aws-crt 0.1.9 → 0.2.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (581) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +5 -0
  3. data/VERSION +1 -1
  4. data/aws-crt-ffi/crt/aws-c-auth/include/aws/auth/auth.h +1 -0
  5. data/aws-crt-ffi/crt/aws-c-auth/include/aws/auth/aws_imds_client.h +5 -0
  6. data/aws-crt-ffi/crt/aws-c-auth/include/aws/auth/credentials.h +5 -0
  7. data/aws-crt-ffi/crt/aws-c-auth/include/aws/auth/private/aws_signing.h +1 -0
  8. data/aws-crt-ffi/crt/aws-c-auth/include/aws/auth/private/credentials_utils.h +2 -0
  9. data/aws-crt-ffi/crt/aws-c-auth/include/aws/auth/signing_config.h +1 -0
  10. data/aws-crt-ffi/crt/aws-c-auth/source/auth.c +3 -1
  11. data/aws-crt-ffi/crt/aws-c-auth/source/aws_imds_client.c +146 -63
  12. data/aws-crt-ffi/crt/aws-c-auth/source/aws_signing.c +41 -19
  13. data/aws-crt-ffi/crt/aws-c-auth/source/credentials_provider_imds.c +1 -0
  14. data/aws-crt-ffi/crt/aws-c-auth/source/credentials_utils.c +1 -0
  15. data/aws-crt-ffi/crt/aws-c-auth/source/signable_http_request.c +2 -1
  16. data/aws-crt-ffi/crt/aws-c-auth/source/signing_config.c +25 -0
  17. data/aws-crt-ffi/crt/aws-c-auth/tests/CMakeLists.txt +3 -0
  18. data/aws-crt-ffi/crt/aws-c-auth/tests/aws_imds_client_test.c +197 -31
  19. data/aws-crt-ffi/crt/aws-c-auth/tests/credentials_provider_imds_tests.c +16 -18
  20. data/aws-crt-ffi/crt/aws-c-auth/tests/sigv4_signing_tests.c +3 -1
  21. data/aws-crt-ffi/crt/aws-c-cal/include/aws/cal/private/opensslcrypto_common.h +22 -0
  22. data/aws-crt-ffi/crt/aws-c-cal/source/darwin/commoncrypto_aes.c +46 -17
  23. data/aws-crt-ffi/crt/aws-c-cal/source/unix/openssl_aes.c +1 -0
  24. data/aws-crt-ffi/crt/aws-c-cal/source/unix/openssl_platform_init.c +7 -0
  25. data/aws-crt-ffi/crt/aws-c-cal/source/unix/openssl_rsa.c +59 -2
  26. data/aws-crt-ffi/crt/aws-c-cal/source/unix/opensslcrypto_ecc.c +1 -0
  27. data/aws-crt-ffi/crt/aws-c-common/CMakeLists.txt +13 -1
  28. data/aws-crt-ffi/crt/aws-c-common/THIRD-PARTY-LICENSES.txt +28 -7
  29. data/aws-crt-ffi/crt/aws-c-common/bin/system_info/CMakeLists.txt +18 -0
  30. data/aws-crt-ffi/crt/aws-c-common/bin/system_info/print_system_info.c +48 -0
  31. data/aws-crt-ffi/crt/aws-c-common/include/aws/common/allocator.h +23 -0
  32. data/aws-crt-ffi/crt/aws-c-common/include/aws/common/byte_buf.h +12 -0
  33. data/aws-crt-ffi/crt/aws-c-common/include/aws/common/cross_process_lock.h +35 -0
  34. data/aws-crt-ffi/crt/aws-c-common/include/aws/common/hash_table.h +1 -0
  35. data/aws-crt-ffi/crt/aws-c-common/include/aws/common/priority_queue.h +24 -0
  36. data/aws-crt-ffi/crt/aws-c-common/include/aws/common/private/system_info_priv.h +37 -0
  37. data/aws-crt-ffi/crt/aws-c-common/include/aws/common/system_info.h +47 -0
  38. data/aws-crt-ffi/crt/aws-c-common/include/aws/common/system_resource_util.h +30 -0
  39. data/aws-crt-ffi/crt/aws-c-common/include/aws/testing/aws_test_harness.h +3 -2
  40. data/aws-crt-ffi/crt/aws-c-common/source/allocator.c +64 -13
  41. data/aws-crt-ffi/crt/aws-c-common/source/android/logging.c +14 -0
  42. data/aws-crt-ffi/crt/aws-c-common/source/common.c +3 -3
  43. data/aws-crt-ffi/crt/aws-c-common/source/file.c +96 -35
  44. data/aws-crt-ffi/crt/aws-c-common/source/linux/system_info.c +24 -0
  45. data/aws-crt-ffi/crt/aws-c-common/source/memtrace.c +10 -3
  46. data/aws-crt-ffi/crt/aws-c-common/source/platform_fallback_stubs/system_info.c +21 -0
  47. data/aws-crt-ffi/crt/aws-c-common/source/posix/cross_process_lock.c +141 -0
  48. data/aws-crt-ffi/crt/aws-c-common/source/posix/system_info.c +1 -1
  49. data/aws-crt-ffi/crt/aws-c-common/source/posix/system_resource_utils.c +32 -0
  50. data/aws-crt-ffi/crt/aws-c-common/source/priority_queue.c +24 -0
  51. data/aws-crt-ffi/crt/aws-c-common/source/system_info.c +80 -0
  52. data/aws-crt-ffi/crt/aws-c-common/source/task_scheduler.c +2 -2
  53. data/aws-crt-ffi/crt/aws-c-common/source/windows/cross_process_lock.c +93 -0
  54. data/aws-crt-ffi/crt/aws-c-common/source/windows/system_resource_utils.c +31 -0
  55. data/aws-crt-ffi/crt/aws-c-common/tests/CMakeLists.txt +16 -0
  56. data/aws-crt-ffi/crt/aws-c-common/tests/alloc_test.c +83 -22
  57. data/aws-crt-ffi/crt/aws-c-common/tests/cross_process_lock_tests.c +116 -0
  58. data/aws-crt-ffi/crt/aws-c-common/tests/file_test.c +103 -0
  59. data/aws-crt-ffi/crt/aws-c-common/tests/priority_queue_test.c +36 -0
  60. data/aws-crt-ffi/crt/aws-c-common/tests/system_info_tests.c +19 -0
  61. data/aws-crt-ffi/crt/aws-c-common/tests/system_resource_util_test.c +37 -0
  62. data/aws-crt-ffi/crt/aws-c-http/include/aws/http/connection.h +9 -0
  63. data/aws-crt-ffi/crt/aws-c-http/include/aws/http/http.h +1 -0
  64. data/aws-crt-ffi/crt/aws-c-http/include/aws/http/private/connection_impl.h +5 -4
  65. data/aws-crt-ffi/crt/aws-c-http/include/aws/http/private/connection_manager_system_vtable.h +10 -18
  66. data/aws-crt-ffi/crt/aws-c-http/include/aws/http/private/proxy_impl.h +5 -1
  67. data/aws-crt-ffi/crt/aws-c-http/include/aws/http/private/request_response_impl.h +5 -0
  68. data/aws-crt-ffi/crt/aws-c-http/include/aws/http/request_response.h +10 -0
  69. data/aws-crt-ffi/crt/aws-c-http/source/connection.c +5 -2
  70. data/aws-crt-ffi/crt/aws-c-http/source/connection_manager.c +22 -21
  71. data/aws-crt-ffi/crt/aws-c-http/source/h1_connection.c +102 -17
  72. data/aws-crt-ffi/crt/aws-c-http/source/h1_stream.c +1 -0
  73. data/aws-crt-ffi/crt/aws-c-http/source/http.c +3 -0
  74. data/aws-crt-ffi/crt/aws-c-http/source/proxy_connection.c +2 -2
  75. data/aws-crt-ffi/crt/aws-c-http/tests/CMakeLists.txt +2 -0
  76. data/aws-crt-ffi/crt/aws-c-http/tests/test_connection_manager.c +18 -18
  77. data/aws-crt-ffi/crt/aws-c-http/tests/test_h1_client.c +111 -1
  78. data/aws-crt-ffi/crt/aws-c-http/tests/test_proxy.c +2 -2
  79. data/aws-crt-ffi/crt/aws-c-http/tests/test_stream_manager.c +2 -2
  80. data/aws-crt-ffi/crt/aws-c-io/include/aws/io/retry_strategy.h +1 -1
  81. data/aws-crt-ffi/crt/aws-c-io/source/exponential_backoff_retry_strategy.c +1 -1
  82. data/aws-crt-ffi/crt/aws-c-io/source/pkcs11_tls_op_handler.c +2 -4
  83. data/aws-crt-ffi/crt/aws-lc/CMakeLists.txt +16 -8
  84. data/aws-crt-ffi/crt/aws-lc/cmake/go.cmake +6 -0
  85. data/aws-crt-ffi/crt/aws-lc/crypto/CMakeLists.txt +6 -9
  86. data/aws-crt-ffi/crt/aws-lc/crypto/asn1/a_time.c +34 -1
  87. data/aws-crt-ffi/crt/aws-lc/crypto/asn1/a_utctm.c +4 -1
  88. data/aws-crt-ffi/crt/aws-lc/crypto/asn1/asn1_test.cc +41 -0
  89. data/aws-crt-ffi/crt/aws-lc/crypto/bio/bio_mem.c +6 -7
  90. data/aws-crt-ffi/crt/aws-lc/crypto/bio/bio_test.cc +152 -16
  91. data/aws-crt-ffi/crt/aws-lc/crypto/bio/connect.c +6 -12
  92. data/aws-crt-ffi/crt/aws-lc/crypto/bio/fd.c +2 -2
  93. data/aws-crt-ffi/crt/aws-lc/crypto/bio/file.c +20 -8
  94. data/aws-crt-ffi/crt/aws-lc/crypto/bio/socket.c +2 -2
  95. data/aws-crt-ffi/crt/aws-lc/crypto/bio/socket_helper.c +2 -2
  96. data/aws-crt-ffi/crt/aws-lc/crypto/blake2/blake2.c +11 -1
  97. data/aws-crt-ffi/crt/aws-lc/crypto/bytestring/cbb.c +13 -3
  98. data/aws-crt-ffi/crt/aws-lc/crypto/bytestring/cbs.c +9 -0
  99. data/aws-crt-ffi/crt/aws-lc/crypto/chacha/asm/chacha-armv8.pl +1 -1
  100. data/aws-crt-ffi/crt/aws-lc/crypto/chacha/chacha.c +49 -8
  101. data/aws-crt-ffi/crt/aws-lc/crypto/chacha/chacha_test.cc +110 -0
  102. data/aws-crt-ffi/crt/aws-lc/crypto/chacha/internal.h +8 -1
  103. data/aws-crt-ffi/crt/aws-lc/crypto/compiler_test.cc +4 -1
  104. data/aws-crt-ffi/crt/aws-lc/crypto/conf/conf_test.cc +1 -0
  105. data/aws-crt-ffi/crt/aws-lc/crypto/crypto_test.cc +9 -0
  106. data/aws-crt-ffi/crt/aws-lc/crypto/curve25519/curve25519.c +189 -108
  107. data/aws-crt-ffi/crt/aws-lc/crypto/curve25519/curve25519_nohw.c +78 -6
  108. data/aws-crt-ffi/crt/aws-lc/crypto/curve25519/ed25519_test.cc +9 -0
  109. data/aws-crt-ffi/crt/aws-lc/crypto/curve25519/internal.h +24 -10
  110. data/aws-crt-ffi/crt/aws-lc/crypto/curve25519/spake25519.c +4 -4
  111. data/aws-crt-ffi/crt/aws-lc/crypto/curve25519/x25519_test.cc +80 -11
  112. data/aws-crt-ffi/crt/aws-lc/crypto/decrepit/evp/evp_do_all.c +2 -0
  113. data/aws-crt-ffi/crt/aws-lc/crypto/digest_extra/digest_extra.c +8 -0
  114. data/aws-crt-ffi/crt/aws-lc/crypto/digest_extra/digest_test.cc +110 -45
  115. data/aws-crt-ffi/crt/aws-lc/crypto/dsa/dsa_test.cc +8 -2
  116. data/aws-crt-ffi/crt/aws-lc/crypto/dsa/internal.h +18 -0
  117. data/aws-crt-ffi/crt/aws-lc/crypto/dynamic_loading_test.c +8 -5
  118. data/aws-crt-ffi/crt/aws-lc/crypto/ec_extra/ec_derive.c +4 -3
  119. data/aws-crt-ffi/crt/aws-lc/crypto/ec_extra/hash_to_curve.c +6 -18
  120. data/aws-crt-ffi/crt/aws-lc/crypto/endian_test.cc +308 -0
  121. data/aws-crt-ffi/crt/aws-lc/crypto/err/ssl.errordata +2 -0
  122. data/aws-crt-ffi/crt/aws-lc/crypto/evp_extra/evp_extra_test.cc +2 -0
  123. data/aws-crt-ffi/crt/aws-lc/crypto/evp_extra/evp_test.cc +11 -1
  124. data/aws-crt-ffi/crt/aws-lc/crypto/evp_extra/evp_tests.txt +25 -0
  125. data/aws-crt-ffi/crt/aws-lc/crypto/evp_extra/p_ec_asn1.c +1 -1
  126. data/aws-crt-ffi/crt/aws-lc/crypto/evp_extra/p_kem.c +2 -2
  127. data/aws-crt-ffi/crt/aws-lc/crypto/evp_extra/p_rsa_asn1.c +1 -0
  128. data/aws-crt-ffi/crt/aws-lc/crypto/evp_extra/print.c +7 -6
  129. data/aws-crt-ffi/crt/aws-lc/crypto/evp_extra/scrypt.c +13 -1
  130. data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/CMakeLists.txt +13 -4
  131. data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/aes/aes_nohw.c +18 -6
  132. data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/bcm.c +12 -4
  133. data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/bn/bn_assert_test.cc +77 -0
  134. data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/bn/bn_test.cc +30 -0
  135. data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/bn/bytes.c +112 -22
  136. data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/bn/div.c +12 -5
  137. data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/bn/exponentiation.c +54 -1
  138. data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/bn/gcd.c +5 -6
  139. data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/bn/internal.h +37 -15
  140. data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/bn/montgomery.c +4 -11
  141. data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/bn/montgomery_inv.c +51 -15
  142. data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/cipher/aead.c +2 -2
  143. data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/digest/digest.c +29 -6
  144. data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/digest/digests.c +89 -0
  145. data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/digest/internal.h +4 -0
  146. data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/ec/ec.c +19 -36
  147. data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/ec/ec_key.c +3 -3
  148. data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/ec/ec_montgomery.c +9 -7
  149. data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/ec/ec_test.cc +33 -9
  150. data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/ec/internal.h +17 -12
  151. data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/ec/p224-64.c +5 -8
  152. data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/ec/p256-nistz.c +8 -8
  153. data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/ec/p256.c +9 -8
  154. data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/ec/p384.c +33 -16
  155. data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/ec/p521.c +14 -6
  156. data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/ec/scalar.c +26 -24
  157. data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/ec/simple_mul.c +8 -5
  158. data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/ec/wnaf.c +3 -3
  159. data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/ecdsa/ecdsa.c +9 -3
  160. data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/evp/evp.c +43 -12
  161. data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/evp/p_ec.c +4 -3
  162. data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/hmac/hmac.c +3 -1
  163. data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/modes/xts.c +26 -3
  164. data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/rand/cpu_jitter_test.cc +1 -1
  165. data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/rand/internal.h +20 -11
  166. data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/rand/rand.c +10 -10
  167. data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/rand/urandom.c +2 -2
  168. data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/rsa/internal.h +59 -0
  169. data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/rsa/padding.c +9 -3
  170. data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/rsa/rsa.c +7 -0
  171. data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/rsa/rsa_impl.c +51 -60
  172. data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/service_indicator/service_indicator.c +5 -2
  173. data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/service_indicator/service_indicator_test.cc +205 -5
  174. data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/sha/asm/sha1-armv8.pl +1 -1
  175. data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/sha/asm/sha512-armv8.pl +1 -1
  176. data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/sha/internal.h +8 -0
  177. data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/sha/sha3.c +37 -15
  178. data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/sha/sha3_test.cc +115 -110
  179. data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/sha/sha512.c +55 -1
  180. data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/sshkdf/sshkdf.c +2 -2
  181. data/aws-crt-ffi/crt/aws-lc/crypto/hmac_extra/hmac_test.cc +12 -0
  182. data/aws-crt-ffi/crt/aws-lc/crypto/hmac_extra/hmac_tests.txt +10 -0
  183. data/aws-crt-ffi/crt/aws-lc/crypto/hrss/asm/poly_rq_mul.S +2 -6
  184. data/aws-crt-ffi/crt/aws-lc/crypto/impl_dispatch_test.cc +9 -1
  185. data/aws-crt-ffi/crt/aws-lc/crypto/internal.h +90 -8
  186. data/aws-crt-ffi/crt/aws-lc/crypto/kem/kem.c +28 -27
  187. data/aws-crt-ffi/crt/aws-lc/crypto/kyber/kem_kyber.h +14 -0
  188. data/aws-crt-ffi/crt/aws-lc/crypto/obj/obj_dat.h +52 -2
  189. data/aws-crt-ffi/crt/aws-lc/crypto/obj/obj_mac.num +5 -0
  190. data/aws-crt-ffi/crt/aws-lc/crypto/obj/objects.txt +7 -0
  191. data/aws-crt-ffi/crt/aws-lc/crypto/perlasm/arm-xlate.pl +3 -14
  192. data/aws-crt-ffi/crt/aws-lc/crypto/perlasm/ppc-xlate.pl +1 -5
  193. data/aws-crt-ffi/crt/aws-lc/crypto/perlasm/x86_64-xlate.pl +4 -15
  194. data/aws-crt-ffi/crt/aws-lc/crypto/perlasm/x86asm.pl +4 -13
  195. data/aws-crt-ffi/crt/aws-lc/crypto/poly1305/poly1305_arm_asm.S +3 -13
  196. data/aws-crt-ffi/crt/aws-lc/crypto/rand_extra/deterministic.c +4 -3
  197. data/aws-crt-ffi/crt/aws-lc/crypto/rand_extra/fuchsia.c +4 -4
  198. data/aws-crt-ffi/crt/aws-lc/crypto/rand_extra/rand_test.cc +0 -63
  199. data/aws-crt-ffi/crt/aws-lc/crypto/rand_extra/windows.c +41 -19
  200. data/aws-crt-ffi/crt/aws-lc/crypto/rsa_extra/rsa_test.cc +3 -3
  201. data/aws-crt-ffi/crt/aws-lc/crypto/siphash/siphash.c +12 -5
  202. data/aws-crt-ffi/crt/aws-lc/crypto/siphash/siphash_test.cc +5 -5
  203. data/aws-crt-ffi/crt/aws-lc/crypto/stack/stack.c +68 -46
  204. data/aws-crt-ffi/crt/aws-lc/crypto/trust_token/pmbtoken.c +4 -4
  205. data/aws-crt-ffi/crt/aws-lc/crypto/trust_token/voprf.c +2 -2
  206. data/aws-crt-ffi/crt/aws-lc/crypto/x509/by_dir.c +0 -6
  207. data/aws-crt-ffi/crt/aws-lc/crypto/x509/internal.h +4 -1
  208. data/aws-crt-ffi/crt/aws-lc/crypto/x509/x509_lu.c +33 -9
  209. data/aws-crt-ffi/crt/aws-lc/crypto/x509/x509_test.cc +87 -0
  210. data/aws-crt-ffi/crt/aws-lc/crypto/x509/x509_trs.c +1 -1
  211. data/aws-crt-ffi/crt/aws-lc/crypto/x509/x509_vfy.c +35 -13
  212. data/aws-crt-ffi/crt/aws-lc/crypto/x509v3/v3_lib.c +2 -0
  213. data/aws-crt-ffi/crt/aws-lc/crypto/x509v3/v3_purp.c +4 -6
  214. data/aws-crt-ffi/crt/aws-lc/generated-src/crypto_test_data.cc +179 -151
  215. data/aws-crt-ffi/crt/aws-lc/generated-src/err_data.c +353 -349
  216. data/aws-crt-ffi/crt/aws-lc/generated-src/ios-aarch64/crypto/chacha/chacha-armv8.S +4 -14
  217. data/aws-crt-ffi/crt/aws-lc/generated-src/ios-aarch64/crypto/cipher_extra/chacha20_poly1305_armv8.S +4 -14
  218. data/aws-crt-ffi/crt/aws-lc/generated-src/ios-aarch64/crypto/fipsmodule/aesv8-armx.S +3 -13
  219. data/aws-crt-ffi/crt/aws-lc/generated-src/ios-aarch64/crypto/fipsmodule/aesv8-gcm-armv8-unroll8.S +3 -13
  220. data/aws-crt-ffi/crt/aws-lc/generated-src/ios-aarch64/crypto/fipsmodule/aesv8-gcm-armv8.S +3 -13
  221. data/aws-crt-ffi/crt/aws-lc/generated-src/ios-aarch64/crypto/fipsmodule/armv8-mont.S +4 -14
  222. data/aws-crt-ffi/crt/aws-lc/generated-src/ios-aarch64/crypto/fipsmodule/bn-armv8.S +4 -14
  223. data/aws-crt-ffi/crt/aws-lc/generated-src/ios-aarch64/crypto/fipsmodule/ghash-neon-armv8.S +4 -14
  224. data/aws-crt-ffi/crt/aws-lc/generated-src/ios-aarch64/crypto/fipsmodule/ghashv8-armx.S +3 -13
  225. data/aws-crt-ffi/crt/aws-lc/generated-src/ios-aarch64/crypto/fipsmodule/keccak1600-armv8.S +3 -13
  226. data/aws-crt-ffi/crt/aws-lc/generated-src/ios-aarch64/crypto/fipsmodule/md5-armv8.S +3 -13
  227. data/aws-crt-ffi/crt/aws-lc/generated-src/ios-aarch64/crypto/fipsmodule/p256-armv8-asm.S +4 -14
  228. data/aws-crt-ffi/crt/aws-lc/generated-src/ios-aarch64/crypto/fipsmodule/p256_beeu-armv8-asm.S +4 -14
  229. data/aws-crt-ffi/crt/aws-lc/generated-src/ios-aarch64/crypto/fipsmodule/sha1-armv8.S +4 -14
  230. data/aws-crt-ffi/crt/aws-lc/generated-src/ios-aarch64/crypto/fipsmodule/sha256-armv8.S +4 -14
  231. data/aws-crt-ffi/crt/aws-lc/generated-src/ios-aarch64/crypto/fipsmodule/sha512-armv8.S +4 -14
  232. data/aws-crt-ffi/crt/aws-lc/generated-src/ios-aarch64/crypto/fipsmodule/vpaes-armv8.S +3 -13
  233. data/aws-crt-ffi/crt/aws-lc/generated-src/ios-aarch64/crypto/test/trampoline-armv8.S +4 -14
  234. data/aws-crt-ffi/crt/aws-lc/generated-src/ios-arm/crypto/chacha/chacha-armv4.S +3 -13
  235. data/aws-crt-ffi/crt/aws-lc/generated-src/ios-arm/crypto/fipsmodule/aesv8-armx.S +3 -13
  236. data/aws-crt-ffi/crt/aws-lc/generated-src/ios-arm/crypto/fipsmodule/armv4-mont.S +3 -13
  237. data/aws-crt-ffi/crt/aws-lc/generated-src/ios-arm/crypto/fipsmodule/bsaes-armv7.S +3 -13
  238. data/aws-crt-ffi/crt/aws-lc/generated-src/ios-arm/crypto/fipsmodule/ghash-armv4.S +3 -13
  239. data/aws-crt-ffi/crt/aws-lc/generated-src/ios-arm/crypto/fipsmodule/ghashv8-armx.S +3 -13
  240. data/aws-crt-ffi/crt/aws-lc/generated-src/ios-arm/crypto/fipsmodule/sha1-armv4-large.S +3 -13
  241. data/aws-crt-ffi/crt/aws-lc/generated-src/ios-arm/crypto/fipsmodule/sha256-armv4.S +3 -13
  242. data/aws-crt-ffi/crt/aws-lc/generated-src/ios-arm/crypto/fipsmodule/sha512-armv4.S +3 -13
  243. data/aws-crt-ffi/crt/aws-lc/generated-src/ios-arm/crypto/fipsmodule/vpaes-armv7.S +3 -13
  244. data/aws-crt-ffi/crt/aws-lc/generated-src/ios-arm/crypto/test/trampoline-armv4.S +3 -13
  245. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-aarch64/crypto/chacha/chacha-armv8.S +4 -14
  246. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-aarch64/crypto/cipher_extra/chacha20_poly1305_armv8.S +4 -14
  247. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-aarch64/crypto/fipsmodule/aesv8-armx.S +3 -13
  248. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-aarch64/crypto/fipsmodule/aesv8-gcm-armv8-unroll8.S +3 -13
  249. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-aarch64/crypto/fipsmodule/aesv8-gcm-armv8.S +3 -13
  250. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-aarch64/crypto/fipsmodule/armv8-mont.S +4 -14
  251. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-aarch64/crypto/fipsmodule/bn-armv8.S +3 -13
  252. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-aarch64/crypto/fipsmodule/ghash-neon-armv8.S +3 -13
  253. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-aarch64/crypto/fipsmodule/ghashv8-armx.S +3 -13
  254. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-aarch64/crypto/fipsmodule/keccak1600-armv8.S +3 -13
  255. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-aarch64/crypto/fipsmodule/md5-armv8.S +3 -13
  256. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-aarch64/crypto/fipsmodule/p256-armv8-asm.S +4 -14
  257. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-aarch64/crypto/fipsmodule/p256_beeu-armv8-asm.S +4 -14
  258. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-aarch64/crypto/fipsmodule/sha1-armv8.S +4 -14
  259. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-aarch64/crypto/fipsmodule/sha256-armv8.S +4 -14
  260. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-aarch64/crypto/fipsmodule/sha512-armv8.S +4 -14
  261. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-aarch64/crypto/fipsmodule/vpaes-armv8.S +3 -13
  262. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-aarch64/crypto/test/trampoline-armv8.S +3 -13
  263. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-arm/crypto/chacha/chacha-armv4.S +3 -13
  264. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-arm/crypto/fipsmodule/aesv8-armx.S +3 -13
  265. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-arm/crypto/fipsmodule/armv4-mont.S +3 -13
  266. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-arm/crypto/fipsmodule/bsaes-armv7.S +3 -13
  267. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-arm/crypto/fipsmodule/ghash-armv4.S +3 -13
  268. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-arm/crypto/fipsmodule/ghashv8-armx.S +3 -13
  269. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-arm/crypto/fipsmodule/sha1-armv4-large.S +3 -13
  270. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-arm/crypto/fipsmodule/sha256-armv4.S +3 -13
  271. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-arm/crypto/fipsmodule/sha512-armv4.S +3 -13
  272. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-arm/crypto/fipsmodule/vpaes-armv7.S +3 -13
  273. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-arm/crypto/test/trampoline-armv4.S +3 -13
  274. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-ppc64le/crypto/fipsmodule/aesp8-ppc.S +1 -5
  275. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-ppc64le/crypto/fipsmodule/ghashp8-ppc.S +1 -5
  276. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-ppc64le/crypto/test/trampoline-ppc.S +1 -5
  277. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86/crypto/chacha/chacha-x86.S +3 -12
  278. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86/crypto/fipsmodule/aesni-x86.S +3 -12
  279. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86/crypto/fipsmodule/bn-586.S +4 -13
  280. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86/crypto/fipsmodule/co-586.S +4 -13
  281. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86/crypto/fipsmodule/ghash-ssse3-x86.S +3 -12
  282. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86/crypto/fipsmodule/ghash-x86.S +3 -12
  283. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86/crypto/fipsmodule/md5-586.S +4 -13
  284. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86/crypto/fipsmodule/sha1-586.S +4 -13
  285. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86/crypto/fipsmodule/sha256-586.S +3 -12
  286. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86/crypto/fipsmodule/sha512-586.S +3 -12
  287. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86/crypto/fipsmodule/vpaes-x86.S +3 -12
  288. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86/crypto/fipsmodule/x86-mont.S +3 -12
  289. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86/crypto/test/trampoline-x86.S +3 -12
  290. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86_64/crypto/chacha/chacha-x86_64.S +2 -11
  291. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86_64/crypto/cipher_extra/aes128gcmsiv-x86_64.S +2 -11
  292. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86_64/crypto/cipher_extra/aesni-sha1-x86_64.S +2 -11
  293. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86_64/crypto/cipher_extra/aesni-sha256-x86_64.S +2 -11
  294. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86_64/crypto/cipher_extra/chacha20_poly1305_x86_64.S +2 -11
  295. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86_64/crypto/fipsmodule/aesni-gcm-avx512.S +2 -11
  296. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86_64/crypto/fipsmodule/aesni-gcm-x86_64.S +2 -11
  297. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86_64/crypto/fipsmodule/aesni-x86_64.S +2 -11
  298. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86_64/crypto/fipsmodule/aesni-xts-avx512.S +2 -11
  299. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86_64/crypto/fipsmodule/ghash-ssse3-x86_64.S +2 -11
  300. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86_64/crypto/fipsmodule/ghash-x86_64.S +2 -11
  301. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86_64/crypto/fipsmodule/md5-x86_64.S +2 -11
  302. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86_64/crypto/fipsmodule/p256-x86_64-asm.S +2 -11
  303. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86_64/crypto/fipsmodule/p256_beeu-x86_64-asm.S +2 -11
  304. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86_64/crypto/fipsmodule/rdrand-x86_64.S +2 -11
  305. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86_64/crypto/fipsmodule/rsaz-avx2.S +2 -11
  306. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86_64/crypto/fipsmodule/sha1-x86_64.S +2 -11
  307. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86_64/crypto/fipsmodule/sha256-x86_64.S +2 -11
  308. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86_64/crypto/fipsmodule/sha512-x86_64.S +2 -11
  309. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86_64/crypto/fipsmodule/vpaes-x86_64.S +2 -11
  310. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86_64/crypto/fipsmodule/x86_64-mont.S +2 -11
  311. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86_64/crypto/fipsmodule/x86_64-mont5.S +2 -11
  312. data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86_64/crypto/test/trampoline-x86_64.S +2 -11
  313. data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86/crypto/chacha/chacha-x86.S +3 -12
  314. data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86/crypto/fipsmodule/aesni-x86.S +3 -12
  315. data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86/crypto/fipsmodule/bn-586.S +3 -12
  316. data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86/crypto/fipsmodule/co-586.S +3 -12
  317. data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86/crypto/fipsmodule/ghash-ssse3-x86.S +3 -12
  318. data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86/crypto/fipsmodule/ghash-x86.S +3 -12
  319. data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86/crypto/fipsmodule/md5-586.S +3 -12
  320. data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86/crypto/fipsmodule/sha1-586.S +3 -12
  321. data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86/crypto/fipsmodule/sha256-586.S +3 -12
  322. data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86/crypto/fipsmodule/sha512-586.S +3 -12
  323. data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86/crypto/fipsmodule/vpaes-x86.S +3 -12
  324. data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86/crypto/fipsmodule/x86-mont.S +3 -12
  325. data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86/crypto/test/trampoline-x86.S +3 -12
  326. data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86_64/crypto/chacha/chacha-x86_64.S +2 -11
  327. data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86_64/crypto/cipher_extra/aes128gcmsiv-x86_64.S +2 -11
  328. data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86_64/crypto/cipher_extra/aesni-sha1-x86_64.S +2 -11
  329. data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86_64/crypto/cipher_extra/aesni-sha256-x86_64.S +2 -11
  330. data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86_64/crypto/cipher_extra/chacha20_poly1305_x86_64.S +2 -11
  331. data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86_64/crypto/fipsmodule/aesni-gcm-avx512.S +2 -11
  332. data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86_64/crypto/fipsmodule/aesni-gcm-x86_64.S +2 -11
  333. data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86_64/crypto/fipsmodule/aesni-x86_64.S +2 -11
  334. data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86_64/crypto/fipsmodule/aesni-xts-avx512.S +2 -11
  335. data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86_64/crypto/fipsmodule/ghash-ssse3-x86_64.S +2 -11
  336. data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86_64/crypto/fipsmodule/ghash-x86_64.S +2 -11
  337. data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86_64/crypto/fipsmodule/md5-x86_64.S +2 -11
  338. data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86_64/crypto/fipsmodule/p256-x86_64-asm.S +2 -11
  339. data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86_64/crypto/fipsmodule/p256_beeu-x86_64-asm.S +2 -11
  340. data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86_64/crypto/fipsmodule/rdrand-x86_64.S +2 -11
  341. data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86_64/crypto/fipsmodule/rsaz-avx2.S +2 -11
  342. data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86_64/crypto/fipsmodule/sha1-x86_64.S +2 -11
  343. data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86_64/crypto/fipsmodule/sha256-x86_64.S +2 -11
  344. data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86_64/crypto/fipsmodule/sha512-x86_64.S +2 -11
  345. data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86_64/crypto/fipsmodule/vpaes-x86_64.S +2 -11
  346. data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86_64/crypto/fipsmodule/x86_64-mont.S +2 -11
  347. data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86_64/crypto/fipsmodule/x86_64-mont5.S +2 -11
  348. data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86_64/crypto/test/trampoline-x86_64.S +2 -11
  349. data/aws-crt-ffi/crt/aws-lc/generated-src/win-aarch64/crypto/chacha/chacha-armv8.S +4 -14
  350. data/aws-crt-ffi/crt/aws-lc/generated-src/win-aarch64/crypto/cipher_extra/chacha20_poly1305_armv8.S +4 -14
  351. data/aws-crt-ffi/crt/aws-lc/generated-src/win-aarch64/crypto/fipsmodule/aesv8-armx.S +3 -13
  352. data/aws-crt-ffi/crt/aws-lc/generated-src/win-aarch64/crypto/fipsmodule/aesv8-gcm-armv8-unroll8.S +3 -13
  353. data/aws-crt-ffi/crt/aws-lc/generated-src/win-aarch64/crypto/fipsmodule/aesv8-gcm-armv8.S +3 -13
  354. data/aws-crt-ffi/crt/aws-lc/generated-src/win-aarch64/crypto/fipsmodule/armv8-mont.S +4 -14
  355. data/aws-crt-ffi/crt/aws-lc/generated-src/win-aarch64/crypto/fipsmodule/bn-armv8.S +4 -14
  356. data/aws-crt-ffi/crt/aws-lc/generated-src/win-aarch64/crypto/fipsmodule/ghash-neon-armv8.S +4 -14
  357. data/aws-crt-ffi/crt/aws-lc/generated-src/win-aarch64/crypto/fipsmodule/ghashv8-armx.S +3 -13
  358. data/aws-crt-ffi/crt/aws-lc/generated-src/win-aarch64/crypto/fipsmodule/keccak1600-armv8.S +3 -13
  359. data/aws-crt-ffi/crt/aws-lc/generated-src/win-aarch64/crypto/fipsmodule/md5-armv8.S +3 -13
  360. data/aws-crt-ffi/crt/aws-lc/generated-src/win-aarch64/crypto/fipsmodule/p256-armv8-asm.S +4 -14
  361. data/aws-crt-ffi/crt/aws-lc/generated-src/win-aarch64/crypto/fipsmodule/p256_beeu-armv8-asm.S +4 -14
  362. data/aws-crt-ffi/crt/aws-lc/generated-src/win-aarch64/crypto/fipsmodule/sha1-armv8.S +4 -14
  363. data/aws-crt-ffi/crt/aws-lc/generated-src/win-aarch64/crypto/fipsmodule/sha256-armv8.S +4 -14
  364. data/aws-crt-ffi/crt/aws-lc/generated-src/win-aarch64/crypto/fipsmodule/sha512-armv8.S +4 -14
  365. data/aws-crt-ffi/crt/aws-lc/generated-src/win-aarch64/crypto/fipsmodule/vpaes-armv8.S +3 -13
  366. data/aws-crt-ffi/crt/aws-lc/generated-src/win-aarch64/crypto/test/trampoline-armv8.S +4 -14
  367. data/aws-crt-ffi/crt/aws-lc/go.mod +4 -4
  368. data/aws-crt-ffi/crt/aws-lc/go.sum +8 -10
  369. data/aws-crt-ffi/crt/aws-lc/include/openssl/aead.h +2 -2
  370. data/aws-crt-ffi/crt/aws-lc/include/openssl/arm_arch.h +4 -119
  371. data/aws-crt-ffi/crt/aws-lc/include/openssl/asm_base.h +185 -0
  372. data/aws-crt-ffi/crt/aws-lc/include/openssl/asn1.h +5 -0
  373. data/aws-crt-ffi/crt/aws-lc/include/openssl/base.h +31 -134
  374. data/aws-crt-ffi/crt/aws-lc/include/openssl/bio.h +30 -18
  375. data/aws-crt-ffi/crt/aws-lc/include/openssl/bn.h +0 -2
  376. data/aws-crt-ffi/crt/aws-lc/include/openssl/chacha.h +6 -0
  377. data/aws-crt-ffi/crt/aws-lc/include/openssl/cipher.h +2 -2
  378. data/aws-crt-ffi/crt/aws-lc/include/openssl/digest.h +9 -6
  379. data/aws-crt-ffi/crt/aws-lc/include/openssl/dsa.h +0 -21
  380. data/aws-crt-ffi/crt/aws-lc/include/openssl/ec.h +1 -1
  381. data/aws-crt-ffi/crt/aws-lc/include/openssl/err.h +1 -1
  382. data/aws-crt-ffi/crt/aws-lc/include/openssl/evp.h +8 -5
  383. data/aws-crt-ffi/crt/aws-lc/include/openssl/nid.h +21 -0
  384. data/aws-crt-ffi/crt/aws-lc/include/openssl/rsa.h +1 -65
  385. data/aws-crt-ffi/crt/aws-lc/include/openssl/sha.h +22 -1
  386. data/aws-crt-ffi/crt/aws-lc/include/openssl/ssl.h +121 -13
  387. data/aws-crt-ffi/crt/aws-lc/include/openssl/stack.h +229 -208
  388. data/aws-crt-ffi/crt/aws-lc/include/openssl/target.h +166 -0
  389. data/aws-crt-ffi/crt/aws-lc/include/openssl/x509.h +30 -10
  390. data/aws-crt-ffi/crt/aws-lc/include/openssl/x509v3.h +6 -4
  391. data/aws-crt-ffi/crt/aws-lc/sources.cmake +2 -0
  392. data/aws-crt-ffi/crt/aws-lc/ssl/extensions.cc +12 -7
  393. data/aws-crt-ffi/crt/aws-lc/ssl/handshake_server.cc +28 -18
  394. data/aws-crt-ffi/crt/aws-lc/ssl/internal.h +41 -6
  395. data/aws-crt-ffi/crt/aws-lc/ssl/s3_both.cc +9 -17
  396. data/aws-crt-ffi/crt/aws-lc/ssl/ssl_cipher.cc +13 -5
  397. data/aws-crt-ffi/crt/aws-lc/ssl/ssl_key_share.cc +542 -2
  398. data/aws-crt-ffi/crt/aws-lc/ssl/ssl_lib.cc +35 -0
  399. data/aws-crt-ffi/crt/aws-lc/ssl/ssl_test.cc +1847 -14
  400. data/aws-crt-ffi/crt/aws-lc/ssl/ssl_x509.cc +128 -0
  401. data/aws-crt-ffi/crt/aws-lc/ssl/test/PORTING.md +10 -7
  402. data/aws-crt-ffi/crt/aws-lc/ssl/test/bssl_shim.cc +133 -77
  403. data/aws-crt-ffi/crt/aws-lc/ssl/test/handshake_util.cc +3 -3
  404. data/aws-crt-ffi/crt/aws-lc/ssl/test/handshaker.cc +4 -0
  405. data/aws-crt-ffi/crt/aws-lc/ssl/test/runner/handshake_client.go +6 -2
  406. data/aws-crt-ffi/crt/aws-lc/ssl/test/runner/handshake_messages.go +894 -1042
  407. data/aws-crt-ffi/crt/aws-lc/ssl/test/runner/handshake_server.go +24 -23
  408. data/aws-crt-ffi/crt/aws-lc/ssl/test/runner/prf.go +6 -5
  409. data/aws-crt-ffi/crt/aws-lc/ssl/test/runner/runner.go +56 -55
  410. data/aws-crt-ffi/crt/aws-lc/ssl/test/runner/shim_dispatcher.go +188 -0
  411. data/aws-crt-ffi/crt/aws-lc/ssl/test/runner/ticket.go +37 -39
  412. data/aws-crt-ffi/crt/aws-lc/ssl/test/test_config.cc +59 -24
  413. data/aws-crt-ffi/crt/aws-lc/ssl/test/test_config.h +3 -2
  414. data/aws-crt-ffi/crt/aws-lc/ssl/tls13_server.cc +10 -11
  415. data/aws-crt-ffi/crt/aws-lc/tests/ci/cdk/app.py +4 -4
  416. data/aws-crt-ffi/crt/aws-lc/tests/ci/cdk/cdk/{aws_lc_mac_arm_ci_stack.py → aws_lc_ec2_test_framework_ci_stack.py} +13 -29
  417. data/aws-crt-ffi/crt/aws-lc/tests/ci/cdk/cdk/ssm/general_test_run_ssm_document.yaml +43 -0
  418. data/aws-crt-ffi/crt/aws-lc/tests/ci/common_posix_setup.sh +10 -0
  419. data/aws-crt-ffi/crt/aws-lc/tests/ci/docker_images/linux-aarch/amazonlinux-2023_base/Dockerfile +5 -1
  420. data/aws-crt-ffi/crt/aws-lc/tests/ci/docker_images/linux-aarch/ubuntu-22.04_base/Dockerfile +19 -3
  421. data/aws-crt-ffi/crt/aws-lc/tests/ci/docker_images/linux-x86/amazonlinux-2_gcc-7x-intel-sde/Dockerfile +5 -4
  422. data/aws-crt-ffi/crt/aws-lc/tests/ci/docker_images/linux-x86/build_images.sh +1 -0
  423. data/aws-crt-ffi/crt/aws-lc/tests/ci/docker_images/linux-x86/push_images.sh +2 -1
  424. data/aws-crt-ffi/crt/aws-lc/tests/ci/docker_images/linux-x86/ubuntu-20.04_clang-10x_formal-verification/create_image.sh +1 -1
  425. data/aws-crt-ffi/crt/aws-lc/tests/ci/docker_images/linux-x86/ubuntu-22.04_base/Dockerfile +1 -0
  426. data/aws-crt-ffi/crt/aws-lc/tests/ci/docker_images/linux-x86/ubuntu-22.04_clang-14x-sde/Dockerfile +42 -0
  427. data/aws-crt-ffi/crt/aws-lc/tests/ci/docker_images/windows/vs2017/Dockerfile +14 -0
  428. data/aws-crt-ffi/crt/aws-lc/tests/ci/docker_images/windows/windows_base/Dockerfile +3 -0
  429. data/aws-crt-ffi/crt/aws-lc/tests/ci/integration/README.md +12 -0
  430. data/aws-crt-ffi/crt/aws-lc/tests/ci/integration/nginx_patch/aws-lc-nginx.patch +68 -23
  431. data/aws-crt-ffi/crt/aws-lc/tests/ci/integration/run_crt_integration.sh +27 -0
  432. data/aws-crt-ffi/crt/aws-lc/tests/ci/integration/run_monit_integration.sh +56 -0
  433. data/aws-crt-ffi/crt/aws-lc/tests/ci/integration/sslproxy_patch/aws-lc-sslproxy.patch +2 -2
  434. data/aws-crt-ffi/crt/aws-lc/tests/ci/run_ec2_test_framework.sh +135 -0
  435. data/aws-crt-ffi/crt/aws-lc/tests/ci/run_fips_tests.sh +14 -2
  436. data/aws-crt-ffi/crt/aws-lc/tests/ci/run_tests_with_sde.sh +4 -1
  437. data/aws-crt-ffi/crt/aws-lc/tests/ci/run_tests_with_sde_asan.sh +14 -0
  438. data/aws-crt-ffi/crt/aws-lc/tests/ci/run_windows_tests.bat +39 -3
  439. data/aws-crt-ffi/crt/aws-lc/third_party/fiat/README.md +21 -6
  440. data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/arm/curve25519/bignum_madd_n25519.S +284 -0
  441. data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/arm/curve25519/bignum_madd_n25519_alt.S +210 -0
  442. data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/arm/curve25519/bignum_mod_n25519.S +186 -0
  443. data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/arm/curve25519/bignum_neg_p25519.S +65 -0
  444. data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/arm/curve25519/curve25519_x25519.S +1043 -352
  445. data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/arm/curve25519/curve25519_x25519_alt.S +1043 -352
  446. data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/arm/curve25519/curve25519_x25519_byte.S +1043 -352
  447. data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/arm/curve25519/curve25519_x25519_byte_alt.S +1043 -352
  448. data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/arm/curve25519/curve25519_x25519base.S +1042 -352
  449. data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/arm/curve25519/curve25519_x25519base_alt.S +1042 -352
  450. data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/arm/curve25519/curve25519_x25519base_byte.S +1042 -352
  451. data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/arm/curve25519/curve25519_x25519base_byte_alt.S +1043 -354
  452. data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/arm/curve25519/edwards25519_decode.S +700 -0
  453. data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/arm/curve25519/edwards25519_decode_alt.S +563 -0
  454. data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/arm/curve25519/edwards25519_encode.S +131 -0
  455. data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/arm/curve25519/edwards25519_scalarmulbase.S +9626 -0
  456. data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/arm/curve25519/edwards25519_scalarmulbase_alt.S +9468 -0
  457. data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/arm/curve25519/edwards25519_scalarmuldouble.S +3157 -0
  458. data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/arm/curve25519/edwards25519_scalarmuldouble_alt.S +2941 -0
  459. data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/arm/p384/Makefile +1 -1
  460. data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/arm/p521/Makefile +1 -1
  461. data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/include/s2n-bignum_aws-lc.h +34 -0
  462. data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/x86_att/curve25519/bignum_madd_n25519.S +219 -0
  463. data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/x86_att/curve25519/bignum_madd_n25519_alt.S +245 -0
  464. data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/x86_att/curve25519/bignum_mod_n25519.S +228 -0
  465. data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/x86_att/curve25519/bignum_neg_p25519.S +86 -0
  466. data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/x86_att/curve25519/curve25519_x25519.S +1350 -407
  467. data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/x86_att/curve25519/curve25519_x25519_alt.S +1350 -407
  468. data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/x86_att/curve25519/curve25519_x25519base.S +1344 -400
  469. data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/x86_att/curve25519/curve25519_x25519base_alt.S +1348 -402
  470. data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/x86_att/curve25519/edwards25519_decode.S +670 -0
  471. data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/x86_att/curve25519/edwards25519_decode_alt.S +751 -0
  472. data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/x86_att/curve25519/edwards25519_encode.S +81 -0
  473. data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/x86_att/curve25519/edwards25519_scalarmulbase.S +9910 -0
  474. data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/x86_att/curve25519/edwards25519_scalarmulbase_alt.S +9986 -0
  475. data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/x86_att/curve25519/edwards25519_scalarmuldouble.S +3619 -0
  476. data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/x86_att/curve25519/edwards25519_scalarmuldouble_alt.S +3736 -0
  477. data/aws-crt-ffi/crt/aws-lc/third_party/wycheproof_testvectors/hmac_sha512_224_test.json +1978 -0
  478. data/aws-crt-ffi/crt/aws-lc/third_party/wycheproof_testvectors/hmac_sha512_224_test.txt +1403 -0
  479. data/aws-crt-ffi/crt/aws-lc/third_party/wycheproof_testvectors/hmac_sha512_256_test.json +1993 -0
  480. data/aws-crt-ffi/crt/aws-lc/third_party/wycheproof_testvectors/hmac_sha512_256_test.txt +1416 -0
  481. data/aws-crt-ffi/crt/aws-lc/tool/digest.cc +4 -0
  482. data/aws-crt-ffi/crt/aws-lc/tool/internal.h +1 -0
  483. data/aws-crt-ffi/crt/aws-lc/tool/speed.cc +53 -6
  484. data/aws-crt-ffi/crt/aws-lc/util/all_tests.go +43 -12
  485. data/aws-crt-ffi/crt/aws-lc/util/all_tests.json +13 -5
  486. data/aws-crt-ffi/crt/aws-lc/util/bot/DEPS +4 -4
  487. data/aws-crt-ffi/crt/aws-lc/util/bot/update_clang.py +8 -2
  488. data/aws-crt-ffi/crt/aws-lc/util/codecov-ci.sh +82 -0
  489. data/aws-crt-ffi/crt/aws-lc/util/convert_wycheproof/convert_wycheproof.go +7 -5
  490. data/aws-crt-ffi/crt/aws-lc/util/fipstools/acvp/ACVP.md +7 -0
  491. data/aws-crt-ffi/crt/aws-lc/util/fipstools/acvp/acvptool/subprocess/hash.go +24 -9
  492. data/aws-crt-ffi/crt/aws-lc/util/fipstools/acvp/acvptool/subprocess/rsa.go +3 -4
  493. data/aws-crt-ffi/crt/aws-lc/util/fipstools/acvp/acvptool/subprocess/subprocess.go +15 -10
  494. data/aws-crt-ffi/crt/aws-lc/util/fipstools/acvp/acvptool/test/expected/HMAC-SHA2-512-224.bz2 +0 -0
  495. data/aws-crt-ffi/crt/aws-lc/util/fipstools/acvp/acvptool/test/expected/SHA2-512-224.bz2 +0 -0
  496. data/aws-crt-ffi/crt/aws-lc/util/fipstools/acvp/acvptool/test/expected/SHAKE-128.bz2 +0 -0
  497. data/aws-crt-ffi/crt/aws-lc/util/fipstools/acvp/acvptool/test/expected/SHAKE-256.bz2 +0 -0
  498. data/aws-crt-ffi/crt/aws-lc/util/fipstools/acvp/acvptool/test/sha-tests/sha512-224-tests.json +1 -0
  499. data/aws-crt-ffi/crt/aws-lc/util/fipstools/acvp/acvptool/test/sha-tests/shake-128-tests.json +1 -0
  500. data/aws-crt-ffi/crt/aws-lc/util/fipstools/acvp/acvptool/test/sha-tests/shake-256-tests.json +1 -0
  501. data/aws-crt-ffi/crt/aws-lc/util/fipstools/acvp/acvptool/test/tests.json +1 -0
  502. data/aws-crt-ffi/crt/aws-lc/util/fipstools/acvp/acvptool/test/vectors/HMAC-SHA2-512-224.bz2 +0 -0
  503. data/aws-crt-ffi/crt/aws-lc/util/fipstools/acvp/acvptool/test/vectors/SHA2-512-224.bz2 +0 -0
  504. data/aws-crt-ffi/crt/aws-lc/util/fipstools/acvp/acvptool/test/vectors/SHAKE-128.bz2 +0 -0
  505. data/aws-crt-ffi/crt/aws-lc/util/fipstools/acvp/acvptool/test/vectors/SHAKE-256.bz2 +0 -0
  506. data/aws-crt-ffi/crt/aws-lc/util/fipstools/acvp/modulewrapper/main.cc +4 -0
  507. data/aws-crt-ffi/crt/aws-lc/util/fipstools/acvp/modulewrapper/modulewrapper.cc +144 -1
  508. data/aws-crt-ffi/crt/aws-lc/util/fipstools/delocate/delocate.go +9 -3
  509. data/aws-crt-ffi/crt/aws-lc/util/fipstools/delocate/testdata/aarch64-Basic/in.s +4 -0
  510. data/aws-crt-ffi/crt/aws-lc/util/fipstools/delocate/testdata/aarch64-Basic/out.s +11 -0
  511. data/aws-crt-ffi/crt/aws-lc/util/fipstools/inject_hash/inject_hash.go +13 -4
  512. data/aws-crt-ffi/crt/aws-lc/util/fipstools/test-break-kat.sh +2 -0
  513. data/aws-crt-ffi/crt/aws-lc/util/testconfig/testconfig.go +2 -1
  514. data/aws-crt-ffi/crt/s2n/api/s2n.h +9 -5
  515. data/aws-crt-ffi/crt/s2n/bindings/rust/bench/benches/handshake.rs +9 -6
  516. data/aws-crt-ffi/crt/s2n/bindings/rust/bench/benches/resumption.rs +14 -14
  517. data/aws-crt-ffi/crt/s2n/bindings/rust/bench/benches/throughput.rs +9 -6
  518. data/aws-crt-ffi/crt/s2n/bindings/rust/bench/src/harness.rs +106 -102
  519. data/aws-crt-ffi/crt/s2n/bindings/rust/bench/src/openssl.rs +24 -20
  520. data/aws-crt-ffi/crt/s2n/bindings/rust/bench/src/rustls.rs +28 -24
  521. data/aws-crt-ffi/crt/s2n/bindings/rust/bench/src/s2n_tls.rs +52 -50
  522. data/aws-crt-ffi/crt/s2n/bindings/rust/generate/Cargo.toml +1 -0
  523. data/aws-crt-ffi/crt/s2n/bindings/rust/integration/Cargo.toml +3 -0
  524. data/aws-crt-ffi/crt/s2n/bindings/rust/s2n-tls/Cargo.toml +2 -2
  525. data/aws-crt-ffi/crt/s2n/bindings/rust/s2n-tls/src/connection.rs +9 -0
  526. data/aws-crt-ffi/crt/s2n/bindings/rust/s2n-tls-sys/templates/Cargo.template +2 -1
  527. data/aws-crt-ffi/crt/s2n/bindings/rust/s2n-tls-tokio/Cargo.toml +2 -2
  528. data/aws-crt-ffi/crt/s2n/tests/cbmc/sources/make_common_datastructures.c +9 -2
  529. data/aws-crt-ffi/crt/s2n/tests/fuzz/s2n_client_cert_verify_recv_test.c +1 -1
  530. data/aws-crt-ffi/crt/s2n/tests/fuzz/s2n_hybrid_ecdhe_kyber_r3_fuzz_test.c +1 -1
  531. data/aws-crt-ffi/crt/s2n/tests/fuzz/s2n_tls13_cert_verify_recv_test.c +1 -1
  532. data/aws-crt-ffi/crt/s2n/tests/integrationv2/test_version_negotiation.py +4 -4
  533. data/aws-crt-ffi/crt/s2n/tests/unit/s2n_auth_selection_test.c +19 -9
  534. data/aws-crt-ffi/crt/s2n/tests/unit/s2n_client_auth_handshake_test.c +3 -3
  535. data/aws-crt-ffi/crt/s2n/tests/unit/s2n_client_cert_verify_test.c +1 -1
  536. data/aws-crt-ffi/crt/s2n/tests/unit/s2n_client_hello_recv_test.c +1 -1
  537. data/aws-crt-ffi/crt/s2n/tests/unit/s2n_client_hello_test.c +4 -4
  538. data/aws-crt-ffi/crt/s2n/tests/unit/s2n_client_signature_algorithms_extension_test.c +4 -5
  539. data/aws-crt-ffi/crt/s2n/tests/unit/s2n_connection_protocol_versions_test.c +390 -0
  540. data/aws-crt-ffi/crt/s2n/tests/unit/s2n_connection_test.c +8 -4
  541. data/aws-crt-ffi/crt/s2n/tests/unit/s2n_handshake_test.c +2 -1
  542. data/aws-crt-ffi/crt/s2n/tests/unit/s2n_quic_support_io_test.c +106 -0
  543. data/aws-crt-ffi/crt/s2n/tests/unit/s2n_security_policies_test.c +6 -2
  544. data/aws-crt-ffi/crt/s2n/tests/unit/s2n_self_talk_offload_signing_test.c +3 -3
  545. data/aws-crt-ffi/crt/s2n/tests/unit/s2n_self_talk_session_resumption_test.c +135 -0
  546. data/aws-crt-ffi/crt/s2n/tests/unit/s2n_server_new_session_ticket_test.c +32 -0
  547. data/aws-crt-ffi/crt/s2n/tests/unit/s2n_server_signature_algorithms_extension_test.c +1 -1
  548. data/aws-crt-ffi/crt/s2n/tests/unit/s2n_signature_algorithms_test.c +307 -283
  549. data/aws-crt-ffi/crt/s2n/tests/unit/s2n_tls13_cert_request_test.c +1 -1
  550. data/aws-crt-ffi/crt/s2n/tests/unit/s2n_tls13_cert_verify_test.c +18 -17
  551. data/aws-crt-ffi/crt/s2n/tests/unit/s2n_x509_validator_test.c +125 -0
  552. data/aws-crt-ffi/crt/s2n/tls/extensions/s2n_client_signature_algorithms.c +8 -1
  553. data/aws-crt-ffi/crt/s2n/tls/extensions/s2n_client_supported_versions.c +43 -11
  554. data/aws-crt-ffi/crt/s2n/tls/extensions/s2n_client_supported_versions.h +3 -0
  555. data/aws-crt-ffi/crt/s2n/tls/extensions/s2n_server_signature_algorithms.c +8 -1
  556. data/aws-crt-ffi/crt/s2n/tls/s2n_auth_selection.c +4 -2
  557. data/aws-crt-ffi/crt/s2n/tls/s2n_client_cert_verify.c +7 -10
  558. data/aws-crt-ffi/crt/s2n/tls/s2n_client_hello.c +2 -2
  559. data/aws-crt-ffi/crt/s2n/tls/s2n_connection.c +75 -14
  560. data/aws-crt-ffi/crt/s2n/tls/s2n_handshake.h +2 -2
  561. data/aws-crt-ffi/crt/s2n/tls/s2n_post_handshake.c +1 -1
  562. data/aws-crt-ffi/crt/s2n/tls/s2n_post_handshake.h +1 -0
  563. data/aws-crt-ffi/crt/s2n/tls/s2n_quic_support.c +29 -0
  564. data/aws-crt-ffi/crt/s2n/tls/s2n_quic_support.h +5 -0
  565. data/aws-crt-ffi/crt/s2n/tls/s2n_security_policies.c +40 -0
  566. data/aws-crt-ffi/crt/s2n/tls/s2n_security_policies.h +4 -0
  567. data/aws-crt-ffi/crt/s2n/tls/s2n_server_cert_request.c +1 -1
  568. data/aws-crt-ffi/crt/s2n/tls/s2n_server_hello.c +0 -3
  569. data/aws-crt-ffi/crt/s2n/tls/s2n_server_key_exchange.c +8 -9
  570. data/aws-crt-ffi/crt/s2n/tls/s2n_server_new_session_ticket.c +8 -0
  571. data/aws-crt-ffi/crt/s2n/tls/s2n_signature_algorithms.c +111 -72
  572. data/aws-crt-ffi/crt/s2n/tls/s2n_signature_algorithms.h +11 -9
  573. data/aws-crt-ffi/crt/s2n/tls/s2n_signature_scheme.c +9 -0
  574. data/aws-crt-ffi/crt/s2n/tls/s2n_signature_scheme.h +2 -0
  575. data/aws-crt-ffi/crt/s2n/tls/s2n_tls13_certificate_verify.c +12 -18
  576. data/aws-crt-ffi/crt/s2n/tls/s2n_x509_validator.c +7 -7
  577. data/aws-crt-ffi/src/api.h +1 -0
  578. data/lib/aws-crt/native.rb +1 -1
  579. metadata +68 -5
  580. data/aws-crt-ffi/crt/aws-lc/tests/ci/cdk/cdk/ssm/m1_tests_ssm_document.yaml +0 -34
  581. data/aws-crt-ffi/crt/aws-lc/tests/ci/run_m1_ec2_instance.sh +0 -96
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: b529fd4fb2ec90269db3772a4f367f7484775a3fda180143a545c493c847815c
4
- data.tar.gz: d6268d7de9cbb390515a8a1560e312f549e679acce53096de31f0424f6ffb90a
3
+ metadata.gz: 44902427f5ce75db6b6414579414b05c514914588d021710ba3b5ce0c844811e
4
+ data.tar.gz: 4157116893d5a8e0e3bec90f8322291922f75b23c88544b44205f5d47a627de0
5
5
  SHA512:
6
- metadata.gz: d22f683451e7d44d25c0e9fae5913a158e506ef9dd04889c6673cc6151b166f6943441b158b954975a1356090c45e91bd5ad18c5cc142744b626f87c231df6ca
7
- data.tar.gz: 8b9b9c1c6ab27fb1b6347f0d9742f5949e5154c209158e95d357472b4a98623d0b960aed81c3bf3b713a358d4c321bb0840984e359e263e2f509d8cdbe6b7fcf
6
+ metadata.gz: 778d81486f2e248d7deaa06dda65c6cfe5a26876948b06cd5b457dd473cf82d2ff98478de7287474bd03a7fbc7abcd1b7d879e088c7b81c6f5c2b3cdcff47922
7
+ data.tar.gz: c1a985a56a022896dcafab5fa4bb499da64a77e736dd8d58e340d32c4c004e3c5508ca4d813f930ccc924b9a728cf8a68c3250aac2c7fe22523a3b3b5fe4cc79
data/CHANGELOG.md CHANGED
@@ -1,6 +1,11 @@
1
1
  Unreleased Changes
2
2
  ------------------
3
3
 
4
+ 0.2.0 (2023-11-28)
5
+ ------------------
6
+
7
+ * Feature - support sigv4-s3express signing.
8
+
4
9
  0.1.9 (2023-10-16)
5
10
  ------------------
6
11
 
data/VERSION CHANGED
@@ -1 +1 @@
1
- 0.1.9
1
+ 0.2.0
@@ -49,6 +49,7 @@ enum aws_auth_errors {
49
49
  AWS_AUTH_SSO_TOKEN_INVALID,
50
50
  AWS_AUTH_SSO_TOKEN_EXPIRED,
51
51
  AWS_AUTH_CREDENTIALS_PROVIDER_SSO_SOURCE_FAILURE,
52
+ AWS_AUTH_IMDS_CLIENT_SOURCE_FAILURE,
52
53
 
53
54
  AWS_AUTH_ERROR_END_RANGE = AWS_ERROR_ENUM_END_RANGE(AWS_C_AUTH_PACKAGE_ID)
54
55
  };
@@ -50,6 +50,11 @@ struct aws_imds_client_options {
50
50
  */
51
51
  enum aws_imds_protocol_version imds_version;
52
52
 
53
+ /*
54
+ * If true, fallback from v2 to v1 will be disabled for all cases
55
+ */
56
+ bool ec2_metadata_v1_disabled;
57
+
53
58
  /*
54
59
  * Table holding all cross-system functional dependencies for an imds client.
55
60
  *
@@ -216,6 +216,11 @@ struct aws_credentials_provider_imds_options {
216
216
  */
217
217
  enum aws_imds_protocol_version imds_version;
218
218
 
219
+ /*
220
+ * If true, fallback from v2 to v1 will be disabled for all cases
221
+ */
222
+ bool ec2_metadata_v1_disabled;
223
+
219
224
  /* For mocking the http layer in tests, leave NULL otherwise */
220
225
  struct aws_auth_http_system_vtable *function_table;
221
226
  };
@@ -109,6 +109,7 @@ AWS_AUTH_API extern const struct aws_string *g_aws_signing_credential_query_para
109
109
  AWS_AUTH_API extern const struct aws_string *g_aws_signing_date_name;
110
110
  AWS_AUTH_API extern const struct aws_string *g_aws_signing_signed_headers_query_param_name;
111
111
  AWS_AUTH_API extern const struct aws_string *g_aws_signing_security_token_name;
112
+ AWS_AUTH_API extern const struct aws_string *g_aws_signing_s3session_token_name;
112
113
  AWS_AUTH_API extern const struct aws_string *g_signature_type_sigv4a_http_request;
113
114
 
114
115
  /**
@@ -68,6 +68,8 @@ struct aws_auth_http_system_vtable {
68
68
  aws_http_stream_release_fn *aws_http_stream_release;
69
69
 
70
70
  aws_http_connection_close_fn *aws_http_connection_close;
71
+
72
+ int (*aws_high_res_clock_get_ticks)(uint64_t *timestamp);
71
73
  };
72
74
 
73
75
  enum aws_parse_credentials_expiration_format {
@@ -39,6 +39,7 @@ struct aws_signing_config_base {
39
39
  enum aws_signing_algorithm {
40
40
  AWS_SIGNING_ALGORITHM_V4,
41
41
  AWS_SIGNING_ALGORITHM_V4_ASYMMETRIC,
42
+ AWS_SIGNING_ALGORITHM_V4_S3EXPRESS,
42
43
  };
43
44
 
44
45
  /**
@@ -103,7 +103,9 @@ static struct aws_error_info s_errors[] = {
103
103
  AWS_DEFINE_ERROR_INFO_AUTH(
104
104
  AWS_AUTH_CREDENTIALS_PROVIDER_SSO_SOURCE_FAILURE,
105
105
  "Valid credentials could not be sourced by the sso credentials provider"),
106
-
106
+ AWS_DEFINE_ERROR_INFO_AUTH(
107
+ AWS_AUTH_IMDS_CLIENT_SOURCE_FAILURE,
108
+ "Failed to source the IMDS resource")
107
109
  };
108
110
  /* clang-format on */
109
111
 
@@ -58,13 +58,16 @@ struct aws_imds_client {
58
58
  struct aws_retry_strategy *retry_strategy;
59
59
  const struct aws_auth_http_system_vtable *function_table;
60
60
  struct aws_imds_client_shutdown_options shutdown_options;
61
+
61
62
  /* will be set to true by default, means using IMDS V2 */
62
63
  bool token_required;
63
64
  struct aws_byte_buf cached_token;
65
+ uint64_t cached_token_expiration_timestamp;
64
66
  enum imds_token_state token_state;
65
67
  struct aws_linked_list pending_queries;
66
68
  struct aws_mutex token_lock;
67
69
  struct aws_condition_variable token_signal;
70
+ bool ec2_metadata_v1_disabled;
68
71
 
69
72
  struct aws_atomic_var ref_count;
70
73
  };
@@ -144,6 +147,7 @@ struct aws_imds_client *aws_imds_client_new(
144
147
  client->function_table =
145
148
  options->function_table ? options->function_table : g_aws_credentials_provider_http_function_table;
146
149
  client->token_required = options->imds_version == IMDS_PROTOCOL_V1 ? false : true;
150
+ client->ec2_metadata_v1_disabled = options->ec2_metadata_v1_disabled;
147
151
  client->shutdown_options = options->shutdown_options;
148
152
 
149
153
  struct aws_socket_options socket_options;
@@ -165,12 +169,6 @@ struct aws_imds_client *aws_imds_client_new(
165
169
  manager_options.shutdown_complete_callback = s_on_connection_manager_shutdown;
166
170
  manager_options.shutdown_complete_user_data = client;
167
171
 
168
- struct aws_http_connection_monitoring_options monitor_options;
169
- AWS_ZERO_STRUCT(monitor_options);
170
- monitor_options.allowable_throughput_failure_interval_seconds = 1;
171
- monitor_options.minimum_throughput_bytes_per_second = 1;
172
- manager_options.monitoring_options = &monitor_options;
173
-
174
172
  client->connection_manager = client->function_table->aws_http_connection_manager_new(allocator, &manager_options);
175
173
  if (!client->connection_manager) {
176
174
  goto on_error;
@@ -221,7 +219,10 @@ struct imds_user_data {
221
219
  * will be adapted according to response.
222
220
  */
223
221
  bool imds_token_required;
222
+ /* Indicate the request is a fallback from a failure call. */
223
+ bool is_fallback_request;
224
224
  bool is_imds_token_request;
225
+ bool ec2_metadata_v1_disabled;
225
226
  int status_code;
226
227
  int error_code;
227
228
 
@@ -283,6 +284,7 @@ static struct imds_user_data *s_user_data_new(
283
284
  }
284
285
 
285
286
  wrapped_user_data->imds_token_required = client->token_required;
287
+ wrapped_user_data->ec2_metadata_v1_disabled = client->ec2_metadata_v1_disabled;
286
288
  aws_atomic_store_int(&wrapped_user_data->ref_count, 1);
287
289
  return wrapped_user_data;
288
290
 
@@ -319,8 +321,11 @@ static void s_reset_scratch_user_data(struct imds_user_data *user_data) {
319
321
  }
320
322
 
321
323
  static enum imds_token_copy_result s_copy_token_safely(struct imds_user_data *user_data);
322
- static void s_invalidate_cached_token_safely(struct imds_user_data *user_data);
323
- static bool s_update_token_safely(struct aws_imds_client *client, struct aws_byte_buf *token, bool token_required);
324
+ static void s_update_token_safely(
325
+ struct aws_imds_client *client,
326
+ struct aws_byte_buf *token,
327
+ bool token_required,
328
+ uint64_t expire_timestamp);
324
329
  static void s_query_complete(struct imds_user_data *user_data);
325
330
  static void s_on_acquire_connection(struct aws_http_connection *connection, int error_code, void *user_data);
326
331
  static void s_on_retry_token_acquired(struct aws_retry_strategy *, int, struct aws_retry_token *, void *);
@@ -397,6 +402,8 @@ AWS_STATIC_STRING_FROM_LITERAL(s_imds_token_resource_path, "/latest/api/token");
397
402
  AWS_STATIC_STRING_FROM_LITERAL(s_imds_token_ttl_header, "x-aws-ec2-metadata-token-ttl-seconds");
398
403
  AWS_STATIC_STRING_FROM_LITERAL(s_imds_token_header, "x-aws-ec2-metadata-token");
399
404
  AWS_STATIC_STRING_FROM_LITERAL(s_imds_token_ttl_default_value, "21600");
405
+ /* s_imds_token_ttl_default_value - 5secs for refreshing the cached token */
406
+ static const uint64_t s_imds_token_ttl_secs = 21595;
400
407
 
401
408
  static void s_on_stream_complete_fn(struct aws_http_stream *stream, int error_code, void *user_data);
402
409
 
@@ -468,6 +475,7 @@ static int s_make_imds_http_query(
468
475
  .on_response_header_block_done = NULL,
469
476
  .on_response_body = s_on_incoming_body_fn,
470
477
  .on_complete = s_on_stream_complete_fn,
478
+ .response_first_byte_timeout_ms = 1000,
471
479
  .user_data = user_data,
472
480
  .request = request,
473
481
  };
@@ -497,25 +505,51 @@ on_error:
497
505
  static void s_client_on_token_response(struct imds_user_data *user_data) {
498
506
  /* Gets 400 means token is required but the request itself failed. */
499
507
  if (user_data->status_code == AWS_HTTP_STATUS_CODE_400_BAD_REQUEST) {
500
- s_update_token_safely(user_data->client, NULL, true);
508
+ s_update_token_safely(user_data->client, NULL, true, 0 /*expire_timestamp*/);
501
509
  return;
502
510
  }
503
- /*
504
- * Other than that, if meets any error, then token is not required,
505
- * we should fall back to insecure request. Otherwise, we should use
506
- * token in following requests.
507
- */
508
- if (user_data->status_code != AWS_HTTP_STATUS_CODE_200_OK || user_data->current_result.len == 0) {
509
- s_update_token_safely(user_data->client, NULL, false);
510
- } else {
511
+
512
+ if (user_data->status_code == AWS_HTTP_STATUS_CODE_200_OK && user_data->current_result.len != 0) {
513
+ AWS_LOGF_DEBUG(AWS_LS_IMDS_CLIENT, "(id=%p) IMDS client has fetched the token", (void *)user_data->client);
514
+
511
515
  struct aws_byte_cursor cursor = aws_byte_cursor_from_buf(&(user_data->current_result));
512
516
  aws_byte_cursor_trim_pred(&cursor, aws_char_is_space);
513
517
  aws_byte_buf_reset(&user_data->imds_token, true /*zero contents*/);
514
518
  if (aws_byte_buf_append_and_update(&user_data->imds_token, &cursor)) {
515
- s_update_token_safely(user_data->client, NULL, true);
519
+ s_update_token_safely(user_data->client, NULL /*token*/, true /*token_required*/, 0 /*expire_timestamp*/);
516
520
  return;
517
521
  }
518
- s_update_token_safely(user_data->client, cursor.len == 0 ? NULL : &user_data->imds_token, cursor.len != 0);
522
+ /* The token was ALWAYS last for 6 hours, 21600 secs. Use current timestamp plus 21595 secs as the expiration
523
+ * timestamp for current token */
524
+ uint64_t current = 0;
525
+ user_data->client->function_table->aws_high_res_clock_get_ticks(&current);
526
+ uint64_t expire_timestamp = aws_add_u64_saturating(
527
+ current, aws_timestamp_convert(s_imds_token_ttl_secs, AWS_TIMESTAMP_SECS, AWS_TIMESTAMP_NANOS, NULL));
528
+
529
+ AWS_ASSERT(cursor.len != 0);
530
+ s_update_token_safely(user_data->client, &user_data->imds_token, true /*token_required*/, expire_timestamp);
531
+ } else if (user_data->ec2_metadata_v1_disabled) {
532
+ AWS_LOGF_DEBUG(
533
+ AWS_LS_IMDS_CLIENT,
534
+ "(id=%p) IMDS client failed to fetch token for requester %p, and fall back to v1 is disabled."
535
+ "Received response status code: %d",
536
+ (void *)user_data->client,
537
+ (void *)user_data,
538
+ user_data->status_code);
539
+ s_update_token_safely(user_data->client, NULL /*token*/, true /*token_required*/, 0 /*expire_timestamp*/);
540
+ } else {
541
+ /* Request failed; falling back to insecure request.
542
+ * TODO: The retryable error (503 throttle) will also fall back to v1. Instead, we should just resend the token
543
+ * request.
544
+ */
545
+ AWS_LOGF_DEBUG(
546
+ AWS_LS_IMDS_CLIENT,
547
+ "(id=%p) IMDS client failed to fetch token for requester %p, fall back to v1 for the same "
548
+ "requester. Received response status code: %d",
549
+ (void *)user_data->client,
550
+ (void *)user_data,
551
+ user_data->status_code);
552
+ s_update_token_safely(user_data->client, NULL /*token*/, false /* token_required*/, 0 /*expire_timestamp*/);
519
553
  }
520
554
  }
521
555
 
@@ -544,6 +578,7 @@ static void s_client_do_query_token(struct imds_user_data *user_data) {
544
578
  /* start query token for imds client */
545
579
  struct aws_byte_cursor uri = aws_byte_cursor_from_string(s_imds_token_resource_path);
546
580
 
581
+ /* Hard-coded 6 hour TTL for the token. */
547
582
  struct aws_http_header token_ttl_header = {
548
583
  .name = aws_byte_cursor_from_string(s_imds_token_ttl_header),
549
584
  .value = aws_byte_cursor_from_string(s_imds_token_ttl_default_value),
@@ -607,17 +642,50 @@ static void s_query_complete(struct imds_user_data *user_data) {
607
642
  return;
608
643
  }
609
644
 
610
- /* In this case we fallback to the secure imds flow. */
611
645
  if (user_data->status_code == AWS_HTTP_STATUS_CODE_401_UNAUTHORIZED) {
612
- s_invalidate_cached_token_safely(user_data);
613
- s_reset_scratch_user_data(user_data);
614
- aws_retry_token_release(user_data->retry_token);
615
- if (s_get_resource_async_with_imds_token(user_data)) {
616
- s_user_data_release(user_data);
646
+ struct aws_imds_client *client = user_data->client;
647
+ aws_mutex_lock(&client->token_lock);
648
+ if (aws_byte_buf_eq(&user_data->imds_token, &client->cached_token)) {
649
+ /* If the token used matches the cached token, that means the cached token is invalid. */
650
+ client->token_state = AWS_IMDS_TS_INVALID;
651
+ AWS_LOGF_DEBUG(
652
+ AWS_LS_IMDS_CLIENT,
653
+ "(id=%p) IMDS client's cached token is invalidated by requester %p.",
654
+ (void *)client,
655
+ (void *)user_data);
656
+ }
657
+ /* let following requests use token as it's required. */
658
+ client->token_required = true;
659
+ aws_mutex_unlock(&client->token_lock);
660
+
661
+ if (!user_data->imds_token_required && !user_data->is_fallback_request) {
662
+ AWS_LOGF_DEBUG(
663
+ AWS_LS_IMDS_CLIENT,
664
+ "(id=%p) IMDS client failed to fetch resource via V1, try to use V2. requester %p.",
665
+ (void *)user_data->client,
666
+ (void *)user_data);
667
+ /* V1 request, fallback to V2 and try again. */
668
+ s_reset_scratch_user_data(user_data);
669
+ user_data->is_fallback_request = true;
670
+ aws_retry_token_release(user_data->retry_token);
671
+ /* Try V2 now. */
672
+ if (s_get_resource_async_with_imds_token(user_data)) {
673
+ s_user_data_release(user_data);
674
+ }
675
+ return;
676
+ } else {
677
+ /* Not retirable error. */
678
+ AWS_LOGF_ERROR(
679
+ AWS_LS_IMDS_CLIENT,
680
+ "(id=%p) IMDS client failed to fetch resource. Server response 401 UNAUTHORIZED. requester %p.",
681
+ (void *)user_data->client,
682
+ (void *)user_data);
683
+ user_data->error_code = AWS_AUTH_IMDS_CLIENT_SOURCE_FAILURE;
617
684
  }
618
- return;
619
685
  }
620
686
 
687
+ /* TODO: if server sent out error, we will still report as succeed with the error body received from server. */
688
+ /* TODO: retry for 503 throttle. */
621
689
  user_data->original_callback(
622
690
  user_data->error_code ? NULL : &user_data->current_result,
623
691
  user_data->error_code,
@@ -683,6 +751,7 @@ static void s_on_stream_complete_fn(struct aws_http_stream *stream, int error_co
683
751
  client->function_table->aws_http_connection_manager_release_connection(client->connection_manager, connection);
684
752
 
685
753
  /* on encountering error, see if we could try again */
754
+ /* TODO: check the status code as well? */
686
755
  if (error_code) {
687
756
  AWS_LOGF_WARN(
688
757
  AWS_LS_IMDS_CLIENT,
@@ -753,8 +822,27 @@ static void s_complete_pending_queries(
753
822
  struct imds_user_data *requester = query->user_data;
754
823
  aws_mem_release(client->allocator, query);
755
824
 
756
- requester->imds_token_required = token_required;
757
825
  bool should_continue = true;
826
+ if (requester->imds_token_required && !token_required) {
827
+ if (requester->is_fallback_request) {
828
+ AWS_LOGF_ERROR(
829
+ AWS_LS_IMDS_CLIENT,
830
+ "(id=%p) IMDS client failed to fetch resource without token, and also failed to fetch token. "
831
+ "requester %p.",
832
+ (void *)requester->client,
833
+ (void *)requester);
834
+ requester->error_code = AWS_AUTH_IMDS_CLIENT_SOURCE_FAILURE;
835
+ should_continue = false;
836
+ } else {
837
+ AWS_LOGF_DEBUG(
838
+ AWS_LS_IMDS_CLIENT,
839
+ "(id=%p) IMDS client failed to fetch token, fallback to v1. requester %p.",
840
+ (void *)requester->client,
841
+ (void *)requester);
842
+ requester->is_fallback_request = true;
843
+ }
844
+ }
845
+ requester->imds_token_required = token_required;
758
846
  if (token) {
759
847
  aws_byte_buf_reset(&requester->imds_token, true);
760
848
  struct aws_byte_cursor cursor = aws_byte_cursor_from_buf(token);
@@ -767,6 +855,7 @@ static void s_complete_pending_queries(
767
855
  should_continue = false;
768
856
  }
769
857
  } else if (token_required) {
858
+ requester->error_code = AWS_AUTH_IMDS_CLIENT_SOURCE_FAILURE;
770
859
  should_continue = false;
771
860
  }
772
861
 
@@ -781,9 +870,8 @@ static void s_complete_pending_queries(
781
870
  }
782
871
 
783
872
  if (!should_continue) {
784
- requester->error_code = aws_last_error();
785
873
  if (requester->error_code == AWS_ERROR_SUCCESS) {
786
- requester->error_code = AWS_ERROR_UNKNOWN;
874
+ requester->error_code = aws_last_error() == AWS_ERROR_SUCCESS ? AWS_ERROR_UNKNOWN : aws_last_error();
787
875
  }
788
876
  s_query_complete(requester);
789
877
  }
@@ -796,25 +884,35 @@ static enum imds_token_copy_result s_copy_token_safely(struct imds_user_data *us
796
884
 
797
885
  struct aws_linked_list pending_queries;
798
886
  aws_linked_list_init(&pending_queries);
799
- aws_mutex_lock(&client->token_lock);
887
+ uint64_t current = 0;
888
+ user_data->client->function_table->aws_high_res_clock_get_ticks(&current);
800
889
 
890
+ aws_mutex_lock(&client->token_lock);
801
891
  if (client->token_state == AWS_IMDS_TS_VALID) {
802
- aws_byte_buf_reset(&user_data->imds_token, true);
803
- struct aws_byte_cursor cursor = aws_byte_cursor_from_buf(&client->cached_token);
804
- if (aws_byte_buf_append_dynamic(&user_data->imds_token, &cursor)) {
805
- ret = AWS_IMDS_TCR_UNEXPECTED_ERROR;
892
+ if (current > client->cached_token_expiration_timestamp) {
893
+ /* The cached token expired. Switch the state */
894
+ client->token_state = AWS_IMDS_TS_INVALID;
895
+ AWS_LOGF_DEBUG(
896
+ AWS_LS_IMDS_CLIENT,
897
+ "(id=%p) IMDS client's cached token expired. Fetching new token for requester %p.",
898
+ (void *)client,
899
+ (void *)user_data);
806
900
  } else {
807
- ret = AWS_IMDS_TCR_SUCCESS;
901
+ aws_byte_buf_reset(&user_data->imds_token, true);
902
+ struct aws_byte_cursor cursor = aws_byte_cursor_from_buf(&client->cached_token);
903
+ if (aws_byte_buf_append_dynamic(&user_data->imds_token, &cursor)) {
904
+ ret = AWS_IMDS_TCR_UNEXPECTED_ERROR;
905
+ } else {
906
+ ret = AWS_IMDS_TCR_SUCCESS;
907
+ }
808
908
  }
809
- } else {
909
+ }
910
+
911
+ if (client->token_state != AWS_IMDS_TS_VALID) {
810
912
  ret = AWS_IMDS_TCR_WAITING_IN_QUEUE;
811
913
  struct imds_token_query *query = aws_mem_calloc(client->allocator, 1, sizeof(struct imds_token_query));
812
- if (query != NULL) {
813
- query->user_data = user_data;
814
- aws_linked_list_push_back(&client->pending_queries, &query->node);
815
- } else {
816
- ret = AWS_IMDS_TCR_UNEXPECTED_ERROR;
817
- }
914
+ query->user_data = user_data;
915
+ aws_linked_list_push_back(&client->pending_queries, &query->node);
818
916
 
819
917
  if (client->token_state == AWS_IMDS_TS_INVALID) {
820
918
  if (s_client_start_query_token(client)) {
@@ -855,31 +953,16 @@ static enum imds_token_copy_result s_copy_token_safely(struct imds_user_data *us
855
953
  }
856
954
  return ret;
857
955
  }
858
-
859
- static void s_invalidate_cached_token_safely(struct imds_user_data *user_data) {
860
- bool invalidated = false;
861
- struct aws_imds_client *client = user_data->client;
862
- aws_mutex_lock(&client->token_lock);
863
- if (aws_byte_buf_eq(&user_data->imds_token, &client->cached_token)) {
864
- client->token_state = AWS_IMDS_TS_INVALID;
865
- invalidated = true;
866
- }
867
- aws_mutex_unlock(&client->token_lock);
868
- if (invalidated) {
869
- AWS_LOGF_DEBUG(
870
- AWS_LS_IMDS_CLIENT,
871
- "(id=%p) IMDS client's cached token is set to be invalid by requester %p.",
872
- (void *)client,
873
- (void *)user_data);
874
- }
875
- }
876
-
877
956
  /**
878
957
  * Once a requseter returns from token request, it should call this function to unblock all other
879
958
  * waiting requesters. When the token parameter is NULL, means the token request failed. Now we need
880
959
  * a new requester to acquire the token again.
881
960
  */
882
- static bool s_update_token_safely(struct aws_imds_client *client, struct aws_byte_buf *token, bool token_required) {
961
+ static void s_update_token_safely(
962
+ struct aws_imds_client *client,
963
+ struct aws_byte_buf *token,
964
+ bool token_required,
965
+ uint64_t expire_timestamp) {
883
966
  AWS_FATAL_ASSERT(client);
884
967
  bool updated = false;
885
968
 
@@ -893,6 +976,7 @@ static bool s_update_token_safely(struct aws_imds_client *client, struct aws_byt
893
976
  struct aws_byte_cursor cursor = aws_byte_cursor_from_buf(token);
894
977
  if (aws_byte_buf_append_dynamic(&client->cached_token, &cursor) == AWS_OP_SUCCESS) {
895
978
  client->token_state = AWS_IMDS_TS_VALID;
979
+ client->cached_token_expiration_timestamp = expire_timestamp;
896
980
  updated = true;
897
981
  }
898
982
  } else {
@@ -909,7 +993,6 @@ static bool s_update_token_safely(struct aws_imds_client *client, struct aws_byt
909
993
  } else {
910
994
  AWS_LOGF_ERROR(AWS_LS_IMDS_CLIENT, "(id=%p) IMDS client failed to update the token from IMDS.", (void *)client);
911
995
  }
912
- return updated;
913
996
  }
914
997
 
915
998
  int s_get_resource_async_with_imds_token(struct imds_user_data *user_data) {
@@ -59,6 +59,7 @@ AWS_STRING_FROM_LITERAL(g_aws_signing_credential_query_param_name, "X-Amz-Creden
59
59
  AWS_STRING_FROM_LITERAL(g_aws_signing_date_name, "X-Amz-Date");
60
60
  AWS_STRING_FROM_LITERAL(g_aws_signing_signed_headers_query_param_name, "X-Amz-SignedHeaders");
61
61
  AWS_STRING_FROM_LITERAL(g_aws_signing_security_token_name, "X-Amz-Security-Token");
62
+ AWS_STRING_FROM_LITERAL(g_aws_signing_s3session_token_name, "X-Amz-S3session-Token");
62
63
  AWS_STRING_FROM_LITERAL(g_aws_signing_expires_query_param_name, "X-Amz-Expires");
63
64
  AWS_STRING_FROM_LITERAL(g_aws_signing_region_set_name, "X-Amz-Region-Set");
64
65
 
@@ -87,6 +88,7 @@ static struct aws_byte_cursor s_amz_date_header_name;
87
88
  static struct aws_byte_cursor s_authorization_header_name;
88
89
  static struct aws_byte_cursor s_region_set_header_name;
89
90
  static struct aws_byte_cursor s_amz_security_token_header_name;
91
+ static struct aws_byte_cursor s_amz_s3session_token_header_name;
90
92
 
91
93
  static struct aws_byte_cursor s_amz_signature_param_name;
92
94
  static struct aws_byte_cursor s_amz_date_param_name;
@@ -191,6 +193,11 @@ int aws_signing_init_signing_tables(struct aws_allocator *allocator) {
191
193
  return AWS_OP_ERR;
192
194
  }
193
195
 
196
+ s_amz_s3session_token_header_name = aws_byte_cursor_from_string(g_aws_signing_s3session_token_name);
197
+ if (aws_hash_table_put(&s_forbidden_headers, &s_amz_s3session_token_header_name, NULL, NULL)) {
198
+ return AWS_OP_ERR;
199
+ }
200
+
194
201
  if (aws_hash_table_init(
195
202
  &s_forbidden_params,
196
203
  allocator,
@@ -279,25 +286,25 @@ static int s_get_signature_type_cursor(struct aws_signing_state_aws *state, stru
279
286
  case AWS_ST_HTTP_REQUEST_QUERY_PARAMS:
280
287
  case AWS_ST_CANONICAL_REQUEST_HEADERS:
281
288
  case AWS_ST_CANONICAL_REQUEST_QUERY_PARAMS:
282
- if (state->config.algorithm == AWS_SIGNING_ALGORITHM_V4) {
283
- *cursor = aws_byte_cursor_from_string(s_signature_type_sigv4_http_request);
284
- } else {
289
+ if (state->config.algorithm == AWS_SIGNING_ALGORITHM_V4_ASYMMETRIC) {
285
290
  *cursor = aws_byte_cursor_from_string(g_signature_type_sigv4a_http_request);
291
+ } else {
292
+ *cursor = aws_byte_cursor_from_string(s_signature_type_sigv4_http_request);
286
293
  }
287
294
  break;
288
295
  case AWS_ST_HTTP_REQUEST_CHUNK:
289
296
  case AWS_ST_HTTP_REQUEST_EVENT:
290
- if (state->config.algorithm == AWS_SIGNING_ALGORITHM_V4) {
291
- *cursor = aws_byte_cursor_from_string(s_signature_type_sigv4_s3_chunked_payload);
292
- } else {
297
+ if (state->config.algorithm == AWS_SIGNING_ALGORITHM_V4_ASYMMETRIC) {
293
298
  *cursor = aws_byte_cursor_from_string(s_signature_type_sigv4a_s3_chunked_payload);
299
+ } else {
300
+ *cursor = aws_byte_cursor_from_string(s_signature_type_sigv4_s3_chunked_payload);
294
301
  }
295
302
  break;
296
303
  case AWS_ST_HTTP_REQUEST_TRAILING_HEADERS:
297
- if (state->config.algorithm == AWS_SIGNING_ALGORITHM_V4) {
298
- *cursor = aws_byte_cursor_from_string(s_signature_type_sigv4_s3_chunked_trailer_payload);
299
- } else {
304
+ if (state->config.algorithm == AWS_SIGNING_ALGORITHM_V4_ASYMMETRIC) {
300
305
  *cursor = aws_byte_cursor_from_string(s_signature_type_sigv4a_s3_chunked_trailer_payload);
306
+ } else {
307
+ *cursor = aws_byte_cursor_from_string(s_signature_type_sigv4_s3_chunked_trailer_payload);
301
308
  }
302
309
  break;
303
310
 
@@ -841,12 +848,20 @@ static int s_add_authorization_query_params(
841
848
  }
842
849
  }
843
850
 
844
- /* X-Amz-Security-token */
845
- struct aws_byte_cursor security_token_name_cur = aws_byte_cursor_from_string(g_aws_signing_security_token_name);
851
+ /* X-Amz-*-token */
852
+ /* We have different token between S3Express and other signing, which needs different token header name */
853
+ struct aws_byte_cursor token_header_name;
854
+ if (state->config.algorithm == AWS_SIGNING_ALGORITHM_V4_S3EXPRESS) {
855
+ /* X-Amz-S3session-Token */
856
+ token_header_name = s_amz_s3session_token_header_name;
857
+ } else {
858
+ /* X-Amz-Security-Token */
859
+ token_header_name = s_amz_security_token_header_name;
860
+ }
846
861
  struct aws_byte_cursor session_token_cursor = aws_credentials_get_session_token(state->config.credentials);
847
862
  if (session_token_cursor.len > 0) {
848
863
  struct aws_uri_param security_token_param = {
849
- .key = security_token_name_cur,
864
+ .key = token_header_name,
850
865
  .value = session_token_cursor,
851
866
  };
852
867
 
@@ -1262,8 +1277,17 @@ static int s_build_canonical_stable_header_list(
1262
1277
  if (state->config.signature_type == AWS_ST_HTTP_REQUEST_HEADERS) {
1263
1278
 
1264
1279
  /*
1265
- * X-Amz-Security-Token
1280
+ * X-Amz-*-Token
1266
1281
  */
1282
+ /* We have different token between S3Express and other signing, which needs different token header name */
1283
+ struct aws_byte_cursor token_header_name;
1284
+ if (state->config.algorithm == AWS_SIGNING_ALGORITHM_V4_S3EXPRESS) {
1285
+ /* X-Amz-S3session-Token */
1286
+ token_header_name = s_amz_s3session_token_header_name;
1287
+ } else {
1288
+ /* X-Amz-Security-Token */
1289
+ token_header_name = s_amz_security_token_header_name;
1290
+ }
1267
1291
  struct aws_byte_cursor session_token_cursor = aws_credentials_get_session_token(state->config.credentials);
1268
1292
  if (session_token_cursor.len > 0) {
1269
1293
  /* Note that if omit_session_token is true, it is added to final
@@ -1272,17 +1296,13 @@ static int s_build_canonical_stable_header_list(
1272
1296
  if (aws_signing_result_append_property_list(
1273
1297
  &state->result,
1274
1298
  g_aws_http_headers_property_list_name,
1275
- &s_amz_security_token_header_name,
1299
+ &token_header_name,
1276
1300
  &session_token_cursor)) {
1277
1301
  return AWS_OP_ERR;
1278
1302
  }
1279
1303
  } else {
1280
1304
  if (s_add_authorization_header(
1281
- state,
1282
- stable_header_list,
1283
- out_required_capacity,
1284
- s_amz_security_token_header_name,
1285
- session_token_cursor)) {
1305
+ state, stable_header_list, out_required_capacity, token_header_name, session_token_cursor)) {
1286
1306
  return AWS_OP_ERR;
1287
1307
  }
1288
1308
  }
@@ -1597,6 +1617,7 @@ static int s_append_credential_scope_terminator(enum aws_signing_algorithm algor
1597
1617
 
1598
1618
  switch (algorithm) {
1599
1619
  case AWS_SIGNING_ALGORITHM_V4:
1620
+ case AWS_SIGNING_ALGORITHM_V4_S3EXPRESS:
1600
1621
  case AWS_SIGNING_ALGORITHM_V4_ASYMMETRIC:
1601
1622
  terminator_cursor = aws_byte_cursor_from_string(s_credential_scope_sigv4_terminator);
1602
1623
  break;
@@ -2304,6 +2325,7 @@ cleanup:
2304
2325
  int s_calculate_signature_value(struct aws_signing_state_aws *state) {
2305
2326
  switch (state->config.algorithm) {
2306
2327
  case AWS_SIGNING_ALGORITHM_V4:
2328
+ case AWS_SIGNING_ALGORITHM_V4_S3EXPRESS:
2307
2329
  return s_calculate_sigv4_signature_value(state);
2308
2330
 
2309
2331
  case AWS_SIGNING_ALGORITHM_V4_ASYMMETRIC:
@@ -84,6 +84,7 @@ struct aws_credentials_provider *aws_credentials_provider_new_imds(
84
84
  .bootstrap = options->bootstrap,
85
85
  .function_table = options->function_table,
86
86
  .imds_version = options->imds_version,
87
+ .ec2_metadata_v1_disabled = options->ec2_metadata_v1_disabled,
87
88
  .shutdown_options =
88
89
  {
89
90
  .shutdown_callback = s_on_imds_client_shutdown,
@@ -30,6 +30,7 @@ static struct aws_auth_http_system_vtable s_default_function_table = {
30
30
  .aws_http_stream_get_incoming_response_status = aws_http_stream_get_incoming_response_status,
31
31
  .aws_http_stream_release = aws_http_stream_release,
32
32
  .aws_http_connection_close = aws_http_connection_close,
33
+ .aws_high_res_clock_get_ticks = aws_high_res_clock_get_ticks,
33
34
  };
34
35
 
35
36
  const struct aws_auth_http_system_vtable *g_aws_credentials_provider_http_function_table = &s_default_function_table;
@@ -76,6 +76,7 @@ static void s_aws_signable_http_request_destroy(struct aws_signable *signable) {
76
76
  return;
77
77
  }
78
78
 
79
+ aws_http_message_release(impl->request);
79
80
  aws_array_list_clean_up(&impl->headers);
80
81
  aws_mem_release(signable->allocator, signable);
81
82
  }
@@ -118,7 +119,7 @@ struct aws_signable *aws_signable_new_http_request(struct aws_allocator *allocat
118
119
  aws_array_list_push_back(&impl->headers, &property);
119
120
  }
120
121
 
121
- impl->request = request;
122
+ impl->request = aws_http_message_acquire(request);
122
123
 
123
124
  return signable;
124
125