diff options
Diffstat (limited to 'libs/libcurl/src/http_aws_sigv4.c')
-rw-r--r-- | libs/libcurl/src/http_aws_sigv4.c | 137 |
1 files changed, 84 insertions, 53 deletions
diff --git a/libs/libcurl/src/http_aws_sigv4.c b/libs/libcurl/src/http_aws_sigv4.c index 3381474cb2..bbb21b198b 100644 --- a/libs/libcurl/src/http_aws_sigv4.c +++ b/libs/libcurl/src/http_aws_sigv4.c @@ -60,11 +60,11 @@ #define TIMESTAMP_SIZE 17
/* hex-encoded with trailing null */
-#define SHA256_HEX_LENGTH (2 * SHA256_DIGEST_LENGTH + 1)
+#define SHA256_HEX_LENGTH (2 * CURL_SHA256_DIGEST_LENGTH + 1)
static void sha256_to_hex(char *dst, unsigned char *sha)
{
- Curl_hexencode(sha, SHA256_DIGEST_LENGTH,
+ Curl_hexencode(sha, CURL_SHA256_DIGEST_LENGTH,
(unsigned char *)dst, SHA256_HEX_LENGTH);
}
@@ -129,6 +129,37 @@ static void trim_headers(struct curl_slist *head) /* string been x-PROVIDER-date:TIMESTAMP, I need +1 for ':' */
#define DATE_FULL_HDR_LEN (DATE_HDR_KEY_LEN + TIMESTAMP_SIZE + 1)
+/* alphabetically compare two headers by their name, expecting
+ headers to use ':' at this point */
+static int compare_header_names(const char *a, const char *b)
+{
+ const char *colon_a;
+ const char *colon_b;
+ size_t len_a;
+ size_t len_b;
+ size_t min_len;
+ int cmp;
+
+ colon_a = strchr(a, ':');
+ colon_b = strchr(b, ':');
+
+ DEBUGASSERT(colon_a);
+ DEBUGASSERT(colon_b);
+
+ len_a = colon_a ? (size_t)(colon_a - a) : strlen(a);
+ len_b = colon_b ? (size_t)(colon_b - b) : strlen(b);
+
+ min_len = (len_a < len_b) ? len_a : len_b;
+
+ cmp = strncmp(a, b, min_len);
+
+ /* return the shorter of the two if one is shorter */
+ if(!cmp)
+ return (int)(len_a - len_b);
+
+ return cmp;
+}
+
/* timestamp should point to a buffer of at last TIMESTAMP_SIZE bytes */
static CURLcode make_headers(struct Curl_easy *data,
const char *hostname,
@@ -240,7 +271,7 @@ static CURLcode make_headers(struct Curl_easy *data, if(!tmp_head)
goto fail;
head = tmp_head;
- *date_header = curl_maprintf("%s: %s\r\n", date_hdr_key, timestamp);
+ *date_header = aprintf("%s: %s\r\n", date_hdr_key, timestamp);
}
else {
char *value;
@@ -267,13 +298,13 @@ static CURLcode make_headers(struct Curl_easy *data, *date_header = NULL;
}
- /* alpha-sort in a case sensitive manner */
+ /* alpha-sort by header name in a case sensitive manner */
do {
again = 0;
for(l = head; l; l = l->next) {
struct curl_slist *next = l->next;
- if(next && strcmp(l->data, next->data) > 0) {
+ if(next && compare_header_names(l->data, next->data) > 0) {
char *tmp = l->data;
l->data = next->data;
@@ -573,7 +604,7 @@ CURLcode Curl_output_aws_sigv4(struct Curl_easy *data, bool proxy) const char *method = NULL;
char *payload_hash = NULL;
size_t payload_hash_len = 0;
- unsigned char sha_hash[SHA256_DIGEST_LENGTH];
+ unsigned char sha_hash[CURL_SHA256_DIGEST_LENGTH];
char sha_hex[SHA256_HEX_LENGTH];
char content_sha256_hdr[CONTENT_SHA256_HDR_LEN + 2] = ""; /* add \r\n */
char *canonical_request = NULL;
@@ -582,8 +613,8 @@ CURLcode Curl_output_aws_sigv4(struct Curl_easy *data, bool proxy) char *str_to_sign = NULL;
const char *user = data->state.aptr.user ? data->state.aptr.user : "";
char *secret = NULL;
- unsigned char sign0[SHA256_DIGEST_LENGTH] = {0};
- unsigned char sign1[SHA256_DIGEST_LENGTH] = {0};
+ unsigned char sign0[CURL_SHA256_DIGEST_LENGTH] = {0};
+ unsigned char sign1[CURL_SHA256_DIGEST_LENGTH] = {0};
char *auth_headers = NULL;
DEBUGASSERT(!proxy);
@@ -735,19 +766,19 @@ CURLcode Curl_output_aws_sigv4(struct Curl_easy *data, bool proxy) result = CURLE_OUT_OF_MEMORY;
canonical_request =
- curl_maprintf("%s\n" /* HTTPRequestMethod */
- "%s\n" /* CanonicalURI */
- "%s\n" /* CanonicalQueryString */
- "%s\n" /* CanonicalHeaders */
- "%s\n" /* SignedHeaders */
- "%.*s", /* HashedRequestPayload in hex */
- method,
- Curl_dyn_ptr(&canonical_path),
- Curl_dyn_ptr(&canonical_query) ?
- Curl_dyn_ptr(&canonical_query) : "",
- Curl_dyn_ptr(&canonical_headers),
- Curl_dyn_ptr(&signed_headers),
- (int)payload_hash_len, payload_hash);
+ aprintf("%s\n" /* HTTPRequestMethod */
+ "%s\n" /* CanonicalURI */
+ "%s\n" /* CanonicalQueryString */
+ "%s\n" /* CanonicalHeaders */
+ "%s\n" /* SignedHeaders */
+ "%.*s", /* HashedRequestPayload in hex */
+ method,
+ Curl_dyn_ptr(&canonical_path),
+ Curl_dyn_ptr(&canonical_query) ?
+ Curl_dyn_ptr(&canonical_query) : "",
+ Curl_dyn_ptr(&canonical_headers),
+ Curl_dyn_ptr(&signed_headers),
+ (int)payload_hash_len, payload_hash);
if(!canonical_request)
goto fail;
@@ -755,12 +786,12 @@ CURLcode Curl_output_aws_sigv4(struct Curl_easy *data, bool proxy) /* provider 0 lowercase */
Curl_strntolower(provider0, provider0, strlen(provider0));
- request_type = curl_maprintf("%s4_request", provider0);
+ request_type = aprintf("%s4_request", provider0);
if(!request_type)
goto fail;
- credential_scope = curl_maprintf("%s/%s/%s/%s",
- date, region, service, request_type);
+ credential_scope = aprintf("%s/%s/%s/%s",
+ date, region, service, request_type);
if(!credential_scope)
goto fail;
@@ -777,22 +808,22 @@ CURLcode Curl_output_aws_sigv4(struct Curl_easy *data, bool proxy) * Google allows using RSA key instead of HMAC, so this code might change
* in the future. For now we only support HMAC.
*/
- str_to_sign = curl_maprintf("%s4-HMAC-SHA256\n" /* Algorithm */
- "%s\n" /* RequestDateTime */
- "%s\n" /* CredentialScope */
- "%s", /* HashedCanonicalRequest in hex */
- provider0,
- timestamp,
- credential_scope,
- sha_hex);
+ str_to_sign = aprintf("%s4-HMAC-SHA256\n" /* Algorithm */
+ "%s\n" /* RequestDateTime */
+ "%s\n" /* CredentialScope */
+ "%s", /* HashedCanonicalRequest in hex */
+ provider0,
+ timestamp,
+ credential_scope,
+ sha_hex);
if(!str_to_sign) {
goto fail;
}
/* provider 0 uppercase */
- secret = curl_maprintf("%s4%s", provider0,
- data->state.aptr.passwd ?
- data->state.aptr.passwd : "");
+ secret = aprintf("%s4%s", provider0,
+ data->state.aptr.passwd ?
+ data->state.aptr.passwd : "");
if(!secret)
goto fail;
@@ -805,24 +836,24 @@ CURLcode Curl_output_aws_sigv4(struct Curl_easy *data, bool proxy) sha256_to_hex(sha_hex, sign0);
/* provider 0 uppercase */
- auth_headers = curl_maprintf("Authorization: %s4-HMAC-SHA256 "
- "Credential=%s/%s, "
- "SignedHeaders=%s, "
- "Signature=%s\r\n"
- /*
- * date_header is added here, only if it was not
- * user-specified (using CURLOPT_HTTPHEADER).
- * date_header includes \r\n
- */
- "%s"
- "%s", /* optional sha256 header includes \r\n */
- provider0,
- user,
- credential_scope,
- Curl_dyn_ptr(&signed_headers),
- sha_hex,
- date_header ? date_header : "",
- content_sha256_hdr);
+ auth_headers = aprintf("Authorization: %s4-HMAC-SHA256 "
+ "Credential=%s/%s, "
+ "SignedHeaders=%s, "
+ "Signature=%s\r\n"
+ /*
+ * date_header is added here, only if it was not
+ * user-specified (using CURLOPT_HTTPHEADER).
+ * date_header includes \r\n
+ */
+ "%s"
+ "%s", /* optional sha256 header includes \r\n */
+ provider0,
+ user,
+ credential_scope,
+ Curl_dyn_ptr(&signed_headers),
+ sha_hex,
+ date_header ? date_header : "",
+ content_sha256_hdr);
if(!auth_headers) {
goto fail;
}
|