64/crypto/fipsmodule/x86_64-mont5.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86_64/crypto/test/trampoline-x86_64.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/win-aarch64/crypto/chacha/chacha-armv8.S +4 -14
- data/aws-crt-ffi/crt/aws-lc/generated-src/win-aarch64/crypto/cipher_extra/chacha20_poly1305_armv8.S +4 -14
- data/aws-crt-ffi/crt/aws-lc/generated-src/win-aarch64/crypto/fipsmodule/aesv8-armx.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/win-aarch64/crypto/fipsmodule/aesv8-gcm-armv8-unroll8.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/win-aarch64/crypto/fipsmodule/aesv8-gcm-armv8.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/win-aarch64/crypto/fipsmodule/armv8-mont.S +4 -14
- data/aws-crt-ffi/crt/aws-lc/generated-src/win-aarch64/crypto/fipsmodule/bn-armv8.S +4 -14
- data/aws-crt-ffi/crt/aws-lc/generated-src/win-aarch64/crypto/fipsmodule/ghash-neon-armv8.S +4 -14
- data/aws-crt-ffi/crt/aws-lc/generated-src/win-aarch64/crypto/fipsmodule/ghashv8-armx.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/win-aarch64/crypto/fipsmodule/keccak1600-armv8.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/win-aarch64/crypto/fipsmodule/md5-armv8.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/win-aarch64/crypto/fipsmodule/p256-armv8-asm.S +4 -14
- data/aws-crt-ffi/crt/aws-lc/generated-src/win-aarch64/crypto/fipsmodule/p256_beeu-armv8-asm.S +4 -14
- data/aws-crt-ffi/crt/aws-lc/generated-src/win-aarch64/crypto/fipsmodule/sha1-armv8.S +4 -14
- data/aws-crt-ffi/crt/aws-lc/generated-src/win-aarch64/crypto/fipsmodule/sha256-armv8.S +4 -14
- data/aws-crt-ffi/crt/aws-lc/generated-src/win-aarch64/crypto/fipsmodule/sha512-armv8.S +4 -14
- data/aws-crt-ffi/crt/aws-lc/generated-src/win-aarch64/crypto/fipsmodule/vpaes-armv8.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/win-aarch64/crypto/test/trampoline-armv8.S +4 -14
- data/aws-crt-ffi/crt/aws-lc/go.mod +4 -4
- data/aws-crt-ffi/crt/aws-lc/go.sum +8 -10
- data/aws-crt-ffi/crt/aws-lc/include/openssl/aead.h +2 -2
- data/aws-crt-ffi/crt/aws-lc/include/openssl/arm_arch.h +4 -119
- data/aws-crt-ffi/crt/aws-lc/include/openssl/asm_base.h +185 -0
- data/aws-crt-ffi/crt/aws-lc/include/openssl/asn1.h +5 -0
- data/aws-crt-ffi/crt/aws-lc/include/openssl/base.h +31 -134
- data/aws-crt-ffi/crt/aws-lc/include/openssl/bio.h +30 -18
- data/aws-crt-ffi/crt/aws-lc/include/openssl/bn.h +0 -2
- data/aws-crt-ffi/crt/aws-lc/include/openssl/chacha.h +6 -0
- data/aws-crt-ffi/crt/aws-lc/include/openssl/cipher.h +2 -2
- data/aws-crt-ffi/crt/aws-lc/include/openssl/digest.h +9 -6
- data/aws-crt-ffi/crt/aws-lc/include/openssl/dsa.h +0 -21
- data/aws-crt-ffi/crt/aws-lc/include/openssl/ec.h +1 -1
- data/aws-crt-ffi/crt/aws-lc/include/openssl/err.h +1 -1
- data/aws-crt-ffi/crt/aws-lc/include/openssl/evp.h +8 -5
- data/aws-crt-ffi/crt/aws-lc/include/openssl/nid.h +21 -0
- data/aws-crt-ffi/crt/aws-lc/include/openssl/rsa.h +1 -65
- data/aws-crt-ffi/crt/aws-lc/include/openssl/sha.h +22 -1
- data/aws-crt-ffi/crt/aws-lc/include/openssl/ssl.h +121 -13
- data/aws-crt-ffi/crt/aws-lc/include/openssl/stack.h +229 -208
- data/aws-crt-ffi/crt/aws-lc/include/openssl/target.h +166 -0
- data/aws-crt-ffi/crt/aws-lc/include/openssl/x509.h +30 -10
- data/aws-crt-ffi/crt/aws-lc/include/openssl/x509v3.h +6 -4
- data/aws-crt-ffi/crt/aws-lc/sources.cmake +2 -0
- data/aws-crt-ffi/crt/aws-lc/ssl/extensions.cc +12 -7
- data/aws-crt-ffi/crt/aws-lc/ssl/handshake_server.cc +28 -18
- data/aws-crt-ffi/crt/aws-lc/ssl/internal.h +41 -6
- data/aws-crt-ffi/crt/aws-lc/ssl/s3_both.cc +9 -17
- data/aws-crt-ffi/crt/aws-lc/ssl/ssl_cipher.cc +13 -5
- data/aws-crt-ffi/crt/aws-lc/ssl/ssl_key_share.cc +542 -2
- data/aws-crt-ffi/crt/aws-lc/ssl/ssl_lib.cc +35 -0
- data/aws-crt-ffi/crt/aws-lc/ssl/ssl_test.cc +1847 -14
- data/aws-crt-ffi/crt/aws-lc/ssl/ssl_x509.cc +128 -0
- data/aws-crt-ffi/crt/aws-lc/ssl/test/PORTING.md +10 -7
- data/aws-crt-ffi/crt/aws-lc/ssl/test/bssl_shim.cc +133 -77
- data/aws-crt-ffi/crt/aws-lc/ssl/test/handshake_util.cc +3 -3
- data/aws-crt-ffi/crt/aws-lc/ssl/test/handshaker.cc +4 -0
- data/aws-crt-ffi/crt/aws-lc/ssl/test/runner/handshake_client.go +6 -2
- data/aws-crt-ffi/crt/aws-lc/ssl/test/runner/handshake_messages.go +894 -1042
- data/aws-crt-ffi/crt/aws-lc/ssl/test/runner/handshake_server.go +24 -23
- data/aws-crt-ffi/crt/aws-lc/ssl/test/runner/prf.go +6 -5
- data/aws-crt-ffi/crt/aws-lc/ssl/test/runner/runner.go +56 -55
- data/aws-crt-ffi/crt/aws-lc/ssl/test/runner/shim_dispatcher.go +188 -0
- data/aws-crt-ffi/crt/aws-lc/ssl/test/runner/ticket.go +37 -39
- data/aws-crt-ffi/crt/aws-lc/ssl/test/test_config.cc +59 -24
- data/aws-crt-ffi/crt/aws-lc/ssl/test/test_config.h +3 -2
- data/aws-crt-ffi/crt/aws-lc/ssl/tls13_server.cc +10 -11
- data/aws-crt-ffi/crt/aws-lc/tests/ci/cdk/app.py +4 -4
- data/aws-crt-ffi/crt/aws-lc/tests/ci/cdk/cdk/{aws_lc_mac_arm_ci_stack.py → aws_lc_ec2_test_framework_ci_stack.py} +13 -29
- data/aws-crt-ffi/crt/aws-lc/tests/ci/cdk/cdk/ssm/general_test_run_ssm_document.yaml +43 -0
- data/aws-crt-ffi/crt/aws-lc/tests/ci/common_posix_setup.sh +10 -0
- data/aws-crt-ffi/crt/aws-lc/tests/ci/docker_images/linux-aarch/amazonlinux-2023_base/Dockerfile +5 -1
- data/aws-crt-ffi/crt/aws-lc/tests/ci/docker_images/linux-aarch/ubuntu-22.04_base/Dockerfile +19 -3
- data/aws-crt-ffi/crt/aws-lc/tests/ci/docker_images/linux-x86/amazonlinux-2_gcc-7x-intel-sde/Dockerfile +5 -4
- data/aws-crt-ffi/crt/aws-lc/tests/ci/docker_images/linux-x86/build_images.sh +1 -0
- data/aws-crt-ffi/crt/aws-lc/tests/ci/docker_images/linux-x86/push_images.sh +2 -1
- data/aws-crt-ffi/crt/aws-lc/tests/ci/docker_images/linux-x86/ubuntu-20.04_clang-10x_formal-verification/create_image.sh +1 -1
- data/aws-crt-ffi/crt/aws-lc/tests/ci/docker_images/linux-x86/ubuntu-22.04_base/Dockerfile +1 -0
- data/aws-crt-ffi/crt/aws-lc/tests/ci/docker_images/linux-x86/ubuntu-22.04_clang-14x-sde/Dockerfile +42 -0
- data/aws-crt-ffi/crt/aws-lc/tests/ci/docker_images/windows/vs2017/Dockerfile +14 -0
- data/aws-crt-ffi/crt/aws-lc/tests/ci/docker_images/windows/windows_base/Dockerfile +3 -0
- data/aws-crt-ffi/crt/aws-lc/tests/ci/integration/README.md +12 -0
- data/aws-crt-ffi/crt/aws-lc/tests/ci/integration/nginx_patch/aws-lc-nginx.patch +68 -23
- data/aws-crt-ffi/crt/aws-lc/tests/ci/integration/run_crt_integration.sh +27 -0
- data/aws-crt-ffi/crt/aws-lc/tests/ci/integration/run_monit_integration.sh +56 -0
- data/aws-crt-ffi/crt/aws-lc/tests/ci/integration/sslproxy_patch/aws-lc-sslproxy.patch +2 -2
- data/aws-crt-ffi/crt/aws-lc/tests/ci/run_ec2_test_framework.sh +135 -0
- data/aws-crt-ffi/crt/aws-lc/tests/ci/run_fips_tests.sh +14 -2
- data/aws-crt-ffi/crt/aws-lc/tests/ci/run_tests_with_sde.sh +4 -1
- data/aws-crt-ffi/crt/aws-lc/tests/ci/run_tests_with_sde_asan.sh +14 -0
- data/aws-crt-ffi/crt/aws-lc/tests/ci/run_windows_tests.bat +39 -3
- data/aws-crt-ffi/crt/aws-lc/third_party/fiat/README.md +21 -6
- data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/arm/curve25519/bignum_madd_n25519.S +284 -0
- data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/arm/curve25519/bignum_madd_n25519_alt.S +210 -0
- data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/arm/curve25519/bignum_mod_n25519.S +186 -0
- data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/arm/curve25519/bignum_neg_p25519.S +65 -0
- data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/arm/curve25519/curve25519_x25519.S +1043 -352
- data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/arm/curve25519/curve25519_x25519_alt.S +1043 -352
- data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/arm/curve25519/curve25519_x25519_byte.S +1043 -352
- data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/arm/curve25519/curve25519_x25519_byte_alt.S +1043 -352
- data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/arm/curve25519/curve25519_x25519base.S +1042 -352
- data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/arm/curve25519/curve25519_x25519base_alt.S +1042 -352
- data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/arm/curve25519/curve25519_x25519base_byte.S +1042 -352
- data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/arm/curve25519/curve25519_x25519base_byte_alt.S +1043 -354
- data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/arm/curve25519/edwards25519_decode.S +700 -0
- data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/arm/curve25519/edwards25519_decode_alt.S +563 -0
- data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/arm/curve25519/edwards25519_encode.S +131 -0
- data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/arm/curve25519/edwards25519_scalarmulbase.S +9626 -0
- data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/arm/curve25519/edwards25519_scalarmulbase_alt.S +9468 -0
- data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/arm/curve25519/edwards25519_scalarmuldouble.S +3157 -0
- data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/arm/curve25519/edwards25519_scalarmuldouble_alt.S +2941 -0
- data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/arm/p384/Makefile +1 -1
- data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/arm/p521/Makefile +1 -1
- data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/include/s2n-bignum_aws-lc.h +34 -0
- data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/x86_att/curve25519/bignum_madd_n25519.S +219 -0
- data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/x86_att/curve25519/bignum_madd_n25519_alt.S +245 -0
- data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/x86_att/curve25519/bignum_mod_n25519.S +228 -0
- data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/x86_att/curve25519/bignum_neg_p25519.S +86 -0
- data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/x86_att/curve25519/curve25519_x25519.S +1350 -407
- data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/x86_att/curve25519/curve25519_x25519_alt.S +1350 -407
- data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/x86_att/curve25519/curve25519_x25519base.S +1344 -400
- data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/x86_att/curve25519/curve25519_x25519base_alt.S +1348 -402
- data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/x86_att/curve25519/edwards25519_decode.S +670 -0
- data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/x86_att/curve25519/edwards25519_decode_alt.S +751 -0
- data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/x86_att/curve25519/edwards25519_encode.S +81 -0
- data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/x86_att/curve25519/edwards25519_scalarmulbase.S +9910 -0
- data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/x86_att/curve25519/edwards25519_scalarmulbase_alt.S +9986 -0
- data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/x86_att/curve25519/edwards25519_scalarmuldouble.S +3619 -0
- data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/x86_att/curve25519/edwards25519_scalarmuldouble_alt.S +3736 -0
- data/aws-crt-ffi/crt/aws-lc/third_party/wycheproof_testvectors/hmac_sha512_224_test.json +1978 -0
- data/aws-crt-ffi/crt/aws-lc/third_party/wycheproof_testvectors/hmac_sha512_224_test.txt +1403 -0
- data/aws-crt-ffi/crt/aws-lc/third_party/wycheproof_testvectors/hmac_sha512_256_test.json +1993 -0
- data/aws-crt-ffi/crt/aws-lc/third_party/wycheproof_testvectors/hmac_sha512_256_test.txt +1416 -0
- data/aws-crt-ffi/crt/aws-lc/tool/digest.cc +4 -0
- data/aws-crt-ffi/crt/aws-lc/tool/internal.h +1 -0
- data/aws-crt-ffi/crt/aws-lc/tool/speed.cc +53 -6
- data/aws-crt-ffi/crt/aws-lc/util/all_tests.go +43 -12
- data/aws-crt-ffi/crt/aws-lc/util/all_tests.json +13 -5
- data/aws-crt-ffi/crt/aws-lc/util/bot/DEPS +4 -4
- data/aws-crt-ffi/crt/aws-lc/util/bot/update_clang.py +8 -2
- data/aws-crt-ffi/crt/aws-lc/util/codecov-ci.sh +82 -0
- data/aws-crt-ffi/crt/aws-lc/util/convert_wycheproof/convert_wycheproof.go +7 -5
- data/aws-crt-ffi/crt/aws-lc/util/fipstools/acvp/ACVP.md +7 -0
- data/aws-crt-ffi/crt/aws-lc/util/fipstools/acvp/acvptool/subprocess/hash.go +24 -9
- data/aws-crt-ffi/crt/aws-lc/util/fipstools/acvp/acvptool/subprocess/rsa.go +3 -4
- data/aws-crt-ffi/crt/aws-lc/util/fipstools/acvp/acvptool/subprocess/subprocess.go +15 -10
- data/aws-crt-ffi/crt/aws-lc/util/fipstools/acvp/acvptool/test/expected/HMAC-SHA2-512-224.bz2 +0 -0
- data/aws-crt-ffi/crt/aws-lc/util/fipstools/acvp/acvptool/test/expected/SHA2-512-224.bz2 +0 -0
- data/aws-crt-ffi/crt/aws-lc/util/fipstools/acvp/acvptool/test/expected/SHAKE-128.bz2 +0 -0
- data/aws-crt-ffi/crt/aws-lc/util/fipstools/acvp/acvptool/test/expected/SHAKE-256.bz2 +0 -0
- data/aws-crt-ffi/crt/aws-lc/util/fipstools/acvp/acvptool/test/sha-tests/sha512-224-tests.json +1 -0
- data/aws-crt-ffi/crt/aws-lc/util/fipstools/acvp/acvptool/test/sha-tests/shake-128-tests.json +1 -0
- data/aws-crt-ffi/crt/aws-lc/util/fipstools/acvp/acvptool/test/sha-tests/shake-256-tests.json +1 -0
- data/aws-crt-ffi/crt/aws-lc/util/fipstools/acvp/acvptool/test/tests.json +1 -0
- data/aws-crt-ffi/crt/aws-lc/util/fipstools/acvp/acvptool/test/vectors/HMAC-SHA2-512-224.bz2 +0 -0
- data/aws-crt-ffi/crt/aws-lc/util/fipstools/acvp/acvptool/test/vectors/SHA2-512-224.bz2 +0 -0
- data/aws-crt-ffi/crt/aws-lc/util/fipstools/acvp/acvptool/test/vectors/SHAKE-128.bz2 +0 -0
- data/aws-crt-ffi/crt/aws-lc/util/fipstools/acvp/acvptool/test/vectors/SHAKE-256.bz2 +0 -0
- data/aws-crt-ffi/crt/aws-lc/util/fipstools/acvp/modulewrapper/main.cc +4 -0
- data/aws-crt-ffi/crt/aws-lc/util/fipstools/acvp/modulewrapper/modulewrapper.cc +144 -1
- data/aws-crt-ffi/crt/aws-lc/util/fipstools/delocate/delocate.go +9 -3
- data/aws-crt-ffi/crt/aws-lc/util/fipstools/delocate/testdata/aarch64-Basic/in.s +4 -0
- data/aws-crt-ffi/crt/aws-lc/util/fipstools/delocate/testdata/aarch64-Basic/out.s +11 -0
- data/aws-crt-ffi/crt/aws-lc/util/fipstools/inject_hash/inject_hash.go +13 -4
- data/aws-crt-ffi/crt/aws-lc/util/fipstools/test-break-kat.sh +2 -0
- data/aws-crt-ffi/crt/aws-lc/util/testconfig/testconfig.go +2 -1
- data/aws-crt-ffi/crt/s2n/api/s2n.h +9 -5
- data/aws-crt-ffi/crt/s2n/bindings/rust/bench/benches/handshake.rs +9 -6
- data/aws-crt-ffi/crt/s2n/bindings/rust/bench/benches/resumption.rs +14 -14
- data/aws-crt-ffi/crt/s2n/bindings/rust/bench/benches/throughput.rs +9 -6
- data/aws-crt-ffi/crt/s2n/bindings/rust/bench/src/harness.rs +106 -102
- data/aws-crt-ffi/crt/s2n/bindings/rust/bench/src/openssl.rs +24 -20
- data/aws-crt-ffi/crt/s2n/bindings/rust/bench/src/rustls.rs +28 -24
- data/aws-crt-ffi/crt/s2n/bindings/rust/bench/src/s2n_tls.rs +52 -50
- data/aws-crt-ffi/crt/s2n/bindings/rust/generate/Cargo.toml +1 -0
- data/aws-crt-ffi/crt/s2n/bindings/rust/integration/Cargo.toml +3 -0
- data/aws-crt-ffi/crt/s2n/bindings/rust/s2n-tls/Cargo.toml +2 -2
- data/aws-crt-ffi/crt/s2n/bindings/rust/s2n-tls/src/connection.rs +9 -0
- data/aws-crt-ffi/crt/s2n/bindings/rust/s2n-tls-sys/templates/Cargo.template +2 -1
- data/aws-crt-ffi/crt/s2n/bindings/rust/s2n-tls-tokio/Cargo.toml +2 -2
- data/aws-crt-ffi/crt/s2n/tests/cbmc/sources/make_common_datastructures.c +9 -2
- data/aws-crt-ffi/crt/s2n/tests/fuzz/s2n_client_cert_verify_recv_test.c +1 -1
- data/aws-crt-ffi/crt/s2n/tests/fuzz/s2n_hybrid_ecdhe_kyber_r3_fuzz_test.c +1 -1
- data/aws-crt-ffi/crt/s2n/tests/fuzz/s2n_tls13_cert_verify_recv_test.c +1 -1
- data/aws-crt-ffi/crt/s2n/tests/integrationv2/test_version_negotiation.py +4 -4
- data/aws-crt-ffi/crt/s2n/tests/unit/s2n_auth_selection_test.c +19 -9
- data/aws-crt-ffi/crt/s2n/tests/unit/s2n_client_auth_handshake_test.c +3 -3
- data/aws-crt-ffi/crt/s2n/tests/unit/s2n_client_cert_verify_test.c +1 -1
- data/aws-crt-ffi/crt/s2n/tests/unit/s2n_client_hello_recv_test.c +1 -1
- data/aws-crt-ffi/crt/s2n/tests/unit/s2n_client_hello_test.c +4 -4
- data/aws-crt-ffi/crt/s2n/tests/unit/s2n_client_signature_algorithms_extension_test.c +4 -5
- data/aws-crt-ffi/crt/s2n/tests/unit/s2n_connection_protocol_versions_test.c +390 -0
- data/aws-crt-ffi/crt/s2n/tests/unit/s2n_connection_test.c +8 -4
- data/aws-crt-ffi/crt/s2n/tests/unit/s2n_handshake_test.c +2 -1
- data/aws-crt-ffi/crt/s2n/tests/unit/s2n_quic_support_io_test.c +106 -0
- data/aws-crt-ffi/crt/s2n/tests/unit/s2n_security_policies_test.c +6 -2
- data/aws-crt-ffi/crt/s2n/tests/unit/s2n_self_talk_offload_signing_test.c +3 -3
- data/aws-crt-ffi/crt/s2n/tests/unit/s2n_self_talk_session_resumption_test.c +135 -0
- data/aws-crt-ffi/crt/s2n/tests/unit/s2n_server_new_session_ticket_test.c +32 -0
- data/aws-crt-ffi/crt/s2n/tests/unit/s2n_server_signature_algorithms_extension_test.c +1 -1
- data/aws-crt-ffi/crt/s2n/tests/unit/s2n_signature_algorithms_test.c +307 -283
- data/aws-crt-ffi/crt/s2n/tests/unit/s2n_tls13_cert_request_test.c +1 -1
- data/aws-crt-ffi/crt/s2n/tests/unit/s2n_tls13_cert_verify_test.c +18 -17
- data/aws-crt-ffi/crt/s2n/tests/unit/s2n_x509_validator_test.c +125 -0
- data/aws-crt-ffi/crt/s2n/tls/extensions/s2n_client_signature_algorithms.c +8 -1
- data/aws-crt-ffi/crt/s2n/tls/extensions/s2n_client_supported_versions.c +43 -11
- data/aws-crt-ffi/crt/s2n/tls/extensions/s2n_client_supported_versions.h +3 -0
- data/aws-crt-ffi/crt/s2n/tls/extensions/s2n_server_signature_algorithms.c +8 -1
- data/aws-crt-ffi/crt/s2n/tls/s2n_auth_selection.c +4 -2
- data/aws-crt-ffi/crt/s2n/tls/s2n_client_cert_verify.c +7 -10
- data/aws-crt-ffi/crt/s2n/tls/s2n_client_hello.c +2 -2
- data/aws-crt-ffi/crt/s2n/tls/s2n_connection.c +75 -14
- data/aws-crt-ffi/crt/s2n/tls/s2n_handshake.h +2 -2
- data/aws-crt-ffi/crt/s2n/tls/s2n_post_handshake.c +1 -1
- data/aws-crt-ffi/crt/s2n/tls/s2n_post_handshake.h +1 -0
- data/aws-crt-ffi/crt/s2n/tls/s2n_quic_support.c +29 -0
- data/aws-crt-ffi/crt/s2n/tls/s2n_quic_support.h +5 -0
- data/aws-crt-ffi/crt/s2n/tls/s2n_security_policies.c +40 -0
- data/aws-crt-ffi/crt/s2n/tls/s2n_security_policies.h +4 -0
- data/aws-crt-ffi/crt/s2n/tls/s2n_server_cert_request.c +1 -1
- data/aws-crt-ffi/crt/s2n/tls/s2n_server_hello.c +0 -3
- data/aws-crt-ffi/crt/s2n/tls/s2n_server_key_exchange.c +8 -9
- data/aws-crt-ffi/crt/s2n/tls/s2n_server_new_session_ticket.c +8 -0
- data/aws-crt-ffi/crt/s2n/tls/s2n_signature_algorithms.c +111 -72
- data/aws-crt-ffi/crt/s2n/tls/s2n_signature_algorithms.h +11 -9
- data/aws-crt-ffi/crt/s2n/tls/s2n_signature_scheme.c +9 -0
- data/aws-crt-ffi/crt/s2n/tls/s2n_signature_scheme.h +2 -0
- data/aws-crt-ffi/crt/s2n/tls/s2n_tls13_certificate_verify.c +12 -18
- data/aws-crt-ffi/crt/s2n/tls/s2n_x509_validator.c +7 -7
- data/aws-crt-ffi/src/api.h +1 -0
- data/lib/aws-crt/native.rb +1 -1
- metadata +68 -5
- data/aws-crt-ffi/crt/aws-lc/tests/ci/cdk/cdk/ssm/m1_tests_ssm_document.yaml +0 -34
- data/aws-crt-ffi/crt/aws-lc/tests/ci/run_m1_ec2_instance.sh +0 -96
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 44902427f5ce75db6b6414579414b05c514914588d021710ba3b5ce0c844811e
|
|
4
|
+
data.tar.gz: 4157116893d5a8e0e3bec90f8322291922f75b23c88544b44205f5d47a627de0
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 778d81486f2e248d7deaa06dda65c6cfe5a26876948b06cd5b457dd473cf82d2ff98478de7287474bd03a7fbc7abcd1b7d879e088c7b81c6f5c2b3cdcff47922
|
|
7
|
+
data.tar.gz: c1a985a56a022896dcafab5fa4bb499da64a77e736dd8d58e340d32c4c004e3c5508ca4d813f930ccc924b9a728cf8a68c3250aac2c7fe22523a3b3b5fe4cc79
|
data/CHANGELOG.md
CHANGED
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
0.
|
|
1
|
+
0.2.0
|
|
@@ -49,6 +49,7 @@ enum aws_auth_errors {
|
|
|
49
49
|
AWS_AUTH_SSO_TOKEN_INVALID,
|
|
50
50
|
AWS_AUTH_SSO_TOKEN_EXPIRED,
|
|
51
51
|
AWS_AUTH_CREDENTIALS_PROVIDER_SSO_SOURCE_FAILURE,
|
|
52
|
+
AWS_AUTH_IMDS_CLIENT_SOURCE_FAILURE,
|
|
52
53
|
|
|
53
54
|
AWS_AUTH_ERROR_END_RANGE = AWS_ERROR_ENUM_END_RANGE(AWS_C_AUTH_PACKAGE_ID)
|
|
54
55
|
};
|
|
@@ -50,6 +50,11 @@ struct aws_imds_client_options {
|
|
|
50
50
|
*/
|
|
51
51
|
enum aws_imds_protocol_version imds_version;
|
|
52
52
|
|
|
53
|
+
/*
|
|
54
|
+
* If true, fallback from v2 to v1 will be disabled for all cases
|
|
55
|
+
*/
|
|
56
|
+
bool ec2_metadata_v1_disabled;
|
|
57
|
+
|
|
53
58
|
/*
|
|
54
59
|
* Table holding all cross-system functional dependencies for an imds client.
|
|
55
60
|
*
|
|
@@ -216,6 +216,11 @@ struct aws_credentials_provider_imds_options {
|
|
|
216
216
|
*/
|
|
217
217
|
enum aws_imds_protocol_version imds_version;
|
|
218
218
|
|
|
219
|
+
/*
|
|
220
|
+
* If true, fallback from v2 to v1 will be disabled for all cases
|
|
221
|
+
*/
|
|
222
|
+
bool ec2_metadata_v1_disabled;
|
|
223
|
+
|
|
219
224
|
/* For mocking the http layer in tests, leave NULL otherwise */
|
|
220
225
|
struct aws_auth_http_system_vtable *function_table;
|
|
221
226
|
};
|
|
@@ -109,6 +109,7 @@ AWS_AUTH_API extern const struct aws_string *g_aws_signing_credential_query_para
|
|
|
109
109
|
AWS_AUTH_API extern const struct aws_string *g_aws_signing_date_name;
|
|
110
110
|
AWS_AUTH_API extern const struct aws_string *g_aws_signing_signed_headers_query_param_name;
|
|
111
111
|
AWS_AUTH_API extern const struct aws_string *g_aws_signing_security_token_name;
|
|
112
|
+
AWS_AUTH_API extern const struct aws_string *g_aws_signing_s3session_token_name;
|
|
112
113
|
AWS_AUTH_API extern const struct aws_string *g_signature_type_sigv4a_http_request;
|
|
113
114
|
|
|
114
115
|
/**
|
|
@@ -68,6 +68,8 @@ struct aws_auth_http_system_vtable {
|
|
|
68
68
|
aws_http_stream_release_fn *aws_http_stream_release;
|
|
69
69
|
|
|
70
70
|
aws_http_connection_close_fn *aws_http_connection_close;
|
|
71
|
+
|
|
72
|
+
int (*aws_high_res_clock_get_ticks)(uint64_t *timestamp);
|
|
71
73
|
};
|
|
72
74
|
|
|
73
75
|
enum aws_parse_credentials_expiration_format {
|
|
@@ -103,7 +103,9 @@ static struct aws_error_info s_errors[] = {
|
|
|
103
103
|
AWS_DEFINE_ERROR_INFO_AUTH(
|
|
104
104
|
AWS_AUTH_CREDENTIALS_PROVIDER_SSO_SOURCE_FAILURE,
|
|
105
105
|
"Valid credentials could not be sourced by the sso credentials provider"),
|
|
106
|
-
|
|
106
|
+
AWS_DEFINE_ERROR_INFO_AUTH(
|
|
107
|
+
AWS_AUTH_IMDS_CLIENT_SOURCE_FAILURE,
|
|
108
|
+
"Failed to source the IMDS resource")
|
|
107
109
|
};
|
|
108
110
|
/* clang-format on */
|
|
109
111
|
|
|
@@ -58,13 +58,16 @@ struct aws_imds_client {
|
|
|
58
58
|
struct aws_retry_strategy *retry_strategy;
|
|
59
59
|
const struct aws_auth_http_system_vtable *function_table;
|
|
60
60
|
struct aws_imds_client_shutdown_options shutdown_options;
|
|
61
|
+
|
|
61
62
|
/* will be set to true by default, means using IMDS V2 */
|
|
62
63
|
bool token_required;
|
|
63
64
|
struct aws_byte_buf cached_token;
|
|
65
|
+
uint64_t cached_token_expiration_timestamp;
|
|
64
66
|
enum imds_token_state token_state;
|
|
65
67
|
struct aws_linked_list pending_queries;
|
|
66
68
|
struct aws_mutex token_lock;
|
|
67
69
|
struct aws_condition_variable token_signal;
|
|
70
|
+
bool ec2_metadata_v1_disabled;
|
|
68
71
|
|
|
69
72
|
struct aws_atomic_var ref_count;
|
|
70
73
|
};
|
|
@@ -144,6 +147,7 @@ struct aws_imds_client *aws_imds_client_new(
|
|
|
144
147
|
client->function_table =
|
|
145
148
|
options->function_table ? options->function_table : g_aws_credentials_provider_http_function_table;
|
|
146
149
|
client->token_required = options->imds_version == IMDS_PROTOCOL_V1 ? false : true;
|
|
150
|
+
client->ec2_metadata_v1_disabled = options->ec2_metadata_v1_disabled;
|
|
147
151
|
client->shutdown_options = options->shutdown_options;
|
|
148
152
|
|
|
149
153
|
struct aws_socket_options socket_options;
|
|
@@ -165,12 +169,6 @@ struct aws_imds_client *aws_imds_client_new(
|
|
|
165
169
|
manager_options.shutdown_complete_callback = s_on_connection_manager_shutdown;
|
|
166
170
|
manager_options.shutdown_complete_user_data = client;
|
|
167
171
|
|
|
168
|
-
struct aws_http_connection_monitoring_options monitor_options;
|
|
169
|
-
AWS_ZERO_STRUCT(monitor_options);
|
|
170
|
-
monitor_options.allowable_throughput_failure_interval_seconds = 1;
|
|
171
|
-
monitor_options.minimum_throughput_bytes_per_second = 1;
|
|
172
|
-
manager_options.monitoring_options = &monitor_options;
|
|
173
|
-
|
|
174
172
|
client->connection_manager = client->function_table->aws_http_connection_manager_new(allocator, &manager_options);
|
|
175
173
|
if (!client->connection_manager) {
|
|
176
174
|
goto on_error;
|
|
@@ -221,7 +219,10 @@ struct imds_user_data {
|
|
|
221
219
|
* will be adapted according to response.
|
|
222
220
|
*/
|
|
223
221
|
bool imds_token_required;
|
|
222
|
+
/* Indicate the request is a fallback from a failure call. */
|
|
223
|
+
bool is_fallback_request;
|
|
224
224
|
bool is_imds_token_request;
|
|
225
|
+
bool ec2_metadata_v1_disabled;
|
|
225
226
|
int status_code;
|
|
226
227
|
int error_code;
|
|
227
228
|
|
|
@@ -283,6 +284,7 @@ static struct imds_user_data *s_user_data_new(
|
|
|
283
284
|
}
|
|
284
285
|
|
|
285
286
|
wrapped_user_data->imds_token_required = client->token_required;
|
|
287
|
+
wrapped_user_data->ec2_metadata_v1_disabled = client->ec2_metadata_v1_disabled;
|
|
286
288
|
aws_atomic_store_int(&wrapped_user_data->ref_count, 1);
|
|
287
289
|
return wrapped_user_data;
|
|
288
290
|
|
|
@@ -319,8 +321,11 @@ static void s_reset_scratch_user_data(struct imds_user_data *user_data) {
|
|
|
319
321
|
}
|
|
320
322
|
|
|
321
323
|
static enum imds_token_copy_result s_copy_token_safely(struct imds_user_data *user_data);
|
|
322
|
-
static void
|
|
323
|
-
|
|
324
|
+
static void s_update_token_safely(
|
|
325
|
+
struct aws_imds_client *client,
|
|
326
|
+
struct aws_byte_buf *token,
|
|
327
|
+
bool token_required,
|
|
328
|
+
uint64_t expire_timestamp);
|
|
324
329
|
static void s_query_complete(struct imds_user_data *user_data);
|
|
325
330
|
static void s_on_acquire_connection(struct aws_http_connection *connection, int error_code, void *user_data);
|
|
326
331
|
static void s_on_retry_token_acquired(struct aws_retry_strategy *, int, struct aws_retry_token *, void *);
|
|
@@ -397,6 +402,8 @@ AWS_STATIC_STRING_FROM_LITERAL(s_imds_token_resource_path, "/latest/api/token");
|
|
|
397
402
|
AWS_STATIC_STRING_FROM_LITERAL(s_imds_token_ttl_header, "x-aws-ec2-metadata-token-ttl-seconds");
|
|
398
403
|
AWS_STATIC_STRING_FROM_LITERAL(s_imds_token_header, "x-aws-ec2-metadata-token");
|
|
399
404
|
AWS_STATIC_STRING_FROM_LITERAL(s_imds_token_ttl_default_value, "21600");
|
|
405
|
+
/* s_imds_token_ttl_default_value - 5secs for refreshing the cached token */
|
|
406
|
+
static const uint64_t s_imds_token_ttl_secs = 21595;
|
|
400
407
|
|
|
401
408
|
static void s_on_stream_complete_fn(struct aws_http_stream *stream, int error_code, void *user_data);
|
|
402
409
|
|
|
@@ -468,6 +475,7 @@ static int s_make_imds_http_query(
|
|
|
468
475
|
.on_response_header_block_done = NULL,
|
|
469
476
|
.on_response_body = s_on_incoming_body_fn,
|
|
470
477
|
.on_complete = s_on_stream_complete_fn,
|
|
478
|
+
.response_first_byte_timeout_ms = 1000,
|
|
471
479
|
.user_data = user_data,
|
|
472
480
|
.request = request,
|
|
473
481
|
};
|
|
@@ -497,25 +505,51 @@ on_error:
|
|
|
497
505
|
static void s_client_on_token_response(struct imds_user_data *user_data) {
|
|
498
506
|
/* Gets 400 means token is required but the request itself failed. */
|
|
499
507
|
if (user_data->status_code == AWS_HTTP_STATUS_CODE_400_BAD_REQUEST) {
|
|
500
|
-
s_update_token_safely(user_data->client, NULL, true);
|
|
508
|
+
s_update_token_safely(user_data->client, NULL, true, 0 /*expire_timestamp*/);
|
|
501
509
|
return;
|
|
502
510
|
}
|
|
503
|
-
|
|
504
|
-
|
|
505
|
-
|
|
506
|
-
|
|
507
|
-
*/
|
|
508
|
-
if (user_data->status_code != AWS_HTTP_STATUS_CODE_200_OK || user_data->current_result.len == 0) {
|
|
509
|
-
s_update_token_safely(user_data->client, NULL, false);
|
|
510
|
-
} else {
|
|
511
|
+
|
|
512
|
+
if (user_data->status_code == AWS_HTTP_STATUS_CODE_200_OK && user_data->current_result.len != 0) {
|
|
513
|
+
AWS_LOGF_DEBUG(AWS_LS_IMDS_CLIENT, "(id=%p) IMDS client has fetched the token", (void *)user_data->client);
|
|
514
|
+
|
|
511
515
|
struct aws_byte_cursor cursor = aws_byte_cursor_from_buf(&(user_data->current_result));
|
|
512
516
|
aws_byte_cursor_trim_pred(&cursor, aws_char_is_space);
|
|
513
517
|
aws_byte_buf_reset(&user_data->imds_token, true /*zero contents*/);
|
|
514
518
|
if (aws_byte_buf_append_and_update(&user_data->imds_token, &cursor)) {
|
|
515
|
-
s_update_token_safely(user_data->client, NULL
|
|
519
|
+
s_update_token_safely(user_data->client, NULL /*token*/, true /*token_required*/, 0 /*expire_timestamp*/);
|
|
516
520
|
return;
|
|
517
521
|
}
|
|
518
|
-
|
|
522
|
+
/* The token was ALWAYS last for 6 hours, 21600 secs. Use current timestamp plus 21595 secs as the expiration
|
|
523
|
+
* timestamp for current token */
|
|
524
|
+
uint64_t current = 0;
|
|
525
|
+
user_data->client->function_table->aws_high_res_clock_get_ticks(¤t);
|
|
526
|
+
uint64_t expire_timestamp = aws_add_u64_saturating(
|
|
527
|
+
current, aws_timestamp_convert(s_imds_token_ttl_secs, AWS_TIMESTAMP_SECS, AWS_TIMESTAMP_NANOS, NULL));
|
|
528
|
+
|
|
529
|
+
AWS_ASSERT(cursor.len != 0);
|
|
530
|
+
s_update_token_safely(user_data->client, &user_data->imds_token, true /*token_required*/, expire_timestamp);
|
|
531
|
+
} else if (user_data->ec2_metadata_v1_disabled) {
|
|
532
|
+
AWS_LOGF_DEBUG(
|
|
533
|
+
AWS_LS_IMDS_CLIENT,
|
|
534
|
+
"(id=%p) IMDS client failed to fetch token for requester %p, and fall back to v1 is disabled."
|
|
535
|
+
"Received response status code: %d",
|
|
536
|
+
(void *)user_data->client,
|
|
537
|
+
(void *)user_data,
|
|
538
|
+
user_data->status_code);
|
|
539
|
+
s_update_token_safely(user_data->client, NULL /*token*/, true /*token_required*/, 0 /*expire_timestamp*/);
|
|
540
|
+
} else {
|
|
541
|
+
/* Request failed; falling back to insecure request.
|
|
542
|
+
* TODO: The retryable error (503 throttle) will also fall back to v1. Instead, we should just resend the token
|
|
543
|
+
* request.
|
|
544
|
+
*/
|
|
545
|
+
AWS_LOGF_DEBUG(
|
|
546
|
+
AWS_LS_IMDS_CLIENT,
|
|
547
|
+
"(id=%p) IMDS client failed to fetch token for requester %p, fall back to v1 for the same "
|
|
548
|
+
"requester. Received response status code: %d",
|
|
549
|
+
(void *)user_data->client,
|
|
550
|
+
(void *)user_data,
|
|
551
|
+
user_data->status_code);
|
|
552
|
+
s_update_token_safely(user_data->client, NULL /*token*/, false /* token_required*/, 0 /*expire_timestamp*/);
|
|
519
553
|
}
|
|
520
554
|
}
|
|
521
555
|
|
|
@@ -544,6 +578,7 @@ static void s_client_do_query_token(struct imds_user_data *user_data) {
|
|
|
544
578
|
/* start query token for imds client */
|
|
545
579
|
struct aws_byte_cursor uri = aws_byte_cursor_from_string(s_imds_token_resource_path);
|
|
546
580
|
|
|
581
|
+
/* Hard-coded 6 hour TTL for the token. */
|
|
547
582
|
struct aws_http_header token_ttl_header = {
|
|
548
583
|
.name = aws_byte_cursor_from_string(s_imds_token_ttl_header),
|
|
549
584
|
.value = aws_byte_cursor_from_string(s_imds_token_ttl_default_value),
|
|
@@ -607,17 +642,50 @@ static void s_query_complete(struct imds_user_data *user_data) {
|
|
|
607
642
|
return;
|
|
608
643
|
}
|
|
609
644
|
|
|
610
|
-
/* In this case we fallback to the secure imds flow. */
|
|
611
645
|
if (user_data->status_code == AWS_HTTP_STATUS_CODE_401_UNAUTHORIZED) {
|
|
612
|
-
|
|
613
|
-
|
|
614
|
-
|
|
615
|
-
|
|
616
|
-
|
|
646
|
+
struct aws_imds_client *client = user_data->client;
|
|
647
|
+
aws_mutex_lock(&client->token_lock);
|
|
648
|
+
if (aws_byte_buf_eq(&user_data->imds_token, &client->cached_token)) {
|
|
649
|
+
/* If the token used matches the cached token, that means the cached token is invalid. */
|
|
650
|
+
client->token_state = AWS_IMDS_TS_INVALID;
|
|
651
|
+
AWS_LOGF_DEBUG(
|
|
652
|
+
AWS_LS_IMDS_CLIENT,
|
|
653
|
+
"(id=%p) IMDS client's cached token is invalidated by requester %p.",
|
|
654
|
+
(void *)client,
|
|
655
|
+
(void *)user_data);
|
|
656
|
+
}
|
|
657
|
+
/* let following requests use token as it's required. */
|
|
658
|
+
client->token_required = true;
|
|
659
|
+
aws_mutex_unlock(&client->token_lock);
|
|
660
|
+
|
|
661
|
+
if (!user_data->imds_token_required && !user_data->is_fallback_request) {
|
|
662
|
+
AWS_LOGF_DEBUG(
|
|
663
|
+
AWS_LS_IMDS_CLIENT,
|
|
664
|
+
"(id=%p) IMDS client failed to fetch resource via V1, try to use V2. requester %p.",
|
|
665
|
+
(void *)user_data->client,
|
|
666
|
+
(void *)user_data);
|
|
667
|
+
/* V1 request, fallback to V2 and try again. */
|
|
668
|
+
s_reset_scratch_user_data(user_data);
|
|
669
|
+
user_data->is_fallback_request = true;
|
|
670
|
+
aws_retry_token_release(user_data->retry_token);
|
|
671
|
+
/* Try V2 now. */
|
|
672
|
+
if (s_get_resource_async_with_imds_token(user_data)) {
|
|
673
|
+
s_user_data_release(user_data);
|
|
674
|
+
}
|
|
675
|
+
return;
|
|
676
|
+
} else {
|
|
677
|
+
/* Not retirable error. */
|
|
678
|
+
AWS_LOGF_ERROR(
|
|
679
|
+
AWS_LS_IMDS_CLIENT,
|
|
680
|
+
"(id=%p) IMDS client failed to fetch resource. Server response 401 UNAUTHORIZED. requester %p.",
|
|
681
|
+
(void *)user_data->client,
|
|
682
|
+
(void *)user_data);
|
|
683
|
+
user_data->error_code = AWS_AUTH_IMDS_CLIENT_SOURCE_FAILURE;
|
|
617
684
|
}
|
|
618
|
-
return;
|
|
619
685
|
}
|
|
620
686
|
|
|
687
|
+
/* TODO: if server sent out error, we will still report as succeed with the error body received from server. */
|
|
688
|
+
/* TODO: retry for 503 throttle. */
|
|
621
689
|
user_data->original_callback(
|
|
622
690
|
user_data->error_code ? NULL : &user_data->current_result,
|
|
623
691
|
user_data->error_code,
|
|
@@ -683,6 +751,7 @@ static void s_on_stream_complete_fn(struct aws_http_stream *stream, int error_co
|
|
|
683
751
|
client->function_table->aws_http_connection_manager_release_connection(client->connection_manager, connection);
|
|
684
752
|
|
|
685
753
|
/* on encountering error, see if we could try again */
|
|
754
|
+
/* TODO: check the status code as well? */
|
|
686
755
|
if (error_code) {
|
|
687
756
|
AWS_LOGF_WARN(
|
|
688
757
|
AWS_LS_IMDS_CLIENT,
|
|
@@ -753,8 +822,27 @@ static void s_complete_pending_queries(
|
|
|
753
822
|
struct imds_user_data *requester = query->user_data;
|
|
754
823
|
aws_mem_release(client->allocator, query);
|
|
755
824
|
|
|
756
|
-
requester->imds_token_required = token_required;
|
|
757
825
|
bool should_continue = true;
|
|
826
|
+
if (requester->imds_token_required && !token_required) {
|
|
827
|
+
if (requester->is_fallback_request) {
|
|
828
|
+
AWS_LOGF_ERROR(
|
|
829
|
+
AWS_LS_IMDS_CLIENT,
|
|
830
|
+
"(id=%p) IMDS client failed to fetch resource without token, and also failed to fetch token. "
|
|
831
|
+
"requester %p.",
|
|
832
|
+
(void *)requester->client,
|
|
833
|
+
(void *)requester);
|
|
834
|
+
requester->error_code = AWS_AUTH_IMDS_CLIENT_SOURCE_FAILURE;
|
|
835
|
+
should_continue = false;
|
|
836
|
+
} else {
|
|
837
|
+
AWS_LOGF_DEBUG(
|
|
838
|
+
AWS_LS_IMDS_CLIENT,
|
|
839
|
+
"(id=%p) IMDS client failed to fetch token, fallback to v1. requester %p.",
|
|
840
|
+
(void *)requester->client,
|
|
841
|
+
(void *)requester);
|
|
842
|
+
requester->is_fallback_request = true;
|
|
843
|
+
}
|
|
844
|
+
}
|
|
845
|
+
requester->imds_token_required = token_required;
|
|
758
846
|
if (token) {
|
|
759
847
|
aws_byte_buf_reset(&requester->imds_token, true);
|
|
760
848
|
struct aws_byte_cursor cursor = aws_byte_cursor_from_buf(token);
|
|
@@ -767,6 +855,7 @@ static void s_complete_pending_queries(
|
|
|
767
855
|
should_continue = false;
|
|
768
856
|
}
|
|
769
857
|
} else if (token_required) {
|
|
858
|
+
requester->error_code = AWS_AUTH_IMDS_CLIENT_SOURCE_FAILURE;
|
|
770
859
|
should_continue = false;
|
|
771
860
|
}
|
|
772
861
|
|
|
@@ -781,9 +870,8 @@ static void s_complete_pending_queries(
|
|
|
781
870
|
}
|
|
782
871
|
|
|
783
872
|
if (!should_continue) {
|
|
784
|
-
requester->error_code = aws_last_error();
|
|
785
873
|
if (requester->error_code == AWS_ERROR_SUCCESS) {
|
|
786
|
-
requester->error_code = AWS_ERROR_UNKNOWN;
|
|
874
|
+
requester->error_code = aws_last_error() == AWS_ERROR_SUCCESS ? AWS_ERROR_UNKNOWN : aws_last_error();
|
|
787
875
|
}
|
|
788
876
|
s_query_complete(requester);
|
|
789
877
|
}
|
|
@@ -796,25 +884,35 @@ static enum imds_token_copy_result s_copy_token_safely(struct imds_user_data *us
|
|
|
796
884
|
|
|
797
885
|
struct aws_linked_list pending_queries;
|
|
798
886
|
aws_linked_list_init(&pending_queries);
|
|
799
|
-
|
|
887
|
+
uint64_t current = 0;
|
|
888
|
+
user_data->client->function_table->aws_high_res_clock_get_ticks(¤t);
|
|
800
889
|
|
|
890
|
+
aws_mutex_lock(&client->token_lock);
|
|
801
891
|
if (client->token_state == AWS_IMDS_TS_VALID) {
|
|
802
|
-
|
|
803
|
-
|
|
804
|
-
|
|
805
|
-
|
|
892
|
+
if (current > client->cached_token_expiration_timestamp) {
|
|
893
|
+
/* The cached token expired. Switch the state */
|
|
894
|
+
client->token_state = AWS_IMDS_TS_INVALID;
|
|
895
|
+
AWS_LOGF_DEBUG(
|
|
896
|
+
AWS_LS_IMDS_CLIENT,
|
|
897
|
+
"(id=%p) IMDS client's cached token expired. Fetching new token for requester %p.",
|
|
898
|
+
(void *)client,
|
|
899
|
+
(void *)user_data);
|
|
806
900
|
} else {
|
|
807
|
-
|
|
901
|
+
aws_byte_buf_reset(&user_data->imds_token, true);
|
|
902
|
+
struct aws_byte_cursor cursor = aws_byte_cursor_from_buf(&client->cached_token);
|
|
903
|
+
if (aws_byte_buf_append_dynamic(&user_data->imds_token, &cursor)) {
|
|
904
|
+
ret = AWS_IMDS_TCR_UNEXPECTED_ERROR;
|
|
905
|
+
} else {
|
|
906
|
+
ret = AWS_IMDS_TCR_SUCCESS;
|
|
907
|
+
}
|
|
808
908
|
}
|
|
809
|
-
}
|
|
909
|
+
}
|
|
910
|
+
|
|
911
|
+
if (client->token_state != AWS_IMDS_TS_VALID) {
|
|
810
912
|
ret = AWS_IMDS_TCR_WAITING_IN_QUEUE;
|
|
811
913
|
struct imds_token_query *query = aws_mem_calloc(client->allocator, 1, sizeof(struct imds_token_query));
|
|
812
|
-
|
|
813
|
-
|
|
814
|
-
aws_linked_list_push_back(&client->pending_queries, &query->node);
|
|
815
|
-
} else {
|
|
816
|
-
ret = AWS_IMDS_TCR_UNEXPECTED_ERROR;
|
|
817
|
-
}
|
|
914
|
+
query->user_data = user_data;
|
|
915
|
+
aws_linked_list_push_back(&client->pending_queries, &query->node);
|
|
818
916
|
|
|
819
917
|
if (client->token_state == AWS_IMDS_TS_INVALID) {
|
|
820
918
|
if (s_client_start_query_token(client)) {
|
|
@@ -855,31 +953,16 @@ static enum imds_token_copy_result s_copy_token_safely(struct imds_user_data *us
|
|
|
855
953
|
}
|
|
856
954
|
return ret;
|
|
857
955
|
}
|
|
858
|
-
|
|
859
|
-
static void s_invalidate_cached_token_safely(struct imds_user_data *user_data) {
|
|
860
|
-
bool invalidated = false;
|
|
861
|
-
struct aws_imds_client *client = user_data->client;
|
|
862
|
-
aws_mutex_lock(&client->token_lock);
|
|
863
|
-
if (aws_byte_buf_eq(&user_data->imds_token, &client->cached_token)) {
|
|
864
|
-
client->token_state = AWS_IMDS_TS_INVALID;
|
|
865
|
-
invalidated = true;
|
|
866
|
-
}
|
|
867
|
-
aws_mutex_unlock(&client->token_lock);
|
|
868
|
-
if (invalidated) {
|
|
869
|
-
AWS_LOGF_DEBUG(
|
|
870
|
-
AWS_LS_IMDS_CLIENT,
|
|
871
|
-
"(id=%p) IMDS client's cached token is set to be invalid by requester %p.",
|
|
872
|
-
(void *)client,
|
|
873
|
-
(void *)user_data);
|
|
874
|
-
}
|
|
875
|
-
}
|
|
876
|
-
|
|
877
956
|
/**
|
|
878
957
|
* Once a requseter returns from token request, it should call this function to unblock all other
|
|
879
958
|
* waiting requesters. When the token parameter is NULL, means the token request failed. Now we need
|
|
880
959
|
* a new requester to acquire the token again.
|
|
881
960
|
*/
|
|
882
|
-
static
|
|
961
|
+
static void s_update_token_safely(
|
|
962
|
+
struct aws_imds_client *client,
|
|
963
|
+
struct aws_byte_buf *token,
|
|
964
|
+
bool token_required,
|
|
965
|
+
uint64_t expire_timestamp) {
|
|
883
966
|
AWS_FATAL_ASSERT(client);
|
|
884
967
|
bool updated = false;
|
|
885
968
|
|
|
@@ -893,6 +976,7 @@ static bool s_update_token_safely(struct aws_imds_client *client, struct aws_byt
|
|
|
893
976
|
struct aws_byte_cursor cursor = aws_byte_cursor_from_buf(token);
|
|
894
977
|
if (aws_byte_buf_append_dynamic(&client->cached_token, &cursor) == AWS_OP_SUCCESS) {
|
|
895
978
|
client->token_state = AWS_IMDS_TS_VALID;
|
|
979
|
+
client->cached_token_expiration_timestamp = expire_timestamp;
|
|
896
980
|
updated = true;
|
|
897
981
|
}
|
|
898
982
|
} else {
|
|
@@ -909,7 +993,6 @@ static bool s_update_token_safely(struct aws_imds_client *client, struct aws_byt
|
|
|
909
993
|
} else {
|
|
910
994
|
AWS_LOGF_ERROR(AWS_LS_IMDS_CLIENT, "(id=%p) IMDS client failed to update the token from IMDS.", (void *)client);
|
|
911
995
|
}
|
|
912
|
-
return updated;
|
|
913
996
|
}
|
|
914
997
|
|
|
915
998
|
int s_get_resource_async_with_imds_token(struct imds_user_data *user_data) {
|
|
@@ -59,6 +59,7 @@ AWS_STRING_FROM_LITERAL(g_aws_signing_credential_query_param_name, "X-Amz-Creden
|
|
|
59
59
|
AWS_STRING_FROM_LITERAL(g_aws_signing_date_name, "X-Amz-Date");
|
|
60
60
|
AWS_STRING_FROM_LITERAL(g_aws_signing_signed_headers_query_param_name, "X-Amz-SignedHeaders");
|
|
61
61
|
AWS_STRING_FROM_LITERAL(g_aws_signing_security_token_name, "X-Amz-Security-Token");
|
|
62
|
+
AWS_STRING_FROM_LITERAL(g_aws_signing_s3session_token_name, "X-Amz-S3session-Token");
|
|
62
63
|
AWS_STRING_FROM_LITERAL(g_aws_signing_expires_query_param_name, "X-Amz-Expires");
|
|
63
64
|
AWS_STRING_FROM_LITERAL(g_aws_signing_region_set_name, "X-Amz-Region-Set");
|
|
64
65
|
|
|
@@ -87,6 +88,7 @@ static struct aws_byte_cursor s_amz_date_header_name;
|
|
|
87
88
|
static struct aws_byte_cursor s_authorization_header_name;
|
|
88
89
|
static struct aws_byte_cursor s_region_set_header_name;
|
|
89
90
|
static struct aws_byte_cursor s_amz_security_token_header_name;
|
|
91
|
+
static struct aws_byte_cursor s_amz_s3session_token_header_name;
|
|
90
92
|
|
|
91
93
|
static struct aws_byte_cursor s_amz_signature_param_name;
|
|
92
94
|
static struct aws_byte_cursor s_amz_date_param_name;
|
|
@@ -191,6 +193,11 @@ int aws_signing_init_signing_tables(struct aws_allocator *allocator) {
|
|
|
191
193
|
return AWS_OP_ERR;
|
|
192
194
|
}
|
|
193
195
|
|
|
196
|
+
s_amz_s3session_token_header_name = aws_byte_cursor_from_string(g_aws_signing_s3session_token_name);
|
|
197
|
+
if (aws_hash_table_put(&s_forbidden_headers, &s_amz_s3session_token_header_name, NULL, NULL)) {
|
|
198
|
+
return AWS_OP_ERR;
|
|
199
|
+
}
|
|
200
|
+
|
|
194
201
|
if (aws_hash_table_init(
|
|
195
202
|
&s_forbidden_params,
|
|
196
203
|
allocator,
|
|
@@ -279,25 +286,25 @@ static int s_get_signature_type_cursor(struct aws_signing_state_aws *state, stru
|
|
|
279
286
|
case AWS_ST_HTTP_REQUEST_QUERY_PARAMS:
|
|
280
287
|
case AWS_ST_CANONICAL_REQUEST_HEADERS:
|
|
281
288
|
case AWS_ST_CANONICAL_REQUEST_QUERY_PARAMS:
|
|
282
|
-
if (state->config.algorithm ==
|
|
283
|
-
*cursor = aws_byte_cursor_from_string(s_signature_type_sigv4_http_request);
|
|
284
|
-
} else {
|
|
289
|
+
if (state->config.algorithm == AWS_SIGNING_ALGORITHM_V4_ASYMMETRIC) {
|
|
285
290
|
*cursor = aws_byte_cursor_from_string(g_signature_type_sigv4a_http_request);
|
|
291
|
+
} else {
|
|
292
|
+
*cursor = aws_byte_cursor_from_string(s_signature_type_sigv4_http_request);
|
|
286
293
|
}
|
|
287
294
|
break;
|
|
288
295
|
case AWS_ST_HTTP_REQUEST_CHUNK:
|
|
289
296
|
case AWS_ST_HTTP_REQUEST_EVENT:
|
|
290
|
-
if (state->config.algorithm ==
|
|
291
|
-
*cursor = aws_byte_cursor_from_string(s_signature_type_sigv4_s3_chunked_payload);
|
|
292
|
-
} else {
|
|
297
|
+
if (state->config.algorithm == AWS_SIGNING_ALGORITHM_V4_ASYMMETRIC) {
|
|
293
298
|
*cursor = aws_byte_cursor_from_string(s_signature_type_sigv4a_s3_chunked_payload);
|
|
299
|
+
} else {
|
|
300
|
+
*cursor = aws_byte_cursor_from_string(s_signature_type_sigv4_s3_chunked_payload);
|
|
294
301
|
}
|
|
295
302
|
break;
|
|
296
303
|
case AWS_ST_HTTP_REQUEST_TRAILING_HEADERS:
|
|
297
|
-
if (state->config.algorithm ==
|
|
298
|
-
*cursor = aws_byte_cursor_from_string(s_signature_type_sigv4_s3_chunked_trailer_payload);
|
|
299
|
-
} else {
|
|
304
|
+
if (state->config.algorithm == AWS_SIGNING_ALGORITHM_V4_ASYMMETRIC) {
|
|
300
305
|
*cursor = aws_byte_cursor_from_string(s_signature_type_sigv4a_s3_chunked_trailer_payload);
|
|
306
|
+
} else {
|
|
307
|
+
*cursor = aws_byte_cursor_from_string(s_signature_type_sigv4_s3_chunked_trailer_payload);
|
|
301
308
|
}
|
|
302
309
|
break;
|
|
303
310
|
|
|
@@ -841,12 +848,20 @@ static int s_add_authorization_query_params(
|
|
|
841
848
|
}
|
|
842
849
|
}
|
|
843
850
|
|
|
844
|
-
/* X-Amz
|
|
845
|
-
|
|
851
|
+
/* X-Amz-*-token */
|
|
852
|
+
/* We have different token between S3Express and other signing, which needs different token header name */
|
|
853
|
+
struct aws_byte_cursor token_header_name;
|
|
854
|
+
if (state->config.algorithm == AWS_SIGNING_ALGORITHM_V4_S3EXPRESS) {
|
|
855
|
+
/* X-Amz-S3session-Token */
|
|
856
|
+
token_header_name = s_amz_s3session_token_header_name;
|
|
857
|
+
} else {
|
|
858
|
+
/* X-Amz-Security-Token */
|
|
859
|
+
token_header_name = s_amz_security_token_header_name;
|
|
860
|
+
}
|
|
846
861
|
struct aws_byte_cursor session_token_cursor = aws_credentials_get_session_token(state->config.credentials);
|
|
847
862
|
if (session_token_cursor.len > 0) {
|
|
848
863
|
struct aws_uri_param security_token_param = {
|
|
849
|
-
.key =
|
|
864
|
+
.key = token_header_name,
|
|
850
865
|
.value = session_token_cursor,
|
|
851
866
|
};
|
|
852
867
|
|
|
@@ -1262,8 +1277,17 @@ static int s_build_canonical_stable_header_list(
|
|
|
1262
1277
|
if (state->config.signature_type == AWS_ST_HTTP_REQUEST_HEADERS) {
|
|
1263
1278
|
|
|
1264
1279
|
/*
|
|
1265
|
-
* X-Amz
|
|
1280
|
+
* X-Amz-*-Token
|
|
1266
1281
|
*/
|
|
1282
|
+
/* We have different token between S3Express and other signing, which needs different token header name */
|
|
1283
|
+
struct aws_byte_cursor token_header_name;
|
|
1284
|
+
if (state->config.algorithm == AWS_SIGNING_ALGORITHM_V4_S3EXPRESS) {
|
|
1285
|
+
/* X-Amz-S3session-Token */
|
|
1286
|
+
token_header_name = s_amz_s3session_token_header_name;
|
|
1287
|
+
} else {
|
|
1288
|
+
/* X-Amz-Security-Token */
|
|
1289
|
+
token_header_name = s_amz_security_token_header_name;
|
|
1290
|
+
}
|
|
1267
1291
|
struct aws_byte_cursor session_token_cursor = aws_credentials_get_session_token(state->config.credentials);
|
|
1268
1292
|
if (session_token_cursor.len > 0) {
|
|
1269
1293
|
/* Note that if omit_session_token is true, it is added to final
|
|
@@ -1272,17 +1296,13 @@ static int s_build_canonical_stable_header_list(
|
|
|
1272
1296
|
if (aws_signing_result_append_property_list(
|
|
1273
1297
|
&state->result,
|
|
1274
1298
|
g_aws_http_headers_property_list_name,
|
|
1275
|
-
&
|
|
1299
|
+
&token_header_name,
|
|
1276
1300
|
&session_token_cursor)) {
|
|
1277
1301
|
return AWS_OP_ERR;
|
|
1278
1302
|
}
|
|
1279
1303
|
} else {
|
|
1280
1304
|
if (s_add_authorization_header(
|
|
1281
|
-
state,
|
|
1282
|
-
stable_header_list,
|
|
1283
|
-
out_required_capacity,
|
|
1284
|
-
s_amz_security_token_header_name,
|
|
1285
|
-
session_token_cursor)) {
|
|
1305
|
+
state, stable_header_list, out_required_capacity, token_header_name, session_token_cursor)) {
|
|
1286
1306
|
return AWS_OP_ERR;
|
|
1287
1307
|
}
|
|
1288
1308
|
}
|
|
@@ -1597,6 +1617,7 @@ static int s_append_credential_scope_terminator(enum aws_signing_algorithm algor
|
|
|
1597
1617
|
|
|
1598
1618
|
switch (algorithm) {
|
|
1599
1619
|
case AWS_SIGNING_ALGORITHM_V4:
|
|
1620
|
+
case AWS_SIGNING_ALGORITHM_V4_S3EXPRESS:
|
|
1600
1621
|
case AWS_SIGNING_ALGORITHM_V4_ASYMMETRIC:
|
|
1601
1622
|
terminator_cursor = aws_byte_cursor_from_string(s_credential_scope_sigv4_terminator);
|
|
1602
1623
|
break;
|
|
@@ -2304,6 +2325,7 @@ cleanup:
|
|
|
2304
2325
|
int s_calculate_signature_value(struct aws_signing_state_aws *state) {
|
|
2305
2326
|
switch (state->config.algorithm) {
|
|
2306
2327
|
case AWS_SIGNING_ALGORITHM_V4:
|
|
2328
|
+
case AWS_SIGNING_ALGORITHM_V4_S3EXPRESS:
|
|
2307
2329
|
return s_calculate_sigv4_signature_value(state);
|
|
2308
2330
|
|
|
2309
2331
|
case AWS_SIGNING_ALGORITHM_V4_ASYMMETRIC:
|
|
@@ -84,6 +84,7 @@ struct aws_credentials_provider *aws_credentials_provider_new_imds(
|
|
|
84
84
|
.bootstrap = options->bootstrap,
|
|
85
85
|
.function_table = options->function_table,
|
|
86
86
|
.imds_version = options->imds_version,
|
|
87
|
+
.ec2_metadata_v1_disabled = options->ec2_metadata_v1_disabled,
|
|
87
88
|
.shutdown_options =
|
|
88
89
|
{
|
|
89
90
|
.shutdown_callback = s_on_imds_client_shutdown,
|
|
@@ -30,6 +30,7 @@ static struct aws_auth_http_system_vtable s_default_function_table = {
|
|
|
30
30
|
.aws_http_stream_get_incoming_response_status = aws_http_stream_get_incoming_response_status,
|
|
31
31
|
.aws_http_stream_release = aws_http_stream_release,
|
|
32
32
|
.aws_http_connection_close = aws_http_connection_close,
|
|
33
|
+
.aws_high_res_clock_get_ticks = aws_high_res_clock_get_ticks,
|
|
33
34
|
};
|
|
34
35
|
|
|
35
36
|
const struct aws_auth_http_system_vtable *g_aws_credentials_provider_http_function_table = &s_default_function_table;
|
|
@@ -76,6 +76,7 @@ static void s_aws_signable_http_request_destroy(struct aws_signable *signable) {
|
|
|
76
76
|
return;
|
|
77
77
|
}
|
|
78
78
|
|
|
79
|
+
aws_http_message_release(impl->request);
|
|
79
80
|
aws_array_list_clean_up(&impl->headers);
|
|
80
81
|
aws_mem_release(signable->allocator, signable);
|
|
81
82
|
}
|
|
@@ -118,7 +119,7 @@ struct aws_signable *aws_signable_new_http_request(struct aws_allocator *allocat
|
|
|
118
119
|
aws_array_list_push_back(&impl->headers, &property);
|
|
119
120
|
}
|
|
120
121
|
|
|
121
|
-
impl->request = request;
|
|
122
|
+
impl->request = aws_http_message_acquire(request);
|
|
122
123
|
|
|
123
124
|
return signable;
|
|
124
125
|
|