#
b8ffb02e |
| 30-Nov-2022 |
Baitinq on github |
aws_sigv4: fix typos in aws_sigv4.c Closes #10008
|
#
7f8e6da6 |
| 25-Oct-2022 |
Casey Bodley |
aws_sigv4: consult x-%s-content-sha256 for payload hash `Curl_output_aws_sigv4()` doesn't always have the whole payload in memory to generate a real payload hash. this commit allows the
aws_sigv4: consult x-%s-content-sha256 for payload hash `Curl_output_aws_sigv4()` doesn't always have the whole payload in memory to generate a real payload hash. this commit allows the user to pass in a header like `x-amz-content-sha256` to provide their desired payload hash some services like s3 require this header, and may support other values like s3's `UNSIGNED-PAYLOAD` and `STREAMING-AWS4-HMAC-SHA256-PAYLOAD` with special semantics. servers use this header's value as the payload hash during signature validation, so it must match what the client uses to generate the signature CURLOPT_AWS_SIGV4.3 now describes the content-sha256 interaction Signed-off-by: Casey Bodley <cbodley@redhat.com> Closes #9804
show more ...
|
#
279834dd |
| 24-Oct-2022 |
Daniel Stenberg |
misc: remove duplicated include files Closes #9796
|
#
57ba1dd5 |
| 12-Oct-2022 |
Daniel Stenberg |
http_aws_sigv4: fix strlen() check The check was off-by-one leading to buffer overflow. Follow-up to 29c4aa00a16872 Detected by OSS-Fuzz Closes #9714
|
#
29c4aa00 |
| 13-Jan-2022 |
Matthias Gatto |
aws_sigv4: fix header computation Handle canonical headers and signed headers creation as explained here: https://docs.aws.amazon.com/general/latest/gr/sigv4-create-canonical-request.htm
aws_sigv4: fix header computation Handle canonical headers and signed headers creation as explained here: https://docs.aws.amazon.com/general/latest/gr/sigv4-create-canonical-request.html The algo tells that signed and canonical must contain at last host and x-amz-date. So we check whatever thoses are present in the curl http headers list. If they are, we use the one enter by curl user, otherwise we generate them. then we to lower, and remove space from each http headers plus host and x-amz-date, then sort them all by alphabetical order. This patch also fix a bug with host header, which was ignoring the port. Closes #7966
show more ...
|
#
4d4c2274 |
| 01-Jul-2022 |
Daniel Stenberg |
http_aws_sigv4.c: remove two unusued includes Closes #9080
|
#
ad9bc597 |
| 17-May-2022 |
max.mehl |
copyright: make repository REUSE compliant Add licensing and copyright information for all files in this repository. This either happens in the file itself as a comment header or in the
copyright: make repository REUSE compliant Add licensing and copyright information for all files in this repository. This either happens in the file itself as a comment header or in the file `.reuse/dep5`. This commit also adds a Github workflow to check pull requests and adapts copyright.pl to the changes. Closes #8869
show more ...
|
#
37f892fb |
| 11-May-2022 |
Daniel Gustafsson |
aws-sigv4: fix potentional NULL pointer arithmetic We need to check if the strchr() call returns NULL (due to missing char) before we use the returned value in arithmetic. There is no
aws-sigv4: fix potentional NULL pointer arithmetic We need to check if the strchr() call returns NULL (due to missing char) before we use the returned value in arithmetic. There is no live bug here, but fixing it before it can become for hygiene. Closes: #8814 Reviewed-by: Daniel Stenberg <daniel@haxx.se>
show more ...
|
#
9bc3cebc |
| 08-Feb-2022 |
HenrikHolst |
misc: remove strlen for Curl_checkheaders + Curl_checkProxyheaders Closes #8409
|
#
d6ff35b5 |
| 10-Dec-2021 |
x2018 |
sha256/md5: return errors when init fails Closes #8133
|
#
8c6f1262 |
| 12-Oct-2021 |
Abhinav Singh |
aws-sigv4: make signature work when post data is binary User sets the post fields size for binary data. Hence, we should not be using strlen on it. Added test 1937 and 1938 to
aws-sigv4: make signature work when post data is binary User sets the post fields size for binary data. Hence, we should not be using strlen on it. Added test 1937 and 1938 to verify. Closes #7844
show more ...
|
#
7cf5e8e7 |
| 19-Sep-2021 |
a1346054 <36859588+a1346054@users.noreply.github.com> |
misc: fix typos in docs and comments No user facing output from curl/libcurl is changed by this, just comments. Closes #7747
|
#
e7416cfd |
| 06-Jul-2021 |
Daniel Stenberg |
infof: remove newline from format strings, always append it - the data needs to be "line-based" anyway since it's also passed to the debug callback/application - it makes info
infof: remove newline from format strings, always append it - the data needs to be "line-based" anyway since it's also passed to the debug callback/application - it makes infof() work like failf() and consistency is good - there's an assert that triggers on newlines in the format string - Also removes a few instances of "..." - Removes the code that would append "..." to the end of the data *iff* it was truncated in infof() Closes #7357
show more ...
|
Revision tags: curl-7_76_1, curl-7_76_0 |
|
#
46620b97 |
| 12-Feb-2021 |
Daniel Stenberg |
http: use credentials from transfer, not connection HTTP auth "accidentally" worked before this cleanup since the code would always overwrite the connection credentials with the credenti
http: use credentials from transfer, not connection HTTP auth "accidentally" worked before this cleanup since the code would always overwrite the connection credentials with the credentials from the most recent transfer and since HTTP auth is typically done first thing, this has not been an issue. It was still wrong and subject to possible race conditions or future breakage if the sequence of functions would change. The data.set.str[] strings MUST remain unmodified exactly as set by the user, and the credentials to use internally are instead set/updated in state.aptr.* Added test 675 to verify different credentials used in two requests done over a reused HTTP connection, which previously behaved wrongly. Fixes #6542 Closes #6545
show more ...
|
Revision tags: curl-7_75_0 |
|
#
796ce293 |
| 25-Jan-2021 |
Dmitry Wagin |
http: improve AWS HTTP v4 Signature auth - Add support services without region and service prefixes in the URL endpoint (ex. Min.IO, GCP, Yandex Cloud, Mail.Ru Cloud Solutions, etc)
http: improve AWS HTTP v4 Signature auth - Add support services without region and service prefixes in the URL endpoint (ex. Min.IO, GCP, Yandex Cloud, Mail.Ru Cloud Solutions, etc) by providing region and service parameters via aws-sigv4 option. - Add [:region[:service]] suffix to aws-sigv4 option; - Fix memory allocation errors. - Refactor memory management. - Use Curl_http_method instead() STRING_CUSTOMREQUEST. - Refactor canonical headers generating. - Remove repeated sha256_to_hex() usage. - Add some docs fixes. - Add some codestyle fixes. - Add overloaded strndup() for debug - curl_dbg_strndup(). - Update tests. Closes #6524
show more ...
|
#
ecb13416 |
| 20-Jan-2021 |
Patrick Monnerat |
lib: remove conn->data uses Closes #6499
|
#
215db086 |
| 08-Jan-2021 |
Daniel Stenberg |
lib: pass in 'struct Curl_easy *' to most functions ... in most cases instead of 'struct connectdata *' but in some cases in addition to. - We mostly operate on transfers and no
lib: pass in 'struct Curl_easy *' to most functions ... in most cases instead of 'struct connectdata *' but in some cases in addition to. - We mostly operate on transfers and not connections. - We need the transfer handle to log, store data and more. Everything in libcurl is driven by a transfer (the CURL * in the public API). - This work clarifies and separates the transfers from the connections better. - We should avoid "conn->data". Since individual connections can be used by many transfers when multiplexing, making sure that conn->data points to the current and correct transfer at all times is difficult and has been notoriously error-prone over the years. The goal is to ultimately remove the conn->data pointer for this reason. Closes #6425
show more ...
|
#
8ab78f72 |
| 26-Dec-2020 |
Daniel Stenberg |
misc: fix "warning: empty expression statement has no effect" Turned several macros into do-while(0) style to allow their use to work find with semicolon. Bug: https://github.co
misc: fix "warning: empty expression statement has no effect" Turned several macros into do-while(0) style to allow their use to work find with semicolon. Bug: https://github.com/curl/curl/commit/08e8455dddc5e48e58a12ade3815c01ae3da3b64#commitcomment-45433279 Follow-up to 08e8455dddc5e4 Reported-by: Gisle Vanem Closes #6376
show more ...
|
Revision tags: curl-7_74_0, curl-7_73_0, tiny-curl-7_72_0, curl-7_72_0 |
|
#
08e8455d |
| 09-Jul-2020 |
Matthias Gatto |
http: introduce AWS HTTP v4 Signature It is a security process for HTTP. It doesn't seems to be standard, but it is used by some cloud providers. Aws: https://docs.aws.
http: introduce AWS HTTP v4 Signature It is a security process for HTTP. It doesn't seems to be standard, but it is used by some cloud providers. Aws: https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html Outscale: https://wiki.outscale.net/display/EN/Creating+a+Canonical+Request GCP (I didn't test that this code work with GCP though): https://cloud.google.com/storage/docs/access-control/signing-urls-manually most of the code is in lib/http_v4_signature.c Information require by the algorithm: - The URL - Current time - some prefix that are append to some of the signature parameters. The data extracted from the URL are: the URI, the region, the host and the API type example: https://api.eu-west-2.outscale.com/api/latest/ReadNets ~~~ ~~~~~~~~ ~~~~~~~~~~~~~~~~~~~ ^ ^ ^ / \ URI API type region Small description of the algorithm: - make canonical header using content type, the host, and the date - hash the post data - make canonical_request using custom request, the URI, the get data, the canonical header, the signed header and post data hash - hash canonical_request - make str_to_sign using one of the prefix pass in parameter, the date, the credential scope and the canonical_request hash - compute hmac from date, using secret key as key. - compute hmac from region, using above hmac as key - compute hmac from api_type, using above hmac as key - compute hmac from request_type, using above hmac as key - compute hmac from str_to_sign using above hmac as key - create Authorization header using above hmac, prefix pass in parameter, the date, and above hash Signed-off-by: Matthias Gatto <matthias.gatto@outscale.com> Closes #5703
show more ...
|