aboutsummaryrefslogtreecommitdiffstats
path: root/contrib/restricted/aws/aws-c-cal
diff options
context:
space:
mode:
authororivej <orivej@yandex-team.ru>2022-02-10 16:44:49 +0300
committerDaniil Cherednik <dcherednik@yandex-team.ru>2022-02-10 16:44:49 +0300
commit718c552901d703c502ccbefdfc3c9028d608b947 (patch)
tree46534a98bbefcd7b1f3faa5b52c138ab27db75b7 /contrib/restricted/aws/aws-c-cal
parente9656aae26e0358d5378e5b63dcac5c8dbe0e4d0 (diff)
downloadydb-718c552901d703c502ccbefdfc3c9028d608b947.tar.gz
Restoring authorship annotation for <orivej@yandex-team.ru>. Commit 1 of 2.
Diffstat (limited to 'contrib/restricted/aws/aws-c-cal')
-rw-r--r--contrib/restricted/aws/aws-c-cal/CODE_OF_CONDUCT.md8
-rw-r--r--contrib/restricted/aws/aws-c-cal/CONTRIBUTING.md122
-rw-r--r--contrib/restricted/aws/aws-c-cal/LICENSE350
-rw-r--r--contrib/restricted/aws/aws-c-cal/NOTICE6
-rw-r--r--contrib/restricted/aws/aws-c-cal/README.md182
-rw-r--r--contrib/restricted/aws/aws-c-cal/include/aws/cal/cal.h70
-rw-r--r--contrib/restricted/aws/aws-c-cal/include/aws/cal/ecc.h354
-rw-r--r--contrib/restricted/aws/aws-c-cal/include/aws/cal/exports.h56
-rw-r--r--contrib/restricted/aws/aws-c-cal/include/aws/cal/hash.h214
-rw-r--r--contrib/restricted/aws/aws-c-cal/include/aws/cal/hmac.h168
-rw-r--r--contrib/restricted/aws/aws-c-cal/include/aws/cal/private/der.h436
-rw-r--r--contrib/restricted/aws/aws-c-cal/include/aws/cal/private/ecc.h50
-rw-r--r--contrib/restricted/aws/aws-c-cal/include/aws/cal/private/opensslcrypto_common.h92
-rw-r--r--contrib/restricted/aws/aws-c-cal/source/cal.c126
-rw-r--r--contrib/restricted/aws/aws-c-cal/source/der.c1002
-rw-r--r--contrib/restricted/aws/aws-c-cal/source/ecc.c538
-rw-r--r--contrib/restricted/aws/aws-c-cal/source/hash.c220
-rw-r--r--contrib/restricted/aws/aws-c-cal/source/hmac.c174
-rw-r--r--contrib/restricted/aws/aws-c-cal/source/unix/openssl_platform_init.c834
-rw-r--r--contrib/restricted/aws/aws-c-cal/source/unix/opensslcrypto_ecc.c748
-rw-r--r--contrib/restricted/aws/aws-c-cal/source/unix/opensslcrypto_hash.c278
-rw-r--r--contrib/restricted/aws/aws-c-cal/source/unix/opensslcrypto_hmac.c244
-rw-r--r--contrib/restricted/aws/aws-c-cal/ya.make70
23 files changed, 3171 insertions, 3171 deletions
diff --git a/contrib/restricted/aws/aws-c-cal/CODE_OF_CONDUCT.md b/contrib/restricted/aws/aws-c-cal/CODE_OF_CONDUCT.md
index 5b627cfa60..0f2daadff8 100644
--- a/contrib/restricted/aws/aws-c-cal/CODE_OF_CONDUCT.md
+++ b/contrib/restricted/aws/aws-c-cal/CODE_OF_CONDUCT.md
@@ -1,4 +1,4 @@
-## Code of Conduct
-This project has adopted the [Amazon Open Source Code of Conduct](https://aws.github.io/code-of-conduct).
-For more information see the [Code of Conduct FAQ](https://aws.github.io/code-of-conduct-faq) or contact
-opensource-codeofconduct@amazon.com with any additional questions or comments.
+## Code of Conduct
+This project has adopted the [Amazon Open Source Code of Conduct](https://aws.github.io/code-of-conduct).
+For more information see the [Code of Conduct FAQ](https://aws.github.io/code-of-conduct-faq) or contact
+opensource-codeofconduct@amazon.com with any additional questions or comments.
diff --git a/contrib/restricted/aws/aws-c-cal/CONTRIBUTING.md b/contrib/restricted/aws/aws-c-cal/CONTRIBUTING.md
index 2b96875d0a..df41e21bca 100644
--- a/contrib/restricted/aws/aws-c-cal/CONTRIBUTING.md
+++ b/contrib/restricted/aws/aws-c-cal/CONTRIBUTING.md
@@ -1,61 +1,61 @@
-# Contributing Guidelines
-
-Thank you for your interest in contributing to our project. Whether it's a bug report, new feature, correction, or additional
-documentation, we greatly value feedback and contributions from our community.
-
-Please read through this document before submitting any issues or pull requests to ensure we have all the necessary
-information to effectively respond to your bug report or contribution.
-
-
-## Reporting Bugs/Feature Requests
-
-We welcome you to use the GitHub issue tracker to report bugs or suggest features.
-
-When filing an issue, please check [existing open](https://github.com/awslabs/aws-c-cal/issues), or [recently closed](https://github.com/awslabs/aws-c-cal/issues?utf8=%E2%9C%93&q=is%3Aissue%20is%3Aclosed%20), issues to make sure somebody else hasn't already
-reported the issue. Please try to include as much information as you can. Details like these are incredibly useful:
-
-* A reproducible test case or series of steps
-* The version of our code being used
-* Any modifications you've made relevant to the bug
-* Anything unusual about your environment or deployment
-
-
-## Contributing via Pull Requests
-Contributions via pull requests are much appreciated. Before sending us a pull request, please ensure that:
-
-1. You are working against the latest source on the *master* branch.
-2. You check existing open, and recently merged, pull requests to make sure someone else hasn't addressed the problem already.
-3. You open an issue to discuss any significant work - we would hate for your time to be wasted.
-
-To send us a pull request, please:
-
-1. Fork the repository.
-2. Modify the source; please focus on the specific change you are contributing. If you also reformat all the code, it will be hard for us to focus on your change.
-3. Ensure local tests pass.
-4. Commit to your fork using clear commit messages.
-5. Send us a pull request, answering any default questions in the pull request interface.
-6. Pay attention to any automated CI failures reported in the pull request, and stay involved in the conversation.
-
-GitHub provides additional document on [forking a repository](https://help.github.com/articles/fork-a-repo/) and
-[creating a pull request](https://help.github.com/articles/creating-a-pull-request/).
-
-
-## Finding contributions to work on
-Looking at the existing issues is a great way to find something to contribute on. As our projects, by default, use the default GitHub issue labels (enhancement/bug/duplicate/help wanted/invalid/question/wontfix), looking at any ['help wanted'](https://github.com/awslabs/aws-c-cal/labels/help%20wanted) issues is a great place to start.
-
-
-## Code of Conduct
-This project has adopted the [Amazon Open Source Code of Conduct](https://aws.github.io/code-of-conduct).
-For more information see the [Code of Conduct FAQ](https://aws.github.io/code-of-conduct-faq) or contact
-opensource-codeofconduct@amazon.com with any additional questions or comments.
-
-
-## Security issue notifications
-If you discover a potential security issue in this project we ask that you notify AWS/Amazon Security via our [vulnerability reporting page](http://aws.amazon.com/security/vulnerability-reporting/). Please do **not** create a public github issue.
-
-
-## Licensing
-
-See the [LICENSE](https://github.com/awslabs/aws-c-cal/blob/master/LICENSE) file for our project's licensing. We will ask you to confirm the licensing of your contribution.
-
-We may ask you to sign a [Contributor License Agreement (CLA)](http://en.wikipedia.org/wiki/Contributor_License_Agreement) for larger changes.
+# Contributing Guidelines
+
+Thank you for your interest in contributing to our project. Whether it's a bug report, new feature, correction, or additional
+documentation, we greatly value feedback and contributions from our community.
+
+Please read through this document before submitting any issues or pull requests to ensure we have all the necessary
+information to effectively respond to your bug report or contribution.
+
+
+## Reporting Bugs/Feature Requests
+
+We welcome you to use the GitHub issue tracker to report bugs or suggest features.
+
+When filing an issue, please check [existing open](https://github.com/awslabs/aws-c-cal/issues), or [recently closed](https://github.com/awslabs/aws-c-cal/issues?utf8=%E2%9C%93&q=is%3Aissue%20is%3Aclosed%20), issues to make sure somebody else hasn't already
+reported the issue. Please try to include as much information as you can. Details like these are incredibly useful:
+
+* A reproducible test case or series of steps
+* The version of our code being used
+* Any modifications you've made relevant to the bug
+* Anything unusual about your environment or deployment
+
+
+## Contributing via Pull Requests
+Contributions via pull requests are much appreciated. Before sending us a pull request, please ensure that:
+
+1. You are working against the latest source on the *master* branch.
+2. You check existing open, and recently merged, pull requests to make sure someone else hasn't addressed the problem already.
+3. You open an issue to discuss any significant work - we would hate for your time to be wasted.
+
+To send us a pull request, please:
+
+1. Fork the repository.
+2. Modify the source; please focus on the specific change you are contributing. If you also reformat all the code, it will be hard for us to focus on your change.
+3. Ensure local tests pass.
+4. Commit to your fork using clear commit messages.
+5. Send us a pull request, answering any default questions in the pull request interface.
+6. Pay attention to any automated CI failures reported in the pull request, and stay involved in the conversation.
+
+GitHub provides additional document on [forking a repository](https://help.github.com/articles/fork-a-repo/) and
+[creating a pull request](https://help.github.com/articles/creating-a-pull-request/).
+
+
+## Finding contributions to work on
+Looking at the existing issues is a great way to find something to contribute on. As our projects, by default, use the default GitHub issue labels (enhancement/bug/duplicate/help wanted/invalid/question/wontfix), looking at any ['help wanted'](https://github.com/awslabs/aws-c-cal/labels/help%20wanted) issues is a great place to start.
+
+
+## Code of Conduct
+This project has adopted the [Amazon Open Source Code of Conduct](https://aws.github.io/code-of-conduct).
+For more information see the [Code of Conduct FAQ](https://aws.github.io/code-of-conduct-faq) or contact
+opensource-codeofconduct@amazon.com with any additional questions or comments.
+
+
+## Security issue notifications
+If you discover a potential security issue in this project we ask that you notify AWS/Amazon Security via our [vulnerability reporting page](http://aws.amazon.com/security/vulnerability-reporting/). Please do **not** create a public github issue.
+
+
+## Licensing
+
+See the [LICENSE](https://github.com/awslabs/aws-c-cal/blob/master/LICENSE) file for our project's licensing. We will ask you to confirm the licensing of your contribution.
+
+We may ask you to sign a [Contributor License Agreement (CLA)](http://en.wikipedia.org/wiki/Contributor_License_Agreement) for larger changes.
diff --git a/contrib/restricted/aws/aws-c-cal/LICENSE b/contrib/restricted/aws/aws-c-cal/LICENSE
index 67db858821..a81c6e3602 100644
--- a/contrib/restricted/aws/aws-c-cal/LICENSE
+++ b/contrib/restricted/aws/aws-c-cal/LICENSE
@@ -1,175 +1,175 @@
-
- Apache License
- Version 2.0, January 2004
- http://www.apache.org/licenses/
-
- TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
-
- 1. Definitions.
-
- "License" shall mean the terms and conditions for use, reproduction,
- and distribution as defined by Sections 1 through 9 of this document.
-
- "Licensor" shall mean the copyright owner or entity authorized by
- the copyright owner that is granting the License.
-
- "Legal Entity" shall mean the union of the acting entity and all
- other entities that control, are controlled by, or are under common
- control with that entity. For the purposes of this definition,
- "control" means (i) the power, direct or indirect, to cause the
- direction or management of such entity, whether by contract or
- otherwise, or (ii) ownership of fifty percent (50%) or more of the
- outstanding shares, or (iii) beneficial ownership of such entity.
-
- "You" (or "Your") shall mean an individual or Legal Entity
- exercising permissions granted by this License.
-
- "Source" form shall mean the preferred form for making modifications,
- including but not limited to software source code, documentation
- source, and configuration files.
-
- "Object" form shall mean any form resulting from mechanical
- transformation or translation of a Source form, including but
- not limited to compiled object code, generated documentation,
- and conversions to other media types.
-
- "Work" shall mean the work of authorship, whether in Source or
- Object form, made available under the License, as indicated by a
- copyright notice that is included in or attached to the work
- (an example is provided in the Appendix below).
-
- "Derivative Works" shall mean any work, whether in Source or Object
- form, that is based on (or derived from) the Work and for which the
- editorial revisions, annotations, elaborations, or other modifications
- represent, as a whole, an original work of authorship. For the purposes
- of this License, Derivative Works shall not include works that remain
- separable from, or merely link (or bind by name) to the interfaces of,
- the Work and Derivative Works thereof.
-
- "Contribution" shall mean any work of authorship, including
- the original version of the Work and any modifications or additions
- to that Work or Derivative Works thereof, that is intentionally
- submitted to Licensor for inclusion in the Work by the copyright owner
- or by an individual or Legal Entity authorized to submit on behalf of
- the copyright owner. For the purposes of this definition, "submitted"
- means any form of electronic, verbal, or written communication sent
- to the Licensor or its representatives, including but not limited to
- communication on electronic mailing lists, source code control systems,
- and issue tracking systems that are managed by, or on behalf of, the
- Licensor for the purpose of discussing and improving the Work, but
- excluding communication that is conspicuously marked or otherwise
- designated in writing by the copyright owner as "Not a Contribution."
-
- "Contributor" shall mean Licensor and any individual or Legal Entity
- on behalf of whom a Contribution has been received by Licensor and
- subsequently incorporated within the Work.
-
- 2. Grant of Copyright License. Subject to the terms and conditions of
- this License, each Contributor hereby grants to You a perpetual,
- worldwide, non-exclusive, no-charge, royalty-free, irrevocable
- copyright license to reproduce, prepare Derivative Works of,
- publicly display, publicly perform, sublicense, and distribute the
- Work and such Derivative Works in Source or Object form.
-
- 3. Grant of Patent License. Subject to the terms and conditions of
- this License, each Contributor hereby grants to You a perpetual,
- worldwide, non-exclusive, no-charge, royalty-free, irrevocable
- (except as stated in this section) patent license to make, have made,
- use, offer to sell, sell, import, and otherwise transfer the Work,
- where such license applies only to those patent claims licensable
- by such Contributor that are necessarily infringed by their
- Contribution(s) alone or by combination of their Contribution(s)
- with the Work to which such Contribution(s) was submitted. If You
- institute patent litigation against any entity (including a
- cross-claim or counterclaim in a lawsuit) alleging that the Work
- or a Contribution incorporated within the Work constitutes direct
- or contributory patent infringement, then any patent licenses
- granted to You under this License for that Work shall terminate
- as of the date such litigation is filed.
-
- 4. Redistribution. You may reproduce and distribute copies of the
- Work or Derivative Works thereof in any medium, with or without
- modifications, and in Source or Object form, provided that You
- meet the following conditions:
-
- (a) You must give any other recipients of the Work or
- Derivative Works a copy of this License; and
-
- (b) You must cause any modified files to carry prominent notices
- stating that You changed the files; and
-
- (c) You must retain, in the Source form of any Derivative Works
- that You distribute, all copyright, patent, trademark, and
- attribution notices from the Source form of the Work,
- excluding those notices that do not pertain to any part of
- the Derivative Works; and
-
- (d) If the Work includes a "NOTICE" text file as part of its
- distribution, then any Derivative Works that You distribute must
- include a readable copy of the attribution notices contained
- within such NOTICE file, excluding those notices that do not
- pertain to any part of the Derivative Works, in at least one
- of the following places: within a NOTICE text file distributed
- as part of the Derivative Works; within the Source form or
- documentation, if provided along with the Derivative Works; or,
- within a display generated by the Derivative Works, if and
- wherever such third-party notices normally appear. The contents
- of the NOTICE file are for informational purposes only and
- do not modify the License. You may add Your own attribution
- notices within Derivative Works that You distribute, alongside
- or as an addendum to the NOTICE text from the Work, provided
- that such additional attribution notices cannot be construed
- as modifying the License.
-
- You may add Your own copyright statement to Your modifications and
- may provide additional or different license terms and conditions
- for use, reproduction, or distribution of Your modifications, or
- for any such Derivative Works as a whole, provided Your use,
- reproduction, and distribution of the Work otherwise complies with
- the conditions stated in this License.
-
- 5. Submission of Contributions. Unless You explicitly state otherwise,
- any Contribution intentionally submitted for inclusion in the Work
- by You to the Licensor shall be under the terms and conditions of
- this License, without any additional terms or conditions.
- Notwithstanding the above, nothing herein shall supersede or modify
- the terms of any separate license agreement you may have executed
- with Licensor regarding such Contributions.
-
- 6. Trademarks. This License does not grant permission to use the trade
- names, trademarks, service marks, or product names of the Licensor,
- except as required for reasonable and customary use in describing the
- origin of the Work and reproducing the content of the NOTICE file.
-
- 7. Disclaimer of Warranty. Unless required by applicable law or
- agreed to in writing, Licensor provides the Work (and each
- Contributor provides its Contributions) on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
- implied, including, without limitation, any warranties or conditions
- of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
- PARTICULAR PURPOSE. You are solely responsible for determining the
- appropriateness of using or redistributing the Work and assume any
- risks associated with Your exercise of permissions under this License.
-
- 8. Limitation of Liability. In no event and under no legal theory,
- whether in tort (including negligence), contract, or otherwise,
- unless required by applicable law (such as deliberate and grossly
- negligent acts) or agreed to in writing, shall any Contributor be
- liable to You for damages, including any direct, indirect, special,
- incidental, or consequential damages of any character arising as a
- result of this License or out of the use or inability to use the
- Work (including but not limited to damages for loss of goodwill,
- work stoppage, computer failure or malfunction, or any and all
- other commercial damages or losses), even if such Contributor
- has been advised of the possibility of such damages.
-
- 9. Accepting Warranty or Additional Liability. While redistributing
- the Work or Derivative Works thereof, You may choose to offer,
- and charge a fee for, acceptance of support, warranty, indemnity,
- or other liability obligations and/or rights consistent with this
- License. However, in accepting such obligations, You may act only
- on Your own behalf and on Your sole responsibility, not on behalf
- of any other Contributor, and only if You agree to indemnify,
- defend, and hold each Contributor harmless for any liability
- incurred by, or claims asserted against, such Contributor by reason
- of your accepting any such warranty or additional liability.
+
+ Apache License
+ Version 2.0, January 2004
+ http://www.apache.org/licenses/
+
+ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+ 1. Definitions.
+
+ "License" shall mean the terms and conditions for use, reproduction,
+ and distribution as defined by Sections 1 through 9 of this document.
+
+ "Licensor" shall mean the copyright owner or entity authorized by
+ the copyright owner that is granting the License.
+
+ "Legal Entity" shall mean the union of the acting entity and all
+ other entities that control, are controlled by, or are under common
+ control with that entity. For the purposes of this definition,
+ "control" means (i) the power, direct or indirect, to cause the
+ direction or management of such entity, whether by contract or
+ otherwise, or (ii) ownership of fifty percent (50%) or more of the
+ outstanding shares, or (iii) beneficial ownership of such entity.
+
+ "You" (or "Your") shall mean an individual or Legal Entity
+ exercising permissions granted by this License.
+
+ "Source" form shall mean the preferred form for making modifications,
+ including but not limited to software source code, documentation
+ source, and configuration files.
+
+ "Object" form shall mean any form resulting from mechanical
+ transformation or translation of a Source form, including but
+ not limited to compiled object code, generated documentation,
+ and conversions to other media types.
+
+ "Work" shall mean the work of authorship, whether in Source or
+ Object form, made available under the License, as indicated by a
+ copyright notice that is included in or attached to the work
+ (an example is provided in the Appendix below).
+
+ "Derivative Works" shall mean any work, whether in Source or Object
+ form, that is based on (or derived from) the Work and for which the
+ editorial revisions, annotations, elaborations, or other modifications
+ represent, as a whole, an original work of authorship. For the purposes
+ of this License, Derivative Works shall not include works that remain
+ separable from, or merely link (or bind by name) to the interfaces of,
+ the Work and Derivative Works thereof.
+
+ "Contribution" shall mean any work of authorship, including
+ the original version of the Work and any modifications or additions
+ to that Work or Derivative Works thereof, that is intentionally
+ submitted to Licensor for inclusion in the Work by the copyright owner
+ or by an individual or Legal Entity authorized to submit on behalf of
+ the copyright owner. For the purposes of this definition, "submitted"
+ means any form of electronic, verbal, or written communication sent
+ to the Licensor or its representatives, including but not limited to
+ communication on electronic mailing lists, source code control systems,
+ and issue tracking systems that are managed by, or on behalf of, the
+ Licensor for the purpose of discussing and improving the Work, but
+ excluding communication that is conspicuously marked or otherwise
+ designated in writing by the copyright owner as "Not a Contribution."
+
+ "Contributor" shall mean Licensor and any individual or Legal Entity
+ on behalf of whom a Contribution has been received by Licensor and
+ subsequently incorporated within the Work.
+
+ 2. Grant of Copyright License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ copyright license to reproduce, prepare Derivative Works of,
+ publicly display, publicly perform, sublicense, and distribute the
+ Work and such Derivative Works in Source or Object form.
+
+ 3. Grant of Patent License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ (except as stated in this section) patent license to make, have made,
+ use, offer to sell, sell, import, and otherwise transfer the Work,
+ where such license applies only to those patent claims licensable
+ by such Contributor that are necessarily infringed by their
+ Contribution(s) alone or by combination of their Contribution(s)
+ with the Work to which such Contribution(s) was submitted. If You
+ institute patent litigation against any entity (including a
+ cross-claim or counterclaim in a lawsuit) alleging that the Work
+ or a Contribution incorporated within the Work constitutes direct
+ or contributory patent infringement, then any patent licenses
+ granted to You under this License for that Work shall terminate
+ as of the date such litigation is filed.
+
+ 4. Redistribution. You may reproduce and distribute copies of the
+ Work or Derivative Works thereof in any medium, with or without
+ modifications, and in Source or Object form, provided that You
+ meet the following conditions:
+
+ (a) You must give any other recipients of the Work or
+ Derivative Works a copy of this License; and
+
+ (b) You must cause any modified files to carry prominent notices
+ stating that You changed the files; and
+
+ (c) You must retain, in the Source form of any Derivative Works
+ that You distribute, all copyright, patent, trademark, and
+ attribution notices from the Source form of the Work,
+ excluding those notices that do not pertain to any part of
+ the Derivative Works; and
+
+ (d) If the Work includes a "NOTICE" text file as part of its
+ distribution, then any Derivative Works that You distribute must
+ include a readable copy of the attribution notices contained
+ within such NOTICE file, excluding those notices that do not
+ pertain to any part of the Derivative Works, in at least one
+ of the following places: within a NOTICE text file distributed
+ as part of the Derivative Works; within the Source form or
+ documentation, if provided along with the Derivative Works; or,
+ within a display generated by the Derivative Works, if and
+ wherever such third-party notices normally appear. The contents
+ of the NOTICE file are for informational purposes only and
+ do not modify the License. You may add Your own attribution
+ notices within Derivative Works that You distribute, alongside
+ or as an addendum to the NOTICE text from the Work, provided
+ that such additional attribution notices cannot be construed
+ as modifying the License.
+
+ You may add Your own copyright statement to Your modifications and
+ may provide additional or different license terms and conditions
+ for use, reproduction, or distribution of Your modifications, or
+ for any such Derivative Works as a whole, provided Your use,
+ reproduction, and distribution of the Work otherwise complies with
+ the conditions stated in this License.
+
+ 5. Submission of Contributions. Unless You explicitly state otherwise,
+ any Contribution intentionally submitted for inclusion in the Work
+ by You to the Licensor shall be under the terms and conditions of
+ this License, without any additional terms or conditions.
+ Notwithstanding the above, nothing herein shall supersede or modify
+ the terms of any separate license agreement you may have executed
+ with Licensor regarding such Contributions.
+
+ 6. Trademarks. This License does not grant permission to use the trade
+ names, trademarks, service marks, or product names of the Licensor,
+ except as required for reasonable and customary use in describing the
+ origin of the Work and reproducing the content of the NOTICE file.
+
+ 7. Disclaimer of Warranty. Unless required by applicable law or
+ agreed to in writing, Licensor provides the Work (and each
+ Contributor provides its Contributions) on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+ implied, including, without limitation, any warranties or conditions
+ of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+ PARTICULAR PURPOSE. You are solely responsible for determining the
+ appropriateness of using or redistributing the Work and assume any
+ risks associated with Your exercise of permissions under this License.
+
+ 8. Limitation of Liability. In no event and under no legal theory,
+ whether in tort (including negligence), contract, or otherwise,
+ unless required by applicable law (such as deliberate and grossly
+ negligent acts) or agreed to in writing, shall any Contributor be
+ liable to You for damages, including any direct, indirect, special,
+ incidental, or consequential damages of any character arising as a
+ result of this License or out of the use or inability to use the
+ Work (including but not limited to damages for loss of goodwill,
+ work stoppage, computer failure or malfunction, or any and all
+ other commercial damages or losses), even if such Contributor
+ has been advised of the possibility of such damages.
+
+ 9. Accepting Warranty or Additional Liability. While redistributing
+ the Work or Derivative Works thereof, You may choose to offer,
+ and charge a fee for, acceptance of support, warranty, indemnity,
+ or other liability obligations and/or rights consistent with this
+ License. However, in accepting such obligations, You may act only
+ on Your own behalf and on Your sole responsibility, not on behalf
+ of any other Contributor, and only if You agree to indemnify,
+ defend, and hold each Contributor harmless for any liability
+ incurred by, or claims asserted against, such Contributor by reason
+ of your accepting any such warranty or additional liability.
diff --git a/contrib/restricted/aws/aws-c-cal/NOTICE b/contrib/restricted/aws/aws-c-cal/NOTICE
index df81ba71af..174f100068 100644
--- a/contrib/restricted/aws/aws-c-cal/NOTICE
+++ b/contrib/restricted/aws/aws-c-cal/NOTICE
@@ -1,3 +1,3 @@
-AWS C Cal
-Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
-SPDX-License-Identifier: Apache-2.0.
+AWS C Cal
+Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+SPDX-License-Identifier: Apache-2.0.
diff --git a/contrib/restricted/aws/aws-c-cal/README.md b/contrib/restricted/aws/aws-c-cal/README.md
index 78f2b8a919..de2ac340ab 100644
--- a/contrib/restricted/aws/aws-c-cal/README.md
+++ b/contrib/restricted/aws/aws-c-cal/README.md
@@ -1,91 +1,91 @@
-## AWS C Cal
-
-AWS Crypto Abstraction Layer: Cross-Platform, C99 wrapper for cryptography primitives.
-
-## License
-
-This library is licensed under the Apache 2.0 License.
-
-## Supported Platforms
-* Windows (Vista and Later)
-* Apple
-* Unix (via OpenSSL compatible libcrypto)
-
-## Build Instructions
-Since this project builds with CMake, you can build with whichever tool you prefer. Here, we show make for simplicity. You can
-use Visual Studio, XCode, or whatever you'd like via the -G option.
-
-```
-git clone git@github.com:awslabs/aws-c-common
-mkdir aws-c-common-build
-cd aws-c-common-build
-cmake -DCMAKE_PREFIX_PATH=<install path> -DCMAKE_INSTALL_PREFIX=<install path> ../aws-c-common
-make
-make test
-make install
-
-cd ..
-git clone git@github.com:awslabs/aws-c-cal
-mkdir aws-c-cal-build
-cd aws-c-cal-build
-cmake -DCMAKE_PREFIX_PATH=<install path> -DCMAKE_INSTALL_PREFIX=<install path> ../aws-c-cal
-make
-make test
-make install
-````
-
-## Currently provided algorithms
-
-### Hashes
-#### MD5
-##### Streaming
-````
-struct aws_hash *hash = aws_md5_new(allocator);
-aws_hash_update(hash, &your_buffer);
-aws_hash_finalize(hash, &output_buffer, 0);
-aws_hash_destroy(hash);
-````
-
-##### One-Shot
-````
-aws_md5_compute(allocator, &your_buffer, &output_buffer, 0);
-````
-
-#### SHA256
-##### Streaming
-````
-struct aws_hash *hash = aws_sha256_new(allocator);
-aws_hash_update(hash, &your_buffer);
-aws_hash_finalize(hash, &output_buffer, 0);
-aws_hash_destroy(hash);
-````
-
-##### One-Shot
-````
-aws_sha256_compute(allocator, &your_buffer, &output_buffer, 0);
-````
-
-### HMAC
-#### SHA256 HMAC
-##### Streaming
-````
-struct aws_hmac *hmac = aws_sha256_hmac_new(allocator, &secret_buf);
-aws_hmac_update(hmac, &your_buffer);
-aws_hmac_finalize(hmac, &output_buffer, 0);
-aws_hmac_destroy(hmac);
-````
-
-##### One-Shot
-````
-aws_sha256_hmac_compute(allocator, &secret_buf, &your_buffer, &output_buffer, 0);
-````
-
-## FAQ
-### I want more algorithms, what do I do?
-Great! So do we! At a minimum, file an issue letting us know. If you want to file a Pull Request, we'd be happy to review and merge it when it's ready.
-### Who should consume this package directly?
-Are you writing C directly? Then you should.
-Are you using any other programming language? This functionality will be exposed via that language specific crt packages.
-### I found a security vulnerability in this package. What do I do?
-Due to the fact that this package is specifically performing cryptographic operations, please don't file a public issue. Instead, email aws-sdk-common-runtime@amazon.com, and we'll work with you directly.
-
+## AWS C Cal
+
+AWS Crypto Abstraction Layer: Cross-Platform, C99 wrapper for cryptography primitives.
+
+## License
+
+This library is licensed under the Apache 2.0 License.
+
+## Supported Platforms
+* Windows (Vista and Later)
+* Apple
+* Unix (via OpenSSL compatible libcrypto)
+
+## Build Instructions
+Since this project builds with CMake, you can build with whichever tool you prefer. Here, we show make for simplicity. You can
+use Visual Studio, XCode, or whatever you'd like via the -G option.
+
+```
+git clone git@github.com:awslabs/aws-c-common
+mkdir aws-c-common-build
+cd aws-c-common-build
+cmake -DCMAKE_PREFIX_PATH=<install path> -DCMAKE_INSTALL_PREFIX=<install path> ../aws-c-common
+make
+make test
+make install
+
+cd ..
+git clone git@github.com:awslabs/aws-c-cal
+mkdir aws-c-cal-build
+cd aws-c-cal-build
+cmake -DCMAKE_PREFIX_PATH=<install path> -DCMAKE_INSTALL_PREFIX=<install path> ../aws-c-cal
+make
+make test
+make install
+````
+
+## Currently provided algorithms
+
+### Hashes
+#### MD5
+##### Streaming
+````
+struct aws_hash *hash = aws_md5_new(allocator);
+aws_hash_update(hash, &your_buffer);
+aws_hash_finalize(hash, &output_buffer, 0);
+aws_hash_destroy(hash);
+````
+
+##### One-Shot
+````
+aws_md5_compute(allocator, &your_buffer, &output_buffer, 0);
+````
+
+#### SHA256
+##### Streaming
+````
+struct aws_hash *hash = aws_sha256_new(allocator);
+aws_hash_update(hash, &your_buffer);
+aws_hash_finalize(hash, &output_buffer, 0);
+aws_hash_destroy(hash);
+````
+
+##### One-Shot
+````
+aws_sha256_compute(allocator, &your_buffer, &output_buffer, 0);
+````
+
+### HMAC
+#### SHA256 HMAC
+##### Streaming
+````
+struct aws_hmac *hmac = aws_sha256_hmac_new(allocator, &secret_buf);
+aws_hmac_update(hmac, &your_buffer);
+aws_hmac_finalize(hmac, &output_buffer, 0);
+aws_hmac_destroy(hmac);
+````
+
+##### One-Shot
+````
+aws_sha256_hmac_compute(allocator, &secret_buf, &your_buffer, &output_buffer, 0);
+````
+
+## FAQ
+### I want more algorithms, what do I do?
+Great! So do we! At a minimum, file an issue letting us know. If you want to file a Pull Request, we'd be happy to review and merge it when it's ready.
+### Who should consume this package directly?
+Are you writing C directly? Then you should.
+Are you using any other programming language? This functionality will be exposed via that language specific crt packages.
+### I found a security vulnerability in this package. What do I do?
+Due to the fact that this package is specifically performing cryptographic operations, please don't file a public issue. Instead, email aws-sdk-common-runtime@amazon.com, and we'll work with you directly.
+
diff --git a/contrib/restricted/aws/aws-c-cal/include/aws/cal/cal.h b/contrib/restricted/aws/aws-c-cal/include/aws/cal/cal.h
index 8c6986842b..f266f18c4c 100644
--- a/contrib/restricted/aws/aws-c-cal/include/aws/cal/cal.h
+++ b/contrib/restricted/aws/aws-c-cal/include/aws/cal/cal.h
@@ -1,35 +1,35 @@
-#ifndef AWS_CAL_CAL_H
-#define AWS_CAL_CAL_H
-/**
- * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
- * SPDX-License-Identifier: Apache-2.0.
- */
-
-#include <aws/common/common.h>
-
-#include <aws/cal/exports.h>
-
-struct aws_allocator;
-
-#define AWS_C_CAL_PACKAGE_ID 7
-
-enum aws_cal_errors {
- AWS_ERROR_CAL_SIGNATURE_VALIDATION_FAILED = AWS_ERROR_ENUM_BEGIN_RANGE(AWS_C_CAL_PACKAGE_ID),
- AWS_ERROR_CAL_MISSING_REQUIRED_KEY_COMPONENT,
- AWS_ERROR_CAL_INVALID_KEY_LENGTH_FOR_ALGORITHM,
- AWS_ERROR_CAL_UNKNOWN_OBJECT_IDENTIFIER,
- AWS_ERROR_CAL_MALFORMED_ASN1_ENCOUNTERED,
- AWS_ERROR_CAL_MISMATCHED_DER_TYPE,
- AWS_ERROR_CAL_UNSUPPORTED_ALGORITHM,
-
- AWS_ERROR_CAL_END_RANGE = AWS_ERROR_ENUM_END_RANGE(AWS_C_CAL_PACKAGE_ID)
-};
-
-AWS_EXTERN_C_BEGIN
-
-AWS_CAL_API void aws_cal_library_init(struct aws_allocator *allocator);
-AWS_CAL_API void aws_cal_library_clean_up(void);
-
-AWS_EXTERN_C_END
-
-#endif /* AWS_CAL_CAL_H */
+#ifndef AWS_CAL_CAL_H
+#define AWS_CAL_CAL_H
+/**
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0.
+ */
+
+#include <aws/common/common.h>
+
+#include <aws/cal/exports.h>
+
+struct aws_allocator;
+
+#define AWS_C_CAL_PACKAGE_ID 7
+
+enum aws_cal_errors {
+ AWS_ERROR_CAL_SIGNATURE_VALIDATION_FAILED = AWS_ERROR_ENUM_BEGIN_RANGE(AWS_C_CAL_PACKAGE_ID),
+ AWS_ERROR_CAL_MISSING_REQUIRED_KEY_COMPONENT,
+ AWS_ERROR_CAL_INVALID_KEY_LENGTH_FOR_ALGORITHM,
+ AWS_ERROR_CAL_UNKNOWN_OBJECT_IDENTIFIER,
+ AWS_ERROR_CAL_MALFORMED_ASN1_ENCOUNTERED,
+ AWS_ERROR_CAL_MISMATCHED_DER_TYPE,
+ AWS_ERROR_CAL_UNSUPPORTED_ALGORITHM,
+
+ AWS_ERROR_CAL_END_RANGE = AWS_ERROR_ENUM_END_RANGE(AWS_C_CAL_PACKAGE_ID)
+};
+
+AWS_EXTERN_C_BEGIN
+
+AWS_CAL_API void aws_cal_library_init(struct aws_allocator *allocator);
+AWS_CAL_API void aws_cal_library_clean_up(void);
+
+AWS_EXTERN_C_END
+
+#endif /* AWS_CAL_CAL_H */
diff --git a/contrib/restricted/aws/aws-c-cal/include/aws/cal/ecc.h b/contrib/restricted/aws/aws-c-cal/include/aws/cal/ecc.h
index 660c26d79b..36e5f90b09 100644
--- a/contrib/restricted/aws/aws-c-cal/include/aws/cal/ecc.h
+++ b/contrib/restricted/aws/aws-c-cal/include/aws/cal/ecc.h
@@ -1,177 +1,177 @@
-#ifndef AWS_CAL_ECC_H
-#define AWS_CAL_ECC_H
-/**
- * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
- * SPDX-License-Identifier: Apache-2.0.
- */
-#include <aws/cal/exports.h>
-
-#include <aws/common/atomics.h>
-#include <aws/common/byte_buf.h>
-#include <aws/common/common.h>
-
-enum aws_ecc_curve_name {
- AWS_CAL_ECDSA_P256,
- AWS_CAL_ECDSA_P384,
-};
-
-struct aws_ecc_key_pair;
-
-typedef void aws_ecc_key_pair_destroy_fn(struct aws_ecc_key_pair *key_pair);
-typedef int aws_ecc_key_pair_sign_message_fn(
- const struct aws_ecc_key_pair *key_pair,
- const struct aws_byte_cursor *message,
- struct aws_byte_buf *signature_output);
-typedef int aws_ecc_key_pair_derive_public_key_fn(struct aws_ecc_key_pair *key_pair);
-typedef int aws_ecc_key_pair_verify_signature_fn(
- const struct aws_ecc_key_pair *signer,
- const struct aws_byte_cursor *message,
- const struct aws_byte_cursor *signature);
-typedef size_t aws_ecc_key_pair_signature_length_fn(const struct aws_ecc_key_pair *signer);
-
-struct aws_ecc_key_pair_vtable {
- aws_ecc_key_pair_destroy_fn *destroy;
- aws_ecc_key_pair_derive_public_key_fn *derive_pub_key;
- aws_ecc_key_pair_sign_message_fn *sign_message;
- aws_ecc_key_pair_verify_signature_fn *verify_signature;
- aws_ecc_key_pair_signature_length_fn *signature_length;
-};
-
-struct aws_ecc_key_pair {
- struct aws_allocator *allocator;
- struct aws_atomic_var ref_count;
- enum aws_ecc_curve_name curve_name;
- struct aws_byte_buf key_buf;
- struct aws_byte_buf pub_x;
- struct aws_byte_buf pub_y;
- struct aws_byte_buf priv_d;
- struct aws_ecc_key_pair_vtable *vtable;
- void *impl;
-};
-
-AWS_EXTERN_C_BEGIN
-
-/**
- * Adds one to an ecc key pair's ref count.
- */
-AWS_CAL_API void aws_ecc_key_pair_acquire(struct aws_ecc_key_pair *key_pair);
-
-/**
- * Subtracts one from an ecc key pair's ref count. If ref count reaches zero, the key pair is destroyed.
- */
-AWS_CAL_API void aws_ecc_key_pair_release(struct aws_ecc_key_pair *key_pair);
-
-/**
- * Creates a Eliptic Curve private key that can be used for signing.
- * Returns a new instance of aws_ecc_key_pair if the key was successfully built.
- * Otherwise returns NULL. Note: priv_key::len must match the appropriate length
- * for the selected curve_name.
- */
-AWS_CAL_API struct aws_ecc_key_pair *aws_ecc_key_pair_new_from_private_key(
- struct aws_allocator *allocator,
- enum aws_ecc_curve_name curve_name,
- const struct aws_byte_cursor *priv_key);
-
-#if !defined(AWS_OS_IOS)
-/**
- * Creates a Eliptic Curve public/private key pair that can be used for signing and verifying.
- * Returns a new instance of aws_ecc_key_pair if the key was successfully built.
- * Otherwise returns NULL.
- */
-AWS_CAL_API struct aws_ecc_key_pair *aws_ecc_key_pair_new_generate_random(
- struct aws_allocator *allocator,
- enum aws_ecc_curve_name curve_name);
-#endif /* !AWS_OS_IOS */
-
-/**
- * Creates a Eliptic Curve public key that can be used for verifying.
- * Returns a new instance of aws_ecc_key_pair if the key was successfully built.
- * Otherwise returns NULL. Note: public_key_x::len and public_key_y::len must
- * match the appropriate length for the selected curve_name.
- */
-AWS_CAL_API struct aws_ecc_key_pair *aws_ecc_key_pair_new_from_public_key(
- struct aws_allocator *allocator,
- enum aws_ecc_curve_name curve_name,
- const struct aws_byte_cursor *public_key_x,
- const struct aws_byte_cursor *public_key_y);
-
-/**
- * Creates a Eliptic Curve public/private key pair from a DER encoded key pair.
- * Returns a new instance of aws_ecc_key_pair if the key was successfully built.
- * Otherwise returns NULL. Whether or not signing or verification can be perform depends
- * on if encoded_keys is a public/private pair or a public key.
- */
-AWS_CAL_API struct aws_ecc_key_pair *aws_ecc_key_pair_new_from_asn1(
- struct aws_allocator *allocator,
- const struct aws_byte_cursor *encoded_keys);
-
-/**
- * Creates an Elliptic curve public key from x and y coordinates encoded as hex strings
- * Returns a new instance of aws_ecc_key_pair if the key was successfully built.
- * Otherwise returns NULL.
- */
-AWS_CAL_API struct aws_ecc_key_pair *aws_ecc_key_new_from_hex_coordinates(
- struct aws_allocator *allocator,
- enum aws_ecc_curve_name curve_name,
- struct aws_byte_cursor pub_x_hex_cursor,
- struct aws_byte_cursor pub_y_hex_cursor);
-
-/**
- * Derives a public key from the private key if supported by this operating system (not supported on OSX).
- * key_pair::pub_x and key_pair::pub_y will be set with the raw key buffers.
- */
-AWS_CAL_API int aws_ecc_key_pair_derive_public_key(struct aws_ecc_key_pair *key_pair);
-
-/**
- * Get the curve name from the oid. OID here is the payload of the DER encoded ASN.1 part (doesn't include
- * type specifier or length. On success, the value of curve_name will be set.
- */
-AWS_CAL_API int aws_ecc_curve_name_from_oid(struct aws_byte_cursor *oid, enum aws_ecc_curve_name *curve_name);
-
-/**
- * Get the DER encoded OID from the curve_name. The OID in this case will not contain the type or the length specifier.
- */
-AWS_CAL_API int aws_ecc_oid_from_curve_name(enum aws_ecc_curve_name curve_name, struct aws_byte_cursor *oid);
-
-/**
- * Uses the key_pair's private key to sign message. The output will be in signature. Signature must be large enough
- * to hold the signature. Check aws_ecc_key_pair_signature_length() for the appropriate size. Signature will be DER
- * encoded.
- *
- * It is the callers job to make sure message is the appropriate cryptographic digest for this operation. It's usually
- * something like a SHA256.
- */
-AWS_CAL_API int aws_ecc_key_pair_sign_message(
- const struct aws_ecc_key_pair *key_pair,
- const struct aws_byte_cursor *message,
- struct aws_byte_buf *signature);
-
-/**
- * Uses the key_pair's public key to verify signature of message. Signature should be DER
- * encoded.
- *
- * It is the callers job to make sure message is the appropriate cryptographic digest for this operation. It's usually
- * something like a SHA256.
- *
- * returns AWS_OP_SUCCESS if the signature is valid.
- */
-AWS_CAL_API int aws_ecc_key_pair_verify_signature(
- const struct aws_ecc_key_pair *key_pair,
- const struct aws_byte_cursor *message,
- const struct aws_byte_cursor *signature);
-AWS_CAL_API size_t aws_ecc_key_pair_signature_length(const struct aws_ecc_key_pair *key_pair);
-
-AWS_CAL_API void aws_ecc_key_pair_get_public_key(
- const struct aws_ecc_key_pair *key_pair,
- struct aws_byte_cursor *pub_x,
- struct aws_byte_cursor *pub_y);
-
-AWS_CAL_API void aws_ecc_key_pair_get_private_key(
- const struct aws_ecc_key_pair *key_pair,
- struct aws_byte_cursor *private_d);
-
-AWS_CAL_API size_t aws_ecc_key_coordinate_byte_size_from_curve_name(enum aws_ecc_curve_name curve_name);
-
-AWS_EXTERN_C_END
-
-#endif /* AWS_CAL_ECC_H */
+#ifndef AWS_CAL_ECC_H
+#define AWS_CAL_ECC_H
+/**
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0.
+ */
+#include <aws/cal/exports.h>
+
+#include <aws/common/atomics.h>
+#include <aws/common/byte_buf.h>
+#include <aws/common/common.h>
+
+enum aws_ecc_curve_name {
+ AWS_CAL_ECDSA_P256,
+ AWS_CAL_ECDSA_P384,
+};
+
+struct aws_ecc_key_pair;
+
+typedef void aws_ecc_key_pair_destroy_fn(struct aws_ecc_key_pair *key_pair);
+typedef int aws_ecc_key_pair_sign_message_fn(
+ const struct aws_ecc_key_pair *key_pair,
+ const struct aws_byte_cursor *message,
+ struct aws_byte_buf *signature_output);
+typedef int aws_ecc_key_pair_derive_public_key_fn(struct aws_ecc_key_pair *key_pair);
+typedef int aws_ecc_key_pair_verify_signature_fn(
+ const struct aws_ecc_key_pair *signer,
+ const struct aws_byte_cursor *message,
+ const struct aws_byte_cursor *signature);
+typedef size_t aws_ecc_key_pair_signature_length_fn(const struct aws_ecc_key_pair *signer);
+
+struct aws_ecc_key_pair_vtable {
+ aws_ecc_key_pair_destroy_fn *destroy;
+ aws_ecc_key_pair_derive_public_key_fn *derive_pub_key;
+ aws_ecc_key_pair_sign_message_fn *sign_message;
+ aws_ecc_key_pair_verify_signature_fn *verify_signature;
+ aws_ecc_key_pair_signature_length_fn *signature_length;
+};
+
+struct aws_ecc_key_pair {
+ struct aws_allocator *allocator;
+ struct aws_atomic_var ref_count;
+ enum aws_ecc_curve_name curve_name;
+ struct aws_byte_buf key_buf;
+ struct aws_byte_buf pub_x;
+ struct aws_byte_buf pub_y;
+ struct aws_byte_buf priv_d;
+ struct aws_ecc_key_pair_vtable *vtable;
+ void *impl;
+};
+
+AWS_EXTERN_C_BEGIN
+
+/**
+ * Adds one to an ecc key pair's ref count.
+ */
+AWS_CAL_API void aws_ecc_key_pair_acquire(struct aws_ecc_key_pair *key_pair);
+
+/**
+ * Subtracts one from an ecc key pair's ref count. If ref count reaches zero, the key pair is destroyed.
+ */
+AWS_CAL_API void aws_ecc_key_pair_release(struct aws_ecc_key_pair *key_pair);
+
+/**
+ * Creates a Eliptic Curve private key that can be used for signing.
+ * Returns a new instance of aws_ecc_key_pair if the key was successfully built.
+ * Otherwise returns NULL. Note: priv_key::len must match the appropriate length
+ * for the selected curve_name.
+ */
+AWS_CAL_API struct aws_ecc_key_pair *aws_ecc_key_pair_new_from_private_key(
+ struct aws_allocator *allocator,
+ enum aws_ecc_curve_name curve_name,
+ const struct aws_byte_cursor *priv_key);
+
+#if !defined(AWS_OS_IOS)
+/**
+ * Creates a Eliptic Curve public/private key pair that can be used for signing and verifying.
+ * Returns a new instance of aws_ecc_key_pair if the key was successfully built.
+ * Otherwise returns NULL.
+ */
+AWS_CAL_API struct aws_ecc_key_pair *aws_ecc_key_pair_new_generate_random(
+ struct aws_allocator *allocator,
+ enum aws_ecc_curve_name curve_name);
+#endif /* !AWS_OS_IOS */
+
+/**
+ * Creates a Eliptic Curve public key that can be used for verifying.
+ * Returns a new instance of aws_ecc_key_pair if the key was successfully built.
+ * Otherwise returns NULL. Note: public_key_x::len and public_key_y::len must
+ * match the appropriate length for the selected curve_name.
+ */
+AWS_CAL_API struct aws_ecc_key_pair *aws_ecc_key_pair_new_from_public_key(
+ struct aws_allocator *allocator,
+ enum aws_ecc_curve_name curve_name,
+ const struct aws_byte_cursor *public_key_x,
+ const struct aws_byte_cursor *public_key_y);
+
+/**
+ * Creates a Eliptic Curve public/private key pair from a DER encoded key pair.
+ * Returns a new instance of aws_ecc_key_pair if the key was successfully built.
+ * Otherwise returns NULL. Whether or not signing or verification can be perform depends
+ * on if encoded_keys is a public/private pair or a public key.
+ */
+AWS_CAL_API struct aws_ecc_key_pair *aws_ecc_key_pair_new_from_asn1(
+ struct aws_allocator *allocator,
+ const struct aws_byte_cursor *encoded_keys);
+
+/**
+ * Creates an Elliptic curve public key from x and y coordinates encoded as hex strings
+ * Returns a new instance of aws_ecc_key_pair if the key was successfully built.
+ * Otherwise returns NULL.
+ */
+AWS_CAL_API struct aws_ecc_key_pair *aws_ecc_key_new_from_hex_coordinates(
+ struct aws_allocator *allocator,
+ enum aws_ecc_curve_name curve_name,
+ struct aws_byte_cursor pub_x_hex_cursor,
+ struct aws_byte_cursor pub_y_hex_cursor);
+
+/**
+ * Derives a public key from the private key if supported by this operating system (not supported on OSX).
+ * key_pair::pub_x and key_pair::pub_y will be set with the raw key buffers.
+ */
+AWS_CAL_API int aws_ecc_key_pair_derive_public_key(struct aws_ecc_key_pair *key_pair);
+
+/**
+ * Get the curve name from the oid. OID here is the payload of the DER encoded ASN.1 part (doesn't include
+ * type specifier or length. On success, the value of curve_name will be set.
+ */
+AWS_CAL_API int aws_ecc_curve_name_from_oid(struct aws_byte_cursor *oid, enum aws_ecc_curve_name *curve_name);
+
+/**
+ * Get the DER encoded OID from the curve_name. The OID in this case will not contain the type or the length specifier.
+ */
+AWS_CAL_API int aws_ecc_oid_from_curve_name(enum aws_ecc_curve_name curve_name, struct aws_byte_cursor *oid);
+
+/**
+ * Uses the key_pair's private key to sign message. The output will be in signature. Signature must be large enough
+ * to hold the signature. Check aws_ecc_key_pair_signature_length() for the appropriate size. Signature will be DER
+ * encoded.
+ *
+ * It is the callers job to make sure message is the appropriate cryptographic digest for this operation. It's usually
+ * something like a SHA256.
+ */
+AWS_CAL_API int aws_ecc_key_pair_sign_message(
+ const struct aws_ecc_key_pair *key_pair,
+ const struct aws_byte_cursor *message,
+ struct aws_byte_buf *signature);
+
+/**
+ * Uses the key_pair's public key to verify signature of message. Signature should be DER
+ * encoded.
+ *
+ * It is the callers job to make sure message is the appropriate cryptographic digest for this operation. It's usually
+ * something like a SHA256.
+ *
+ * returns AWS_OP_SUCCESS if the signature is valid.
+ */
+AWS_CAL_API int aws_ecc_key_pair_verify_signature(
+ const struct aws_ecc_key_pair *key_pair,
+ const struct aws_byte_cursor *message,
+ const struct aws_byte_cursor *signature);
+AWS_CAL_API size_t aws_ecc_key_pair_signature_length(const struct aws_ecc_key_pair *key_pair);
+
+AWS_CAL_API void aws_ecc_key_pair_get_public_key(
+ const struct aws_ecc_key_pair *key_pair,
+ struct aws_byte_cursor *pub_x,
+ struct aws_byte_cursor *pub_y);
+
+AWS_CAL_API void aws_ecc_key_pair_get_private_key(
+ const struct aws_ecc_key_pair *key_pair,
+ struct aws_byte_cursor *private_d);
+
+AWS_CAL_API size_t aws_ecc_key_coordinate_byte_size_from_curve_name(enum aws_ecc_curve_name curve_name);
+
+AWS_EXTERN_C_END
+
+#endif /* AWS_CAL_ECC_H */
diff --git a/contrib/restricted/aws/aws-c-cal/include/aws/cal/exports.h b/contrib/restricted/aws/aws-c-cal/include/aws/cal/exports.h
index d6ab9734b7..c73f19974c 100644
--- a/contrib/restricted/aws/aws-c-cal/include/aws/cal/exports.h
+++ b/contrib/restricted/aws/aws-c-cal/include/aws/cal/exports.h
@@ -1,28 +1,28 @@
-#ifndef AWS_CAL_EXPORTS_H
-#define AWS_CAL_EXPORTS_H
-/**
- * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
- * SPDX-License-Identifier: Apache-2.0.
- */
-#if defined(AWS_C_RT_USE_WINDOWS_DLL_SEMANTICS) || defined(WIN32)
-# ifdef AWS_CAL_USE_IMPORT_EXPORT
-# ifdef AWS_CAL_EXPORTS
-# define AWS_CAL_API __declspec(dllexport)
-# else
-# define AWS_CAL_API __declspec(dllimport)
-# endif /* AWS_CAL_EXPORTS */
-# else
-# define AWS_CAL_API
-# endif /* AWS_CAL_USE_IMPORT_EXPORT */
-
-#else /* defined (AWS_C_RT_USE_WINDOWS_DLL_SEMANTICS) || defined (WIN32) */
-
-# if ((__GNUC__ >= 4) || defined(__clang__)) && defined(AWS_CAL_USE_IMPORT_EXPORT) && defined(AWS_CAL_EXPORTS)
-# define AWS_CAL_API __attribute__((visibility("default")))
-# else
-# define AWS_CAL_API
-# endif /* __GNUC__ >= 4 || defined(__clang__) */
-
-#endif /* defined (AWS_C_RT_USE_WINDOWS_DLL_SEMANTICS) || defined (WIN32) */
-
-#endif /* AWS_CAL_EXPORTS_H */
+#ifndef AWS_CAL_EXPORTS_H
+#define AWS_CAL_EXPORTS_H
+/**
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0.
+ */
+#if defined(AWS_C_RT_USE_WINDOWS_DLL_SEMANTICS) || defined(WIN32)
+# ifdef AWS_CAL_USE_IMPORT_EXPORT
+# ifdef AWS_CAL_EXPORTS
+# define AWS_CAL_API __declspec(dllexport)
+# else
+# define AWS_CAL_API __declspec(dllimport)
+# endif /* AWS_CAL_EXPORTS */
+# else
+# define AWS_CAL_API
+# endif /* AWS_CAL_USE_IMPORT_EXPORT */
+
+#else /* defined (AWS_C_RT_USE_WINDOWS_DLL_SEMANTICS) || defined (WIN32) */
+
+# if ((__GNUC__ >= 4) || defined(__clang__)) && defined(AWS_CAL_USE_IMPORT_EXPORT) && defined(AWS_CAL_EXPORTS)
+# define AWS_CAL_API __attribute__((visibility("default")))
+# else
+# define AWS_CAL_API
+# endif /* __GNUC__ >= 4 || defined(__clang__) */
+
+#endif /* defined (AWS_C_RT_USE_WINDOWS_DLL_SEMANTICS) || defined (WIN32) */
+
+#endif /* AWS_CAL_EXPORTS_H */
diff --git a/contrib/restricted/aws/aws-c-cal/include/aws/cal/hash.h b/contrib/restricted/aws/aws-c-cal/include/aws/cal/hash.h
index ebf70e39e4..865a12f756 100644
--- a/contrib/restricted/aws/aws-c-cal/include/aws/cal/hash.h
+++ b/contrib/restricted/aws/aws-c-cal/include/aws/cal/hash.h
@@ -1,107 +1,107 @@
-#ifndef AWS_CAL_HASH_H_
-#define AWS_CAL_HASH_H_
-/**
- * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
- * SPDX-License-Identifier: Apache-2.0.
- */
-#include <aws/cal/exports.h>
-
-#include <aws/common/byte_buf.h>
-#include <aws/common/common.h>
-
-#define AWS_SHA256_LEN 32
-#define AWS_MD5_LEN 16
-
-struct aws_hash;
-
-struct aws_hash_vtable {
- const char *alg_name;
- const char *provider;
- void (*destroy)(struct aws_hash *hash);
- int (*update)(struct aws_hash *hash, const struct aws_byte_cursor *buf);
- int (*finalize)(struct aws_hash *hash, struct aws_byte_buf *out);
-};
-
-struct aws_hash {
- struct aws_allocator *allocator;
- struct aws_hash_vtable *vtable;
- size_t digest_size;
- bool good;
- void *impl;
-};
-
-typedef struct aws_hash *(aws_hash_new_fn)(struct aws_allocator *allocator);
-
-AWS_EXTERN_C_BEGIN
-/**
- * Allocates and initializes a sha256 hash instance.
- */
-AWS_CAL_API struct aws_hash *aws_sha256_new(struct aws_allocator *allocator);
-/**
- * Allocates and initializes an md5 hash instance.
- */
-AWS_CAL_API struct aws_hash *aws_md5_new(struct aws_allocator *allocator);
-/**
- * Cleans up and deallocates hash.
- */
-AWS_CAL_API void aws_hash_destroy(struct aws_hash *hash);
-/**
- * Updates the running hash with to_hash. this can be called multiple times.
- */
-AWS_CAL_API int aws_hash_update(struct aws_hash *hash, const struct aws_byte_cursor *to_hash);
-/**
- * Completes the hash computation and writes the final digest to output.
- * Allocation of output is the caller's responsibility. If you specify
- * truncate_to to something other than 0, the output will be truncated to that
- * number of bytes. For example if you want a SHA256 digest as the first 16
- * bytes, set truncate_to to 16. If you want the full digest size, just set this
- * to 0.
- */
-AWS_CAL_API int aws_hash_finalize(struct aws_hash *hash, struct aws_byte_buf *output, size_t truncate_to);
-
-/**
- * Computes the md5 hash over input and writes the digest output to 'output'.
- * Use this if you don't need to stream the data you're hashing and you can load
- * the entire input to hash into memory.
- */
-AWS_CAL_API int aws_md5_compute(
- struct aws_allocator *allocator,
- const struct aws_byte_cursor *input,
- struct aws_byte_buf *output,
- size_t truncate_to);
-
-/**
- * Computes the sha256 hash over input and writes the digest output to 'output'.
- * Use this if you don't need to stream the data you're hashing and you can load
- * the entire input to hash into memory. If you specify truncate_to to something
- * other than 0, the output will be truncated to that number of bytes. For
- * example if you want a SHA256 digest as the first 16 bytes, set truncate_to
- * to 16. If you want the full digest size, just set this to 0.
- */
-AWS_CAL_API int aws_sha256_compute(
- struct aws_allocator *allocator,
- const struct aws_byte_cursor *input,
- struct aws_byte_buf *output,
- size_t truncate_to);
-
-/**
- * Set the implementation of md5 to use. If you compiled without AWS_BYO_CRYPTO,
- * you do not need to call this. However, if use this, we will honor it,
- * regardless of compile options. This may be useful for testing purposes. If
- * you did set AWS_BYO_CRYPTO, and you do not call this function you will
- * segfault.
- */
-AWS_CAL_API void aws_set_md5_new_fn(aws_hash_new_fn *fn);
-
-/**
- * Set the implementation of sha256 to use. If you compiled without
- * AWS_BYO_CRYPTO, you do not need to call this. However, if use this, we will
- * honor it, regardless of compile options. This may be useful for testing
- * purposes. If you did set AWS_BYO_CRYPTO, and you do not call this function
- * you will segfault.
- */
-AWS_CAL_API void aws_set_sha256_new_fn(aws_hash_new_fn *fn);
-
-AWS_EXTERN_C_END
-
-#endif /* AWS_CAL_HASH_H_ */
+#ifndef AWS_CAL_HASH_H_
+#define AWS_CAL_HASH_H_
+/**
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0.
+ */
+#include <aws/cal/exports.h>
+
+#include <aws/common/byte_buf.h>
+#include <aws/common/common.h>
+
+#define AWS_SHA256_LEN 32
+#define AWS_MD5_LEN 16
+
+struct aws_hash;
+
+struct aws_hash_vtable {
+ const char *alg_name;
+ const char *provider;
+ void (*destroy)(struct aws_hash *hash);
+ int (*update)(struct aws_hash *hash, const struct aws_byte_cursor *buf);
+ int (*finalize)(struct aws_hash *hash, struct aws_byte_buf *out);
+};
+
+struct aws_hash {
+ struct aws_allocator *allocator;
+ struct aws_hash_vtable *vtable;
+ size_t digest_size;
+ bool good;
+ void *impl;
+};
+
+typedef struct aws_hash *(aws_hash_new_fn)(struct aws_allocator *allocator);
+
+AWS_EXTERN_C_BEGIN
+/**
+ * Allocates and initializes a sha256 hash instance.
+ */
+AWS_CAL_API struct aws_hash *aws_sha256_new(struct aws_allocator *allocator);
+/**
+ * Allocates and initializes an md5 hash instance.
+ */
+AWS_CAL_API struct aws_hash *aws_md5_new(struct aws_allocator *allocator);
+/**
+ * Cleans up and deallocates hash.
+ */
+AWS_CAL_API void aws_hash_destroy(struct aws_hash *hash);
+/**
+ * Updates the running hash with to_hash. this can be called multiple times.
+ */
+AWS_CAL_API int aws_hash_update(struct aws_hash *hash, const struct aws_byte_cursor *to_hash);
+/**
+ * Completes the hash computation and writes the final digest to output.
+ * Allocation of output is the caller's responsibility. If you specify
+ * truncate_to to something other than 0, the output will be truncated to that
+ * number of bytes. For example if you want a SHA256 digest as the first 16
+ * bytes, set truncate_to to 16. If you want the full digest size, just set this
+ * to 0.
+ */
+AWS_CAL_API int aws_hash_finalize(struct aws_hash *hash, struct aws_byte_buf *output, size_t truncate_to);
+
+/**
+ * Computes the md5 hash over input and writes the digest output to 'output'.
+ * Use this if you don't need to stream the data you're hashing and you can load
+ * the entire input to hash into memory.
+ */
+AWS_CAL_API int aws_md5_compute(
+ struct aws_allocator *allocator,
+ const struct aws_byte_cursor *input,
+ struct aws_byte_buf *output,
+ size_t truncate_to);
+
+/**
+ * Computes the sha256 hash over input and writes the digest output to 'output'.
+ * Use this if you don't need to stream the data you're hashing and you can load
+ * the entire input to hash into memory. If you specify truncate_to to something
+ * other than 0, the output will be truncated to that number of bytes. For
+ * example if you want a SHA256 digest as the first 16 bytes, set truncate_to
+ * to 16. If you want the full digest size, just set this to 0.
+ */
+AWS_CAL_API int aws_sha256_compute(
+ struct aws_allocator *allocator,
+ const struct aws_byte_cursor *input,
+ struct aws_byte_buf *output,
+ size_t truncate_to);
+
+/**
+ * Set the implementation of md5 to use. If you compiled without AWS_BYO_CRYPTO,
+ * you do not need to call this. However, if use this, we will honor it,
+ * regardless of compile options. This may be useful for testing purposes. If
+ * you did set AWS_BYO_CRYPTO, and you do not call this function you will
+ * segfault.
+ */
+AWS_CAL_API void aws_set_md5_new_fn(aws_hash_new_fn *fn);
+
+/**
+ * Set the implementation of sha256 to use. If you compiled without
+ * AWS_BYO_CRYPTO, you do not need to call this. However, if use this, we will
+ * honor it, regardless of compile options. This may be useful for testing
+ * purposes. If you did set AWS_BYO_CRYPTO, and you do not call this function
+ * you will segfault.
+ */
+AWS_CAL_API void aws_set_sha256_new_fn(aws_hash_new_fn *fn);
+
+AWS_EXTERN_C_END
+
+#endif /* AWS_CAL_HASH_H_ */
diff --git a/contrib/restricted/aws/aws-c-cal/include/aws/cal/hmac.h b/contrib/restricted/aws/aws-c-cal/include/aws/cal/hmac.h
index 42183887d6..37ce7cdc22 100644
--- a/contrib/restricted/aws/aws-c-cal/include/aws/cal/hmac.h
+++ b/contrib/restricted/aws/aws-c-cal/include/aws/cal/hmac.h
@@ -1,84 +1,84 @@
-#ifndef AWS_CAL_HMAC_H_
-#define AWS_CAL_HMAC_H_
-/**
- * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
- * SPDX-License-Identifier: Apache-2.0.
- */
-#include <aws/cal/exports.h>
-
-#include <aws/common/byte_buf.h>
-#include <aws/common/common.h>
-
-#define AWS_SHA256_HMAC_LEN 32
-
-struct aws_hmac;
-
-struct aws_hmac_vtable {
- const char *alg_name;
- const char *provider;
- void (*destroy)(struct aws_hmac *hmac);
- int (*update)(struct aws_hmac *hmac, const struct aws_byte_cursor *buf);
- int (*finalize)(struct aws_hmac *hmac, struct aws_byte_buf *out);
-};
-
-struct aws_hmac {
- struct aws_allocator *allocator;
- struct aws_hmac_vtable *vtable;
- size_t digest_size;
- bool good;
- void *impl;
-};
-
-typedef struct aws_hmac *(aws_hmac_new_fn)(struct aws_allocator *allocator, const struct aws_byte_cursor *secret);
-
-AWS_EXTERN_C_BEGIN
-/**
- * Allocates and initializes a sha256 hmac instance. Secret is the key to be
- * used for the hmac process.
- */
-AWS_CAL_API struct aws_hmac *aws_sha256_hmac_new(struct aws_allocator *allocator, const struct aws_byte_cursor *secret);
-
-/**
- * Cleans up and deallocates hmac.
- */
-AWS_CAL_API void aws_hmac_destroy(struct aws_hmac *hmac);
-
-/**
- * Updates the running hmac with to_hash. this can be called multiple times.
- */
-AWS_CAL_API int aws_hmac_update(struct aws_hmac *hmac, const struct aws_byte_cursor *to_hmac);
-/**
- * Completes the hmac computation and writes the final digest to output.
- * Allocation of output is the caller's responsibility. If you specify
- * truncate_to to something other than 0, the output will be truncated to that
- * number of bytes. For example if you want a SHA256 digest as the first 16
- * bytes, set truncate_to to 16. If you want the full digest size, just set this
- * to 0.
- */
-AWS_CAL_API int aws_hmac_finalize(struct aws_hmac *hmac, struct aws_byte_buf *output, size_t truncate_to);
-/**
- * Computes the sha256 hmac over input and writes the digest output to 'output'.
- * Use this if you don't need to stream the data you're hashing and you can load
- * the entire input to hash into memory. If you specify truncate_to to something
- * other than 0, the output will be truncated to that number of bytes. For
- * example if you want a SHA256 HMAC digest as the first 16 bytes, set
- * truncate_to to 16. If you want the full digest size, just set this to 0.
- */
-AWS_CAL_API int aws_sha256_hmac_compute(
- struct aws_allocator *allocator,
- const struct aws_byte_cursor *secret,
- const struct aws_byte_cursor *to_hmac,
- struct aws_byte_buf *output,
- size_t truncate_to);
-/**
- * Set the implementation of sha256 hmac to use. If you compiled without
- * AWS_BYO_CRYPTO, you do not need to call this. However, if use this, we will
- * honor it, regardless of compile options. This may be useful for testing
- * purposes. If you did set AWS_BYO_CRYPTO, and you do not call this function
- * you will segfault.
- */
-AWS_CAL_API void aws_set_sha256_hmac_new_fn(aws_hmac_new_fn *fn);
-
-AWS_EXTERN_C_END
-
-#endif /* AWS_CAL_HASH_H_ */
+#ifndef AWS_CAL_HMAC_H_
+#define AWS_CAL_HMAC_H_
+/**
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0.
+ */
+#include <aws/cal/exports.h>
+
+#include <aws/common/byte_buf.h>
+#include <aws/common/common.h>
+
+#define AWS_SHA256_HMAC_LEN 32
+
+struct aws_hmac;
+
+struct aws_hmac_vtable {
+ const char *alg_name;
+ const char *provider;
+ void (*destroy)(struct aws_hmac *hmac);
+ int (*update)(struct aws_hmac *hmac, const struct aws_byte_cursor *buf);
+ int (*finalize)(struct aws_hmac *hmac, struct aws_byte_buf *out);
+};
+
+struct aws_hmac {
+ struct aws_allocator *allocator;
+ struct aws_hmac_vtable *vtable;
+ size_t digest_size;
+ bool good;
+ void *impl;
+};
+
+typedef struct aws_hmac *(aws_hmac_new_fn)(struct aws_allocator *allocator, const struct aws_byte_cursor *secret);
+
+AWS_EXTERN_C_BEGIN
+/**
+ * Allocates and initializes a sha256 hmac instance. Secret is the key to be
+ * used for the hmac process.
+ */
+AWS_CAL_API struct aws_hmac *aws_sha256_hmac_new(struct aws_allocator *allocator, const struct aws_byte_cursor *secret);
+
+/**
+ * Cleans up and deallocates hmac.
+ */
+AWS_CAL_API void aws_hmac_destroy(struct aws_hmac *hmac);
+
+/**
+ * Updates the running hmac with to_hash. this can be called multiple times.
+ */
+AWS_CAL_API int aws_hmac_update(struct aws_hmac *hmac, const struct aws_byte_cursor *to_hmac);
+/**
+ * Completes the hmac computation and writes the final digest to output.
+ * Allocation of output is the caller's responsibility. If you specify
+ * truncate_to to something other than 0, the output will be truncated to that
+ * number of bytes. For example if you want a SHA256 digest as the first 16
+ * bytes, set truncate_to to 16. If you want the full digest size, just set this
+ * to 0.
+ */
+AWS_CAL_API int aws_hmac_finalize(struct aws_hmac *hmac, struct aws_byte_buf *output, size_t truncate_to);
+/**
+ * Computes the sha256 hmac over input and writes the digest output to 'output'.
+ * Use this if you don't need to stream the data you're hashing and you can load
+ * the entire input to hash into memory. If you specify truncate_to to something
+ * other than 0, the output will be truncated to that number of bytes. For
+ * example if you want a SHA256 HMAC digest as the first 16 bytes, set
+ * truncate_to to 16. If you want the full digest size, just set this to 0.
+ */
+AWS_CAL_API int aws_sha256_hmac_compute(
+ struct aws_allocator *allocator,
+ const struct aws_byte_cursor *secret,
+ const struct aws_byte_cursor *to_hmac,
+ struct aws_byte_buf *output,
+ size_t truncate_to);
+/**
+ * Set the implementation of sha256 hmac to use. If you compiled without
+ * AWS_BYO_CRYPTO, you do not need to call this. However, if use this, we will
+ * honor it, regardless of compile options. This may be useful for testing
+ * purposes. If you did set AWS_BYO_CRYPTO, and you do not call this function
+ * you will segfault.
+ */
+AWS_CAL_API void aws_set_sha256_hmac_new_fn(aws_hmac_new_fn *fn);
+
+AWS_EXTERN_C_END
+
+#endif /* AWS_CAL_HASH_H_ */
diff --git a/contrib/restricted/aws/aws-c-cal/include/aws/cal/private/der.h b/contrib/restricted/aws/aws-c-cal/include/aws/cal/private/der.h
index 3486e3f476..e263864a49 100644
--- a/contrib/restricted/aws/aws-c-cal/include/aws/cal/private/der.h
+++ b/contrib/restricted/aws/aws-c-cal/include/aws/cal/private/der.h
@@ -1,218 +1,218 @@
-#ifndef AWS_C_CAL_DER_H
-#define AWS_C_CAL_DER_H
-/**
- * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
- * SPDX-License-Identifier: Apache-2.0.
- */
-
-#include <aws/cal/exports.h>
-
-#include <aws/common/array_list.h>
-#include <aws/common/byte_buf.h>
-
-struct aws_der_encoder;
-struct aws_der_decoder;
-
-enum aws_der_type {
- /* Primitives */
- AWS_DER_BOOLEAN = 0x01,
- AWS_DER_INTEGER = 0x02,
- AWS_DER_BIT_STRING = 0x03,
- AWS_DER_OCTET_STRING = 0x04,
- AWS_DER_NULL = 0x05,
- AWS_DER_OBJECT_IDENTIFIER = 0x06,
- AWS_DER_BMPString = 0x1e,
- AWS_DER_UNICODE_STRING = AWS_DER_BMPString,
- AWS_DER_IA5String = 0x16, /* Unsupported */
- AWS_DER_PrintableString = 0x13,
- AWS_DER_TeletexString = 0x14, /* Unsupported */
-
- /* Constructed types */
- AWS_DER_SEQUENCE = 0x30,
- AWS_DER_SEQUENCE_OF = AWS_DER_SEQUENCE,
- AWS_DER_SET = 0x31,
- AWS_DER_SET_OF = AWS_DER_SET,
- AWS_DER_UTF8_STRING = 0x0c,
-
- /* class types */
- AWS_DER_CLASS_UNIVERSAL = 0x00,
- AWS_DER_CLASS_APPLICATION = 0x40,
- AWS_DER_CLASS_CONTEXT = 0x80,
- AWS_DER_CLASS_PRIVATE = 0xc0,
-
- /* forms */
- AWS_DER_FORM_CONSTRUCTED = 0x20,
- AWS_DER_FORM_PRIMITIVE = 0x00,
-};
-
-AWS_EXTERN_C_BEGIN
-
-/**
- * Initializes a DER encoder
- * @param allocator The allocator to use for all allocations within the encoder
- * @param capacity The initial capacity of the encoder scratch buffer (the max size of all encoded TLVs)
- * @return AWS_OP_ERR if an error occurs, otherwise AWS_OP_SUCCESS
- */
-AWS_CAL_API struct aws_der_encoder *aws_der_encoder_new(struct aws_allocator *allocator, size_t capacity);
-
-/**
- * Cleans up a DER encoder
- * @param encoder The encoder to clean up
- *
- * Note that this destroys the encoder buffer, invalidating any references to the contents given via get_contents()
- */
-AWS_CAL_API void aws_der_encoder_destroy(struct aws_der_encoder *encoder);
-
-/**
- * Writes an arbitrarily sized integer to the DER stream
- * @param encoder The encoder to use
- * @param integer A cursor pointing to the integer's memory
- * @return AWS_OP_ERR if an error occurs, otherwise AWS_OP_SUCCESS
- */
-AWS_CAL_API int aws_der_encoder_write_integer(struct aws_der_encoder *encoder, struct aws_byte_cursor integer);
-/**
- * Writes a boolean to the DER stream
- * @param encoder The encoder to use
- * @param boolean The boolean to write
- * @return AWS_OP_ERR if an error occurs, otherwise AWS_OP_SUCCESS
- */
-AWS_CAL_API int aws_der_encoder_write_boolean(struct aws_der_encoder *encoder, bool boolean);
-
-/**
- * Writes a NULL token to the stream
- * @param encoder The encoder to write to
- * @return AWS_OP_ERR if an error occurs, otherwise AWS_OP_SUCCESS
- */
-AWS_CAL_API int aws_der_encoder_write_null(struct aws_der_encoder *encoder);
-
-/**
- * Writes a BIT_STRING to the stream
- * @param encoder The encoder to use
- * @param bit_string The bit string to encode
- * @return AWS_OP_ERR if an error occurs, otherwise AWS_OP_SUCCESS
- */
-AWS_CAL_API int aws_der_encoder_write_bit_string(struct aws_der_encoder *encoder, struct aws_byte_cursor bit_string);
-
-/**
- * Writes a string to the stream
- * @param encoder The encoder to use
- * @param octet_string The string to encode
- * @return AWS_OP_ERR if an error occurs, otherwise AWS_OP_SUCCESS
- */
-AWS_CAL_API int aws_der_encoder_write_octet_string(
- struct aws_der_encoder *encoder,
- struct aws_byte_cursor octet_string);
-
-/**
- * Begins a SEQUENCE of objects in the DER stream
- * @param encoder The encoder to use
- * @return AWS_OP_ERR if an error occurs, otherwise AWS_OP_SUCCESS
- */
-AWS_CAL_API int aws_der_encoder_begin_sequence(struct aws_der_encoder *encoder);
-
-/**
- * Finishes a SEQUENCE and applies it to the DER stream buffer
- * @param encoder The encoder to update
- * @return AWS_OP_ERR if an error occurs, otherwise AWS_OP_SUCCESS
- */
-AWS_CAL_API int aws_der_encoder_end_sequence(struct aws_der_encoder *encoder);
-
-/**
- * Begins a SET of objects in the DER stream
- * @param encoder The encoder to use
- * @return AWS_OP_ERR if an error occurs, otherwise AWS_OP_SUCCESS
- */
-AWS_CAL_API int aws_der_encoder_begin_set(struct aws_der_encoder *encoder);
-
-/**
- * Finishes a SET and applies it to the DER stream buffer
- * @param encoder The encoder to update
- * @return AWS_OP_ERR if an error occurs, otherwise AWS_OP_SUCCESS
- */
-AWS_CAL_API int aws_der_encoder_end_set(struct aws_der_encoder *encoder);
-
-/**
- * Retrieves the contents of the encoder stream buffer
- * @param encoder The encoder to read from
- * @param cursor The cursor to point at the stream buffer
- * @return AWS_OP_ERR if an error occurs, otherwise AWS_OP_SUCCESS
- */
-AWS_CAL_API int aws_der_encoder_get_contents(struct aws_der_encoder *encoder, struct aws_byte_cursor *contents);
-
-/**
- * Initializes an DER decoder
- * @param allocator The allocator to use
- * @param input The DER formatted buffer to parse
- * @return Initialized decoder, or NULL
- */
-AWS_CAL_API struct aws_der_decoder *aws_der_decoder_new(struct aws_allocator *allocator, struct aws_byte_cursor input);
-
-/**
- * Cleans up a DER encoder
- * @param decoder The encoder to clean up
- */
-AWS_CAL_API void aws_der_decoder_destroy(struct aws_der_decoder *decoder);
-
-/**
- * Allows for iteration over the decoded TLVs.
- * @param decoder The decoder to iterate over
- * @return true if there is a tlv to read after advancing, false when done
- */
-AWS_CAL_API bool aws_der_decoder_next(struct aws_der_decoder *decoder);
-
-/**
- * The type of the current TLV
- * @param decoder The decoder to inspect
- * @return AWS_OP_ERR if an error occurs, otherwise AWS_OP_SUCCESS
- */
-AWS_CAL_API enum aws_der_type aws_der_decoder_tlv_type(struct aws_der_decoder *decoder);
-
-/**
- * The size of the current TLV
- * @param decoder The decoder to inspect
- * @return AWS_OP_ERR if an error occurs, otherwise AWS_OP_SUCCESS
- */
-AWS_CAL_API size_t aws_der_decoder_tlv_length(struct aws_der_decoder *decoder);
-
-/**
- * The number of elements in the current TLV container
- * @param decoder The decoder to inspect
- * @return Number of elements in the current container
- */
-AWS_CAL_API size_t aws_der_decoder_tlv_count(struct aws_der_decoder *decoder);
-
-/**
- * Extracts the current TLV string value (BIT_STRING, OCTET_STRING)
- * @param decoder The decoder to extract from
- * @param string The buffer to store the string into
- * @return AWS_OP_ERR if an error occurs, otherwise AWS_OP_SUCCESS
- */
-AWS_CAL_API int aws_der_decoder_tlv_string(struct aws_der_decoder *decoder, struct aws_byte_cursor *string);
-
-/**
- * Extracts the current TLV INTEGER value (INTEGER)
- * @param decoder The decoder to extract from
- * @param integer The buffer to store the integer into
- * @return AWS_OP_ERR if an error occurs, otherwise AWS_OP_SUCCESS
- */
-AWS_CAL_API int aws_der_decoder_tlv_integer(struct aws_der_decoder *decoder, struct aws_byte_cursor *integer);
-
-/**
- * Extracts the current TLV BOOLEAN value (BOOLEAN)
- * @param decoder The decoder to extract from
- * @param boolean The boolean to store the value into
- * @return AWS_OP_ERR if an error occurs, otherwise AWS_OP_SUCCESS
- */
-AWS_CAL_API int aws_der_decoder_tlv_boolean(struct aws_der_decoder *decoder, bool *boolean);
-
-/**
- * Extracts the current TLV value as a blob
- * @param decoder The decoder to extract from
- * @param blob The buffer to store the value into
- * @return AWS_OP_ERR if an error occurs, otherwise AWS_OP_SUCCESS
- */
-AWS_CAL_API int aws_der_decoder_tlv_blob(struct aws_der_decoder *decoder, struct aws_byte_cursor *blob);
-
-AWS_EXTERN_C_END
-
-#endif
+#ifndef AWS_C_CAL_DER_H
+#define AWS_C_CAL_DER_H
+/**
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0.
+ */
+
+#include <aws/cal/exports.h>
+
+#include <aws/common/array_list.h>
+#include <aws/common/byte_buf.h>
+
+struct aws_der_encoder;
+struct aws_der_decoder;
+
+enum aws_der_type {
+ /* Primitives */
+ AWS_DER_BOOLEAN = 0x01,
+ AWS_DER_INTEGER = 0x02,
+ AWS_DER_BIT_STRING = 0x03,
+ AWS_DER_OCTET_STRING = 0x04,
+ AWS_DER_NULL = 0x05,
+ AWS_DER_OBJECT_IDENTIFIER = 0x06,
+ AWS_DER_BMPString = 0x1e,
+ AWS_DER_UNICODE_STRING = AWS_DER_BMPString,
+ AWS_DER_IA5String = 0x16, /* Unsupported */
+ AWS_DER_PrintableString = 0x13,
+ AWS_DER_TeletexString = 0x14, /* Unsupported */
+
+ /* Constructed types */
+ AWS_DER_SEQUENCE = 0x30,
+ AWS_DER_SEQUENCE_OF = AWS_DER_SEQUENCE,
+ AWS_DER_SET = 0x31,
+ AWS_DER_SET_OF = AWS_DER_SET,
+ AWS_DER_UTF8_STRING = 0x0c,
+
+ /* class types */
+ AWS_DER_CLASS_UNIVERSAL = 0x00,
+ AWS_DER_CLASS_APPLICATION = 0x40,
+ AWS_DER_CLASS_CONTEXT = 0x80,
+ AWS_DER_CLASS_PRIVATE = 0xc0,
+
+ /* forms */
+ AWS_DER_FORM_CONSTRUCTED = 0x20,
+ AWS_DER_FORM_PRIMITIVE = 0x00,
+};
+
+AWS_EXTERN_C_BEGIN
+
+/**
+ * Initializes a DER encoder
+ * @param allocator The allocator to use for all allocations within the encoder
+ * @param capacity The initial capacity of the encoder scratch buffer (the max size of all encoded TLVs)
+ * @return AWS_OP_ERR if an error occurs, otherwise AWS_OP_SUCCESS
+ */
+AWS_CAL_API struct aws_der_encoder *aws_der_encoder_new(struct aws_allocator *allocator, size_t capacity);
+
+/**
+ * Cleans up a DER encoder
+ * @param encoder The encoder to clean up
+ *
+ * Note that this destroys the encoder buffer, invalidating any references to the contents given via get_contents()
+ */
+AWS_CAL_API void aws_der_encoder_destroy(struct aws_der_encoder *encoder);
+
+/**
+ * Writes an arbitrarily sized integer to the DER stream
+ * @param encoder The encoder to use
+ * @param integer A cursor pointing to the integer's memory
+ * @return AWS_OP_ERR if an error occurs, otherwise AWS_OP_SUCCESS
+ */
+AWS_CAL_API int aws_der_encoder_write_integer(struct aws_der_encoder *encoder, struct aws_byte_cursor integer);
+/**
+ * Writes a boolean to the DER stream
+ * @param encoder The encoder to use
+ * @param boolean The boolean to write
+ * @return AWS_OP_ERR if an error occurs, otherwise AWS_OP_SUCCESS
+ */
+AWS_CAL_API int aws_der_encoder_write_boolean(struct aws_der_encoder *encoder, bool boolean);
+
+/**
+ * Writes a NULL token to the stream
+ * @param encoder The encoder to write to
+ * @return AWS_OP_ERR if an error occurs, otherwise AWS_OP_SUCCESS
+ */
+AWS_CAL_API int aws_der_encoder_write_null(struct aws_der_encoder *encoder);
+
+/**
+ * Writes a BIT_STRING to the stream
+ * @param encoder The encoder to use
+ * @param bit_string The bit string to encode
+ * @return AWS_OP_ERR if an error occurs, otherwise AWS_OP_SUCCESS
+ */
+AWS_CAL_API int aws_der_encoder_write_bit_string(struct aws_der_encoder *encoder, struct aws_byte_cursor bit_string);
+
+/**
+ * Writes a string to the stream
+ * @param encoder The encoder to use
+ * @param octet_string The string to encode
+ * @return AWS_OP_ERR if an error occurs, otherwise AWS_OP_SUCCESS
+ */
+AWS_CAL_API int aws_der_encoder_write_octet_string(
+ struct aws_der_encoder *encoder,
+ struct aws_byte_cursor octet_string);
+
+/**
+ * Begins a SEQUENCE of objects in the DER stream
+ * @param encoder The encoder to use
+ * @return AWS_OP_ERR if an error occurs, otherwise AWS_OP_SUCCESS
+ */
+AWS_CAL_API int aws_der_encoder_begin_sequence(struct aws_der_encoder *encoder);
+
+/**
+ * Finishes a SEQUENCE and applies it to the DER stream buffer
+ * @param encoder The encoder to update
+ * @return AWS_OP_ERR if an error occurs, otherwise AWS_OP_SUCCESS
+ */
+AWS_CAL_API int aws_der_encoder_end_sequence(struct aws_der_encoder *encoder);
+
+/**
+ * Begins a SET of objects in the DER stream
+ * @param encoder The encoder to use
+ * @return AWS_OP_ERR if an error occurs, otherwise AWS_OP_SUCCESS
+ */
+AWS_CAL_API int aws_der_encoder_begin_set(struct aws_der_encoder *encoder);
+
+/**
+ * Finishes a SET and applies it to the DER stream buffer
+ * @param encoder The encoder to update
+ * @return AWS_OP_ERR if an error occurs, otherwise AWS_OP_SUCCESS
+ */
+AWS_CAL_API int aws_der_encoder_end_set(struct aws_der_encoder *encoder);
+
+/**
+ * Retrieves the contents of the encoder stream buffer
+ * @param encoder The encoder to read from
+ * @param cursor The cursor to point at the stream buffer
+ * @return AWS_OP_ERR if an error occurs, otherwise AWS_OP_SUCCESS
+ */
+AWS_CAL_API int aws_der_encoder_get_contents(struct aws_der_encoder *encoder, struct aws_byte_cursor *contents);
+
+/**
+ * Initializes an DER decoder
+ * @param allocator The allocator to use
+ * @param input The DER formatted buffer to parse
+ * @return Initialized decoder, or NULL
+ */
+AWS_CAL_API struct aws_der_decoder *aws_der_decoder_new(struct aws_allocator *allocator, struct aws_byte_cursor input);
+
+/**
+ * Cleans up a DER encoder
+ * @param decoder The encoder to clean up
+ */
+AWS_CAL_API void aws_der_decoder_destroy(struct aws_der_decoder *decoder);
+
+/**
+ * Allows for iteration over the decoded TLVs.
+ * @param decoder The decoder to iterate over
+ * @return true if there is a tlv to read after advancing, false when done
+ */
+AWS_CAL_API bool aws_der_decoder_next(struct aws_der_decoder *decoder);
+
+/**
+ * The type of the current TLV
+ * @param decoder The decoder to inspect
+ * @return AWS_OP_ERR if an error occurs, otherwise AWS_OP_SUCCESS
+ */
+AWS_CAL_API enum aws_der_type aws_der_decoder_tlv_type(struct aws_der_decoder *decoder);
+
+/**
+ * The size of the current TLV
+ * @param decoder The decoder to inspect
+ * @return AWS_OP_ERR if an error occurs, otherwise AWS_OP_SUCCESS
+ */
+AWS_CAL_API size_t aws_der_decoder_tlv_length(struct aws_der_decoder *decoder);
+
+/**
+ * The number of elements in the current TLV container
+ * @param decoder The decoder to inspect
+ * @return Number of elements in the current container
+ */
+AWS_CAL_API size_t aws_der_decoder_tlv_count(struct aws_der_decoder *decoder);
+
+/**
+ * Extracts the current TLV string value (BIT_STRING, OCTET_STRING)
+ * @param decoder The decoder to extract from
+ * @param string The buffer to store the string into
+ * @return AWS_OP_ERR if an error occurs, otherwise AWS_OP_SUCCESS
+ */
+AWS_CAL_API int aws_der_decoder_tlv_string(struct aws_der_decoder *decoder, struct aws_byte_cursor *string);
+
+/**
+ * Extracts the current TLV INTEGER value (INTEGER)
+ * @param decoder The decoder to extract from
+ * @param integer The buffer to store the integer into
+ * @return AWS_OP_ERR if an error occurs, otherwise AWS_OP_SUCCESS
+ */
+AWS_CAL_API int aws_der_decoder_tlv_integer(struct aws_der_decoder *decoder, struct aws_byte_cursor *integer);
+
+/**
+ * Extracts the current TLV BOOLEAN value (BOOLEAN)
+ * @param decoder The decoder to extract from
+ * @param boolean The boolean to store the value into
+ * @return AWS_OP_ERR if an error occurs, otherwise AWS_OP_SUCCESS
+ */
+AWS_CAL_API int aws_der_decoder_tlv_boolean(struct aws_der_decoder *decoder, bool *boolean);
+
+/**
+ * Extracts the current TLV value as a blob
+ * @param decoder The decoder to extract from
+ * @param blob The buffer to store the value into
+ * @return AWS_OP_ERR if an error occurs, otherwise AWS_OP_SUCCESS
+ */
+AWS_CAL_API int aws_der_decoder_tlv_blob(struct aws_der_decoder *decoder, struct aws_byte_cursor *blob);
+
+AWS_EXTERN_C_END
+
+#endif
diff --git a/contrib/restricted/aws/aws-c-cal/include/aws/cal/private/ecc.h b/contrib/restricted/aws/aws-c-cal/include/aws/cal/private/ecc.h
index ec3492518c..bbed69b547 100644
--- a/contrib/restricted/aws/aws-c-cal/include/aws/cal/private/ecc.h
+++ b/contrib/restricted/aws/aws-c-cal/include/aws/cal/private/ecc.h
@@ -1,25 +1,25 @@
-#ifndef AWS_C_CAL_PRIVATE_ECC_H
-#define AWS_C_CAL_PRIVATE_ECC_H
-/**
- * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
- * SPDX-License-Identifier: Apache-2.0.
- */
-
-#include <aws/cal/ecc.h>
-
-#include <aws/common/byte_buf.h>
-
-struct aws_der_decoder;
-
-AWS_EXTERN_C_BEGIN
-
-AWS_CAL_API int aws_der_decoder_load_ecc_key_pair(
- struct aws_der_decoder *decoder,
- struct aws_byte_cursor *out_public_x_coor,
- struct aws_byte_cursor *out_public_y_coor,
- struct aws_byte_cursor *out_private_d,
- enum aws_ecc_curve_name *out_curve_name);
-
-AWS_EXTERN_C_END
-
-#endif /* AWS_C_CAL_PRIVATE_ECC_H */
+#ifndef AWS_C_CAL_PRIVATE_ECC_H
+#define AWS_C_CAL_PRIVATE_ECC_H
+/**
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0.
+ */
+
+#include <aws/cal/ecc.h>
+
+#include <aws/common/byte_buf.h>
+
+struct aws_der_decoder;
+
+AWS_EXTERN_C_BEGIN
+
+AWS_CAL_API int aws_der_decoder_load_ecc_key_pair(
+ struct aws_der_decoder *decoder,
+ struct aws_byte_cursor *out_public_x_coor,
+ struct aws_byte_cursor *out_public_y_coor,
+ struct aws_byte_cursor *out_private_d,
+ enum aws_ecc_curve_name *out_curve_name);
+
+AWS_EXTERN_C_END
+
+#endif /* AWS_C_CAL_PRIVATE_ECC_H */
diff --git a/contrib/restricted/aws/aws-c-cal/include/aws/cal/private/opensslcrypto_common.h b/contrib/restricted/aws/aws-c-cal/include/aws/cal/private/opensslcrypto_common.h
index f4e25c5f35..6628db1e5c 100644
--- a/contrib/restricted/aws/aws-c-cal/include/aws/cal/private/opensslcrypto_common.h
+++ b/contrib/restricted/aws/aws-c-cal/include/aws/cal/private/opensslcrypto_common.h
@@ -1,46 +1,46 @@
-#ifndef AWS_C_CAL_OPENSSLCRYPTO_COMMON_H
-#define AWS_C_CAL_OPENSSLCRYPTO_COMMON_H
-
-#include <openssl/crypto.h>
-#include <openssl/evp.h>
-#include <openssl/hmac.h>
-
-typedef HMAC_CTX *(*hmac_ctx_new)(void);
-typedef int (*hmac_ctx_reset)(HMAC_CTX *);
-typedef void (*hmac_ctx_free)(HMAC_CTX *);
-typedef void (*hmac_ctx_init)(HMAC_CTX *);
-typedef int (*hmac_ctx_init_ex)(HMAC_CTX *, const void *, int, const EVP_MD *, ENGINE *);
-typedef void (*hmac_ctx_clean_up)(HMAC_CTX *);
-typedef int (*hmac_ctx_update)(HMAC_CTX *, const unsigned char *, size_t);
-typedef int (*hmac_ctx_final)(HMAC_CTX *, unsigned char *, unsigned int *);
-
-struct openssl_hmac_ctx_table {
- hmac_ctx_new new_fn;
- hmac_ctx_free free_fn;
- hmac_ctx_init init_fn;
- hmac_ctx_init_ex init_ex_fn;
- hmac_ctx_clean_up clean_up_fn;
- hmac_ctx_update update_fn;
- hmac_ctx_final final_fn;
- hmac_ctx_reset reset_fn;
-};
-
-extern struct openssl_hmac_ctx_table *g_aws_openssl_hmac_ctx_table;
-
-typedef EVP_MD_CTX *(*evp_md_ctx_new)(void);
-typedef void (*evp_md_ctx_free)(EVP_MD_CTX *);
-typedef int (*evp_md_ctx_digest_init_ex)(EVP_MD_CTX *, const EVP_MD *, ENGINE *);
-typedef int (*evp_md_ctx_digest_update)(EVP_MD_CTX *, const void *, size_t);
-typedef int (*evp_md_ctx_digest_final_ex)(EVP_MD_CTX *, unsigned char *, unsigned int *);
-
-struct openssl_evp_md_ctx_table {
- evp_md_ctx_new new_fn;
- evp_md_ctx_free free_fn;
- evp_md_ctx_digest_init_ex init_ex_fn;
- evp_md_ctx_digest_update update_fn;
- evp_md_ctx_digest_final_ex final_ex_fn;
-};
-
-extern struct openssl_evp_md_ctx_table *g_aws_openssl_evp_md_ctx_table;
-
-#endif /* AWS_C_CAL_OPENSSLCRYPTO_COMMON_H */
+#ifndef AWS_C_CAL_OPENSSLCRYPTO_COMMON_H
+#define AWS_C_CAL_OPENSSLCRYPTO_COMMON_H
+
+#include <openssl/crypto.h>
+#include <openssl/evp.h>
+#include <openssl/hmac.h>
+
+typedef HMAC_CTX *(*hmac_ctx_new)(void);
+typedef int (*hmac_ctx_reset)(HMAC_CTX *);
+typedef void (*hmac_ctx_free)(HMAC_CTX *);
+typedef void (*hmac_ctx_init)(HMAC_CTX *);
+typedef int (*hmac_ctx_init_ex)(HMAC_CTX *, const void *, int, const EVP_MD *, ENGINE *);
+typedef void (*hmac_ctx_clean_up)(HMAC_CTX *);
+typedef int (*hmac_ctx_update)(HMAC_CTX *, const unsigned char *, size_t);
+typedef int (*hmac_ctx_final)(HMAC_CTX *, unsigned char *, unsigned int *);
+
+struct openssl_hmac_ctx_table {
+ hmac_ctx_new new_fn;
+ hmac_ctx_free free_fn;
+ hmac_ctx_init init_fn;
+ hmac_ctx_init_ex init_ex_fn;
+ hmac_ctx_clean_up clean_up_fn;
+ hmac_ctx_update update_fn;
+ hmac_ctx_final final_fn;
+ hmac_ctx_reset reset_fn;
+};
+
+extern struct openssl_hmac_ctx_table *g_aws_openssl_hmac_ctx_table;
+
+typedef EVP_MD_CTX *(*evp_md_ctx_new)(void);
+typedef void (*evp_md_ctx_free)(EVP_MD_CTX *);
+typedef int (*evp_md_ctx_digest_init_ex)(EVP_MD_CTX *, const EVP_MD *, ENGINE *);
+typedef int (*evp_md_ctx_digest_update)(EVP_MD_CTX *, const void *, size_t);
+typedef int (*evp_md_ctx_digest_final_ex)(EVP_MD_CTX *, unsigned char *, unsigned int *);
+
+struct openssl_evp_md_ctx_table {
+ evp_md_ctx_new new_fn;
+ evp_md_ctx_free free_fn;
+ evp_md_ctx_digest_init_ex init_ex_fn;
+ evp_md_ctx_digest_update update_fn;
+ evp_md_ctx_digest_final_ex final_ex_fn;
+};
+
+extern struct openssl_evp_md_ctx_table *g_aws_openssl_evp_md_ctx_table;
+
+#endif /* AWS_C_CAL_OPENSSLCRYPTO_COMMON_H */
diff --git a/contrib/restricted/aws/aws-c-cal/source/cal.c b/contrib/restricted/aws/aws-c-cal/source/cal.c
index d0792ce09a..100e7fd034 100644
--- a/contrib/restricted/aws/aws-c-cal/source/cal.c
+++ b/contrib/restricted/aws/aws-c-cal/source/cal.c
@@ -1,63 +1,63 @@
-/**
- * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
- * SPDX-License-Identifier: Apache-2.0.
- */
-#include <aws/cal/cal.h>
-#include <aws/common/common.h>
-#include <aws/common/error.h>
-
-#define AWS_DEFINE_ERROR_INFO_CAL(CODE, STR) [(CODE)-0x1C00] = AWS_DEFINE_ERROR_INFO(CODE, STR, "aws-c-cal")
-
-static struct aws_error_info s_errors[] = {
- AWS_DEFINE_ERROR_INFO_CAL(AWS_ERROR_CAL_SIGNATURE_VALIDATION_FAILED, "Verify on a cryptographic signature failed."),
- AWS_DEFINE_ERROR_INFO_CAL(
- AWS_ERROR_CAL_MISSING_REQUIRED_KEY_COMPONENT,
- "An attempt was made to perform an "
- "Asymmetric cryptographic operation with the"
- "wrong key component. For example, attempt to"
- "verify a signature with a private key or "
- "sign a message with a public key."),
- AWS_DEFINE_ERROR_INFO_CAL(
- AWS_ERROR_CAL_INVALID_KEY_LENGTH_FOR_ALGORITHM,
- "A key length was used for an algorithm that needs a different key length"),
- AWS_DEFINE_ERROR_INFO_CAL(
- AWS_ERROR_CAL_UNKNOWN_OBJECT_IDENTIFIER,
- "An ASN.1 OID was encountered that wasn't expected or understood. Most likely, an unsupported algorithm was "
- "encountered."),
- AWS_DEFINE_ERROR_INFO_CAL(
- AWS_ERROR_CAL_MALFORMED_ASN1_ENCOUNTERED,
- "An ASN.1 DER decoding operation failed on malformed input."),
- AWS_DEFINE_ERROR_INFO_CAL(
- AWS_ERROR_CAL_MISMATCHED_DER_TYPE,
- "An invalid DER type was requested during encoding/decoding"),
- AWS_DEFINE_ERROR_INFO_CAL(
- AWS_ERROR_CAL_UNSUPPORTED_ALGORITHM,
- "The specified algorithim is unsupported on this platform."),
-};
-
-static struct aws_error_info_list s_list = {
- .error_list = s_errors,
- .count = AWS_ARRAY_SIZE(s_errors),
-};
-
-extern void aws_cal_platform_init(struct aws_allocator *allocator);
-extern void aws_cal_platform_clean_up(void);
-
-static bool s_cal_library_initialized = false;
-
-void aws_cal_library_init(struct aws_allocator *allocator) {
- if (!s_cal_library_initialized) {
- aws_common_library_init(allocator);
- aws_register_error_info(&s_list);
- aws_cal_platform_init(allocator);
- s_cal_library_initialized = true;
- }
-}
-void aws_cal_library_clean_up(void) {
- if (s_cal_library_initialized) {
- s_cal_library_initialized = false;
- aws_cal_platform_clean_up();
- aws_unregister_error_info(&s_list);
- aws_common_library_clean_up();
- }
-}
+/**
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0.
+ */
+#include <aws/cal/cal.h>
+#include <aws/common/common.h>
+#include <aws/common/error.h>
+
+#define AWS_DEFINE_ERROR_INFO_CAL(CODE, STR) [(CODE)-0x1C00] = AWS_DEFINE_ERROR_INFO(CODE, STR, "aws-c-cal")
+
+static struct aws_error_info s_errors[] = {
+ AWS_DEFINE_ERROR_INFO_CAL(AWS_ERROR_CAL_SIGNATURE_VALIDATION_FAILED, "Verify on a cryptographic signature failed."),
+ AWS_DEFINE_ERROR_INFO_CAL(
+ AWS_ERROR_CAL_MISSING_REQUIRED_KEY_COMPONENT,
+ "An attempt was made to perform an "
+ "Asymmetric cryptographic operation with the"
+ "wrong key component. For example, attempt to"
+ "verify a signature with a private key or "
+ "sign a message with a public key."),
+ AWS_DEFINE_ERROR_INFO_CAL(
+ AWS_ERROR_CAL_INVALID_KEY_LENGTH_FOR_ALGORITHM,
+ "A key length was used for an algorithm that needs a different key length"),
+ AWS_DEFINE_ERROR_INFO_CAL(
+ AWS_ERROR_CAL_UNKNOWN_OBJECT_IDENTIFIER,
+ "An ASN.1 OID was encountered that wasn't expected or understood. Most likely, an unsupported algorithm was "
+ "encountered."),
+ AWS_DEFINE_ERROR_INFO_CAL(
+ AWS_ERROR_CAL_MALFORMED_ASN1_ENCOUNTERED,
+ "An ASN.1 DER decoding operation failed on malformed input."),
+ AWS_DEFINE_ERROR_INFO_CAL(
+ AWS_ERROR_CAL_MISMATCHED_DER_TYPE,
+ "An invalid DER type was requested during encoding/decoding"),
+ AWS_DEFINE_ERROR_INFO_CAL(
+ AWS_ERROR_CAL_UNSUPPORTED_ALGORITHM,
+ "The specified algorithim is unsupported on this platform."),
+};
+
+static struct aws_error_info_list s_list = {
+ .error_list = s_errors,
+ .count = AWS_ARRAY_SIZE(s_errors),
+};
+
+extern void aws_cal_platform_init(struct aws_allocator *allocator);
+extern void aws_cal_platform_clean_up(void);
+
+static bool s_cal_library_initialized = false;
+
+void aws_cal_library_init(struct aws_allocator *allocator) {
+ if (!s_cal_library_initialized) {
+ aws_common_library_init(allocator);
+ aws_register_error_info(&s_list);
+ aws_cal_platform_init(allocator);
+ s_cal_library_initialized = true;
+ }
+}
+void aws_cal_library_clean_up(void) {
+ if (s_cal_library_initialized) {
+ s_cal_library_initialized = false;
+ aws_cal_platform_clean_up();
+ aws_unregister_error_info(&s_list);
+ aws_common_library_clean_up();
+ }
+}
diff --git a/contrib/restricted/aws/aws-c-cal/source/der.c b/contrib/restricted/aws/aws-c-cal/source/der.c
index 546a5685b5..0209eeb170 100644
--- a/contrib/restricted/aws/aws-c-cal/source/der.c
+++ b/contrib/restricted/aws/aws-c-cal/source/der.c
@@ -1,501 +1,501 @@
-/**
- * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
- * SPDX-License-Identifier: Apache-2.0.
- */
-
-#include <aws/cal/private/der.h>
-
-#include <aws/cal/cal.h>
-#include <aws/common/byte_buf.h>
-
-#ifdef _MSC_VER
-# pragma warning(push)
-# pragma warning(disable : 4204 4221) /* non-standard aggregate initializer warnings */
-#endif
-
-struct aws_der_encoder {
- struct aws_allocator *allocator;
- struct aws_byte_buf storage;
- struct aws_byte_buf *buffer; /* buffer being written to, might be storage, might be a sequence/set buffer */
- struct aws_array_list stack;
-};
-
-struct aws_der_decoder {
- struct aws_allocator *allocator;
- struct aws_array_list tlvs; /* parsed elements */
- int tlv_idx; /* index to elements after parsing */
- struct aws_byte_cursor input; /* input buffer */
- uint32_t depth; /* recursion depth when expanding containers */
- struct der_tlv *container; /* currently expanding container */
-};
-
-struct der_tlv {
- uint8_t tag;
- uint32_t length; /* length of value in bytes */
- uint32_t count; /* SEQUENCE or SET element count */
- uint8_t *value;
-};
-
-static void s_decode_tlv(struct der_tlv *tlv) {
- if (tlv->tag == AWS_DER_INTEGER) {
- uint8_t first_byte = tlv->value[0];
- /* if the first byte is 0, it just denotes unsigned and should be removed */
- if (first_byte == 0x00) {
- tlv->length -= 1;
- tlv->value += 1;
- }
- } else if (tlv->tag == AWS_DER_BIT_STRING) {
- /* skip over the trailing skipped bit count */
- tlv->length -= 1;
- tlv->value += 1;
- }
-}
-
-static int s_der_read_tlv(struct aws_byte_cursor *cur, struct der_tlv *tlv) {
- uint8_t tag = 0;
- uint8_t len_bytes = 0;
- uint32_t len = 0;
- if (!aws_byte_cursor_read_u8(cur, &tag)) {
- return AWS_OP_ERR;
- }
- if (!aws_byte_cursor_read_u8(cur, &len_bytes)) {
- return AWS_OP_ERR;
- }
- /* if the sign bit is set, then the first byte is the number of bytes required to store
- * the length */
- if (len_bytes & 0x80) {
- len_bytes &= 0x7f;
- switch (len_bytes) {
- case 1:
- if (!aws_byte_cursor_read_u8(cur, (uint8_t *)&len)) {
- return aws_raise_error(AWS_ERROR_CAL_MALFORMED_ASN1_ENCOUNTERED);
- }
- break;
- case 2:
- if (!aws_byte_cursor_read_be16(cur, (uint16_t *)&len)) {
- return aws_raise_error(AWS_ERROR_CAL_MALFORMED_ASN1_ENCOUNTERED);
- }
- break;
- case 4:
- if (!aws_byte_cursor_read_be32(cur, &len)) {
- return aws_raise_error(AWS_ERROR_CAL_MALFORMED_ASN1_ENCOUNTERED);
- }
- break;
- default:
- return aws_raise_error(AWS_ERROR_CAL_MALFORMED_ASN1_ENCOUNTERED);
- }
- } else {
- len = len_bytes;
- }
-
- tlv->tag = tag;
- tlv->length = len;
- tlv->value = (tag == AWS_DER_NULL) ? NULL : cur->ptr;
- s_decode_tlv(tlv);
- aws_byte_cursor_advance(cur, len);
-
- return AWS_OP_SUCCESS;
-}
-
-static uint32_t s_encoded_len(struct der_tlv *tlv) {
- if (tlv->tag == AWS_DER_INTEGER) {
- uint8_t first_byte = tlv->value[0];
- /* if the first byte has the high bit set, a 0 will be prepended to denote unsigned */
- return tlv->length + ((first_byte & 0x80) != 0);
- }
- if (tlv->tag == AWS_DER_BIT_STRING) {
- return tlv->length + 1; /* needs a byte to denote how many trailing skipped bits */
- }
-
- return tlv->length;
-}
-
-static int s_der_write_tlv(struct der_tlv *tlv, struct aws_byte_buf *buf) {
- if (!aws_byte_buf_write_u8(buf, tlv->tag)) {
- return aws_raise_error(AWS_ERROR_INVALID_BUFFER_SIZE);
- }
- uint32_t len = s_encoded_len(tlv);
- if (len > UINT16_MAX) {
- /* write the high bit plus 4 byte length */
- if (!aws_byte_buf_write_u8(buf, 0x84)) {
- return aws_raise_error(AWS_ERROR_INVALID_BUFFER_SIZE);
- }
- if (!aws_byte_buf_write_be32(buf, len)) {
- return aws_raise_error(AWS_ERROR_INVALID_BUFFER_SIZE);
- }
- } else if (len > UINT8_MAX) {
- /* write the high bit plus 2 byte length */
- if (!aws_byte_buf_write_u8(buf, 0x82)) {
- return aws_raise_error(AWS_ERROR_INVALID_BUFFER_SIZE);
- }
- if (!aws_byte_buf_write_be16(buf, (uint16_t)len)) {
- return aws_raise_error(AWS_ERROR_INVALID_BUFFER_SIZE);
- }
- } else if (len > INT8_MAX) {
- /* Write the high bit + 1 byte length */
- if (!aws_byte_buf_write_u8(buf, 0x81)) {
- return aws_raise_error(AWS_ERROR_INVALID_BUFFER_SIZE);
- }
- if (!aws_byte_buf_write_u8(buf, (uint8_t)len)) {
- return aws_raise_error(AWS_ERROR_INVALID_BUFFER_SIZE);
- }
- } else {
- if (!aws_byte_buf_write_u8(buf, (uint8_t)len)) {
- return aws_raise_error(AWS_ERROR_INVALID_BUFFER_SIZE);
- }
- }
-
- switch (tlv->tag) {
- case AWS_DER_INTEGER: {
- /* if the first byte has the sign bit set, insert an extra 0x00 byte to indicate unsigned */
- uint8_t first_byte = tlv->value[0];
- if (first_byte & 0x80) {
- if (!aws_byte_buf_write_u8(buf, 0)) {
- return aws_raise_error(AWS_ERROR_INVALID_BUFFER_SIZE);
- }
- }
- if (!aws_byte_buf_write(buf, tlv->value, tlv->length)) {
- return aws_raise_error(AWS_ERROR_INVALID_BUFFER_SIZE);
- }
- } break;
- case AWS_DER_BOOLEAN:
- if (!aws_byte_buf_write_u8(buf, (*tlv->value) ? 0xff : 0x00)) {
- return aws_raise_error(AWS_ERROR_INVALID_BUFFER_SIZE);
- }
- break;
- case AWS_DER_BIT_STRING:
- /* Write that there are 0 skipped bits */
- if (!aws_byte_buf_write_u8(buf, 0)) {
- return aws_raise_error(AWS_ERROR_INVALID_BUFFER_SIZE);
- }
- /* FALLTHROUGH */
- case AWS_DER_BMPString:
- case AWS_DER_IA5String:
- case AWS_DER_PrintableString:
- case AWS_DER_UTF8_STRING:
- case AWS_DER_OBJECT_IDENTIFIER:
- case AWS_DER_OCTET_STRING:
- case AWS_DER_SEQUENCE:
- case AWS_DER_SET:
- if (!aws_byte_buf_write(buf, tlv->value, tlv->length)) {
- return aws_raise_error(AWS_ERROR_INVALID_BUFFER_SIZE);
- }
- break;
- case AWS_DER_NULL:
- /* No value bytes */
- break;
- default:
- return aws_raise_error(AWS_ERROR_CAL_MISMATCHED_DER_TYPE);
- }
-
- return AWS_OP_SUCCESS;
-}
-
-struct aws_der_encoder *aws_der_encoder_new(struct aws_allocator *allocator, size_t capacity) {
- struct aws_der_encoder *encoder = aws_mem_calloc(allocator, 1, sizeof(struct aws_der_encoder));
- AWS_FATAL_ASSERT(encoder);
-
- encoder->allocator = allocator;
- if (aws_byte_buf_init(&encoder->storage, encoder->allocator, capacity)) {
- goto error;
- }
- if (aws_array_list_init_dynamic(&encoder->stack, encoder->allocator, 4, sizeof(struct der_tlv))) {
- goto error;
- }
-
- encoder->buffer = &encoder->storage;
- return encoder;
-
-error:
- aws_array_list_clean_up(&encoder->stack);
- aws_byte_buf_clean_up(&encoder->storage);
- aws_mem_release(allocator, encoder);
- return NULL;
-}
-
-void aws_der_encoder_destroy(struct aws_der_encoder *encoder) {
- if (!encoder) {
- return;
- }
- aws_byte_buf_clean_up_secure(&encoder->storage);
- aws_array_list_clean_up(&encoder->stack);
- aws_mem_release(encoder->allocator, encoder);
-}
-
-int aws_der_encoder_write_integer(struct aws_der_encoder *encoder, struct aws_byte_cursor integer) {
- AWS_FATAL_ASSERT(integer.len <= UINT32_MAX);
- struct der_tlv tlv = {
- .tag = AWS_DER_INTEGER,
- .length = (uint32_t)integer.len,
- .value = integer.ptr,
- };
-
- return s_der_write_tlv(&tlv, encoder->buffer);
-}
-
-int aws_der_encoder_write_boolean(struct aws_der_encoder *encoder, bool boolean) {
- struct der_tlv tlv = {.tag = AWS_DER_BOOLEAN, .length = 1, .value = (uint8_t *)&boolean};
-
- return s_der_write_tlv(&tlv, encoder->buffer);
-}
-
-int aws_der_encoder_write_null(struct aws_der_encoder *encoder) {
- struct der_tlv tlv = {
- .tag = AWS_DER_NULL,
- .length = 0,
- .value = NULL,
- };
-
- return s_der_write_tlv(&tlv, encoder->buffer);
-}
-
-int aws_der_encoder_write_bit_string(struct aws_der_encoder *encoder, struct aws_byte_cursor bit_string) {
- AWS_FATAL_ASSERT(bit_string.len <= UINT32_MAX);
- struct der_tlv tlv = {
- .tag = AWS_DER_BIT_STRING,
- .length = (uint32_t)bit_string.len,
- .value = bit_string.ptr,
- };
-
- return s_der_write_tlv(&tlv, encoder->buffer);
-}
-
-int aws_der_encoder_write_octet_string(struct aws_der_encoder *encoder, struct aws_byte_cursor octet_string) {
- AWS_FATAL_ASSERT(octet_string.len <= UINT32_MAX);
- struct der_tlv tlv = {
- .tag = AWS_DER_OCTET_STRING,
- .length = (uint32_t)octet_string.len,
- .value = octet_string.ptr,
- };
-
- return s_der_write_tlv(&tlv, encoder->buffer);
-}
-
-static int s_der_encoder_begin_container(struct aws_der_encoder *encoder, enum aws_der_type type) {
- struct aws_byte_buf *seq_buf = aws_mem_acquire(encoder->allocator, sizeof(struct aws_byte_buf));
- AWS_FATAL_ASSERT(seq_buf);
- if (aws_byte_buf_init(seq_buf, encoder->allocator, encoder->storage.capacity)) {
- return AWS_OP_ERR;
- }
- struct der_tlv tlv_seq = {
- .tag = type,
- .length = 0, /* not known yet, will update later */
- .value = (void *)seq_buf,
- };
- if (aws_array_list_push_back(&encoder->stack, &tlv_seq)) {
- aws_byte_buf_clean_up(seq_buf);
- return AWS_OP_ERR;
- }
- encoder->buffer = seq_buf;
- return AWS_OP_SUCCESS;
-}
-
-static int s_der_encoder_end_container(struct aws_der_encoder *encoder) {
- struct der_tlv tlv;
- if (aws_array_list_back(&encoder->stack, &tlv)) {
- return AWS_OP_ERR;
- }
- aws_array_list_pop_back(&encoder->stack);
- /* update the buffer to point at the next container on the stack */
- if (encoder->stack.length > 0) {
- struct der_tlv outer;
- if (aws_array_list_back(&encoder->stack, &outer)) {
- return AWS_OP_ERR;
- }
- encoder->buffer = (struct aws_byte_buf *)outer.value;
- } else {
- encoder->buffer = &encoder->storage;
- }
-
- struct aws_byte_buf *seq_buf = (struct aws_byte_buf *)tlv.value;
- tlv.length = (uint32_t)seq_buf->len;
- tlv.value = seq_buf->buffer;
- int result = s_der_write_tlv(&tlv, encoder->buffer);
- aws_byte_buf_clean_up_secure(seq_buf);
- aws_mem_release(encoder->allocator, seq_buf);
- return result;
-}
-
-int aws_der_encoder_begin_sequence(struct aws_der_encoder *encoder) {
- return s_der_encoder_begin_container(encoder, AWS_DER_SEQUENCE);
-}
-
-int aws_der_encoder_end_sequence(struct aws_der_encoder *encoder) {
- return s_der_encoder_end_container(encoder);
-}
-
-int aws_der_encoder_begin_set(struct aws_der_encoder *encoder) {
- return s_der_encoder_begin_container(encoder, AWS_DER_SET);
-}
-
-int aws_der_encoder_end_set(struct aws_der_encoder *encoder) {
- return s_der_encoder_end_container(encoder);
-}
-
-int aws_der_encoder_get_contents(struct aws_der_encoder *encoder, struct aws_byte_cursor *contents) {
- if (encoder->storage.len == 0) {
- return aws_raise_error(AWS_ERROR_INVALID_STATE);
- }
- if (encoder->buffer != &encoder->storage) {
- /* someone forgot to end a sequence or set */
- return aws_raise_error(AWS_ERROR_INVALID_STATE);
- }
- *contents = aws_byte_cursor_from_buf(&encoder->storage);
- return AWS_OP_SUCCESS;
-}
-
-/*
- * DECODER
- */
-int s_decoder_parse(struct aws_der_decoder *decoder);
-
-struct aws_der_decoder *aws_der_decoder_new(struct aws_allocator *allocator, struct aws_byte_cursor input) {
- struct aws_der_decoder *decoder = aws_mem_calloc(allocator, 1, sizeof(struct aws_der_decoder));
- AWS_FATAL_ASSERT(decoder);
-
- decoder->allocator = allocator;
- decoder->input = input;
- decoder->tlv_idx = -1;
- decoder->depth = 0;
- decoder->container = NULL;
- if (aws_array_list_init_dynamic(&decoder->tlvs, decoder->allocator, 16, sizeof(struct der_tlv))) {
- goto error;
- }
-
- if (s_decoder_parse(decoder)) {
- goto error;
- }
-
- return decoder;
-
-error:
- aws_array_list_clean_up(&decoder->tlvs);
- aws_mem_release(allocator, decoder);
- return NULL;
-}
-
-void aws_der_decoder_destroy(struct aws_der_decoder *decoder) {
- if (!decoder) {
- return;
- }
- aws_array_list_clean_up(&decoder->tlvs);
- aws_mem_release(decoder->allocator, decoder);
-}
-
-int s_parse_cursor(struct aws_der_decoder *decoder, struct aws_byte_cursor cur) {
- if (++decoder->depth > 16) {
- /* stream contains too many nested containers, probably malformed/attack */
- return aws_raise_error(AWS_ERROR_CAL_MALFORMED_ASN1_ENCOUNTERED);
- }
-
- while (cur.len) {
- struct der_tlv tlv = {0};
- if (s_der_read_tlv(&cur, &tlv)) {
- return aws_raise_error(AWS_ERROR_CAL_MALFORMED_ASN1_ENCOUNTERED);
- }
- /* skip trailing newlines in the stream after any TLV */
- while (cur.len && *cur.ptr == '\n') {
- aws_byte_cursor_advance(&cur, 1);
- }
- if (aws_array_list_push_back(&decoder->tlvs, &tlv)) {
- return aws_raise_error(AWS_ERROR_INVALID_STATE);
- }
- if (decoder->container) {
- decoder->container->count++;
- }
- /* if the last element was a container, expand it recursively to maintain order */
- if (tlv.tag & AWS_DER_FORM_CONSTRUCTED) {
- struct der_tlv *outer_container = decoder->container;
- struct der_tlv *container = NULL;
- aws_array_list_get_at_ptr(&decoder->tlvs, (void **)&container, decoder->tlvs.length - 1);
- decoder->container = container;
-
- if (!container) {
- return aws_raise_error(AWS_ERROR_INVALID_STATE);
- }
-
- struct aws_byte_cursor container_cur = aws_byte_cursor_from_array(container->value, container->length);
- if (s_parse_cursor(decoder, container_cur)) {
- return aws_raise_error(AWS_ERROR_CAL_MALFORMED_ASN1_ENCOUNTERED);
- }
- decoder->container = outer_container; /* restore the container stack */
- }
- }
-
- --decoder->depth;
-
- return AWS_OP_SUCCESS;
-}
-
-int s_decoder_parse(struct aws_der_decoder *decoder) {
- return s_parse_cursor(decoder, decoder->input);
-}
-
-bool aws_der_decoder_next(struct aws_der_decoder *decoder) {
- return (++decoder->tlv_idx < (int)decoder->tlvs.length);
-}
-
-static struct der_tlv s_decoder_tlv(struct aws_der_decoder *decoder) {
- AWS_FATAL_ASSERT(decoder->tlv_idx < (int)decoder->tlvs.length);
- struct der_tlv tlv = {0};
- aws_array_list_get_at(&decoder->tlvs, &tlv, decoder->tlv_idx);
- return tlv;
-}
-
-enum aws_der_type aws_der_decoder_tlv_type(struct aws_der_decoder *decoder) {
- struct der_tlv tlv = s_decoder_tlv(decoder);
- return tlv.tag;
-}
-
-size_t aws_der_decoder_tlv_length(struct aws_der_decoder *decoder) {
- struct der_tlv tlv = s_decoder_tlv(decoder);
- return tlv.length;
-}
-
-size_t aws_der_decoder_tlv_count(struct aws_der_decoder *decoder) {
- struct der_tlv tlv = s_decoder_tlv(decoder);
- AWS_FATAL_ASSERT(tlv.tag & AWS_DER_FORM_CONSTRUCTED);
- return tlv.count;
-}
-
-static void s_tlv_to_blob(struct der_tlv *tlv, struct aws_byte_cursor *blob) {
- AWS_FATAL_ASSERT(tlv->tag != AWS_DER_NULL);
- *blob = aws_byte_cursor_from_array(tlv->value, tlv->length);
-}
-
-int aws_der_decoder_tlv_string(struct aws_der_decoder *decoder, struct aws_byte_cursor *string) {
- struct der_tlv tlv = s_decoder_tlv(decoder);
- if (tlv.tag != AWS_DER_OCTET_STRING && tlv.tag != AWS_DER_BIT_STRING) {
- return aws_raise_error(AWS_ERROR_CAL_MISMATCHED_DER_TYPE);
- }
- s_tlv_to_blob(&tlv, string);
- return AWS_OP_SUCCESS;
-}
-
-int aws_der_decoder_tlv_integer(struct aws_der_decoder *decoder, struct aws_byte_cursor *integer) {
- struct der_tlv tlv = s_decoder_tlv(decoder);
- if (tlv.tag != AWS_DER_INTEGER) {
- return aws_raise_error(AWS_ERROR_CAL_MISMATCHED_DER_TYPE);
- }
- s_tlv_to_blob(&tlv, integer);
- return AWS_OP_SUCCESS;
-}
-
-int aws_der_decoder_tlv_boolean(struct aws_der_decoder *decoder, bool *boolean) {
- struct der_tlv tlv = s_decoder_tlv(decoder);
- if (tlv.tag != AWS_DER_BOOLEAN) {
- return aws_raise_error(AWS_ERROR_CAL_MISMATCHED_DER_TYPE);
- }
- *boolean = *tlv.value != 0;
- return AWS_OP_SUCCESS;
-}
-
-int aws_der_decoder_tlv_blob(struct aws_der_decoder *decoder, struct aws_byte_cursor *blob) {
- struct der_tlv tlv = s_decoder_tlv(decoder);
- s_tlv_to_blob(&tlv, blob);
- return AWS_OP_SUCCESS;
-}
-
-#ifdef _MSC_VER
-# pragma warning(pop)
-#endif
+/**
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0.
+ */
+
+#include <aws/cal/private/der.h>
+
+#include <aws/cal/cal.h>
+#include <aws/common/byte_buf.h>
+
+#ifdef _MSC_VER
+# pragma warning(push)
+# pragma warning(disable : 4204 4221) /* non-standard aggregate initializer warnings */
+#endif
+
+struct aws_der_encoder {
+ struct aws_allocator *allocator;
+ struct aws_byte_buf storage;
+ struct aws_byte_buf *buffer; /* buffer being written to, might be storage, might be a sequence/set buffer */
+ struct aws_array_list stack;
+};
+
+struct aws_der_decoder {
+ struct aws_allocator *allocator;
+ struct aws_array_list tlvs; /* parsed elements */
+ int tlv_idx; /* index to elements after parsing */
+ struct aws_byte_cursor input; /* input buffer */
+ uint32_t depth; /* recursion depth when expanding containers */
+ struct der_tlv *container; /* currently expanding container */
+};
+
+struct der_tlv {
+ uint8_t tag;
+ uint32_t length; /* length of value in bytes */
+ uint32_t count; /* SEQUENCE or SET element count */
+ uint8_t *value;
+};
+
+static void s_decode_tlv(struct der_tlv *tlv) {
+ if (tlv->tag == AWS_DER_INTEGER) {
+ uint8_t first_byte = tlv->value[0];
+ /* if the first byte is 0, it just denotes unsigned and should be removed */
+ if (first_byte == 0x00) {
+ tlv->length -= 1;
+ tlv->value += 1;
+ }
+ } else if (tlv->tag == AWS_DER_BIT_STRING) {
+ /* skip over the trailing skipped bit count */
+ tlv->length -= 1;
+ tlv->value += 1;
+ }
+}
+
+static int s_der_read_tlv(struct aws_byte_cursor *cur, struct der_tlv *tlv) {
+ uint8_t tag = 0;
+ uint8_t len_bytes = 0;
+ uint32_t len = 0;
+ if (!aws_byte_cursor_read_u8(cur, &tag)) {
+ return AWS_OP_ERR;
+ }
+ if (!aws_byte_cursor_read_u8(cur, &len_bytes)) {
+ return AWS_OP_ERR;
+ }
+ /* if the sign bit is set, then the first byte is the number of bytes required to store
+ * the length */
+ if (len_bytes & 0x80) {
+ len_bytes &= 0x7f;
+ switch (len_bytes) {
+ case 1:
+ if (!aws_byte_cursor_read_u8(cur, (uint8_t *)&len)) {
+ return aws_raise_error(AWS_ERROR_CAL_MALFORMED_ASN1_ENCOUNTERED);
+ }
+ break;
+ case 2:
+ if (!aws_byte_cursor_read_be16(cur, (uint16_t *)&len)) {
+ return aws_raise_error(AWS_ERROR_CAL_MALFORMED_ASN1_ENCOUNTERED);
+ }
+ break;
+ case 4:
+ if (!aws_byte_cursor_read_be32(cur, &len)) {
+ return aws_raise_error(AWS_ERROR_CAL_MALFORMED_ASN1_ENCOUNTERED);
+ }
+ break;
+ default:
+ return aws_raise_error(AWS_ERROR_CAL_MALFORMED_ASN1_ENCOUNTERED);
+ }
+ } else {
+ len = len_bytes;
+ }
+
+ tlv->tag = tag;
+ tlv->length = len;
+ tlv->value = (tag == AWS_DER_NULL) ? NULL : cur->ptr;
+ s_decode_tlv(tlv);
+ aws_byte_cursor_advance(cur, len);
+
+ return AWS_OP_SUCCESS;
+}
+
+static uint32_t s_encoded_len(struct der_tlv *tlv) {
+ if (tlv->tag == AWS_DER_INTEGER) {
+ uint8_t first_byte = tlv->value[0];
+ /* if the first byte has the high bit set, a 0 will be prepended to denote unsigned */
+ return tlv->length + ((first_byte & 0x80) != 0);
+ }
+ if (tlv->tag == AWS_DER_BIT_STRING) {
+ return tlv->length + 1; /* needs a byte to denote how many trailing skipped bits */
+ }
+
+ return tlv->length;
+}
+
+static int s_der_write_tlv(struct der_tlv *tlv, struct aws_byte_buf *buf) {
+ if (!aws_byte_buf_write_u8(buf, tlv->tag)) {
+ return aws_raise_error(AWS_ERROR_INVALID_BUFFER_SIZE);
+ }
+ uint32_t len = s_encoded_len(tlv);
+ if (len > UINT16_MAX) {
+ /* write the high bit plus 4 byte length */
+ if (!aws_byte_buf_write_u8(buf, 0x84)) {
+ return aws_raise_error(AWS_ERROR_INVALID_BUFFER_SIZE);
+ }
+ if (!aws_byte_buf_write_be32(buf, len)) {
+ return aws_raise_error(AWS_ERROR_INVALID_BUFFER_SIZE);
+ }
+ } else if (len > UINT8_MAX) {
+ /* write the high bit plus 2 byte length */
+ if (!aws_byte_buf_write_u8(buf, 0x82)) {
+ return aws_raise_error(AWS_ERROR_INVALID_BUFFER_SIZE);
+ }
+ if (!aws_byte_buf_write_be16(buf, (uint16_t)len)) {
+ return aws_raise_error(AWS_ERROR_INVALID_BUFFER_SIZE);
+ }
+ } else if (len > INT8_MAX) {
+ /* Write the high bit + 1 byte length */
+ if (!aws_byte_buf_write_u8(buf, 0x81)) {
+ return aws_raise_error(AWS_ERROR_INVALID_BUFFER_SIZE);
+ }
+ if (!aws_byte_buf_write_u8(buf, (uint8_t)len)) {
+ return aws_raise_error(AWS_ERROR_INVALID_BUFFER_SIZE);
+ }
+ } else {
+ if (!aws_byte_buf_write_u8(buf, (uint8_t)len)) {
+ return aws_raise_error(AWS_ERROR_INVALID_BUFFER_SIZE);
+ }
+ }
+
+ switch (tlv->tag) {
+ case AWS_DER_INTEGER: {
+ /* if the first byte has the sign bit set, insert an extra 0x00 byte to indicate unsigned */
+ uint8_t first_byte = tlv->value[0];
+ if (first_byte & 0x80) {
+ if (!aws_byte_buf_write_u8(buf, 0)) {
+ return aws_raise_error(AWS_ERROR_INVALID_BUFFER_SIZE);
+ }
+ }
+ if (!aws_byte_buf_write(buf, tlv->value, tlv->length)) {
+ return aws_raise_error(AWS_ERROR_INVALID_BUFFER_SIZE);
+ }
+ } break;
+ case AWS_DER_BOOLEAN:
+ if (!aws_byte_buf_write_u8(buf, (*tlv->value) ? 0xff : 0x00)) {
+ return aws_raise_error(AWS_ERROR_INVALID_BUFFER_SIZE);
+ }
+ break;
+ case AWS_DER_BIT_STRING:
+ /* Write that there are 0 skipped bits */
+ if (!aws_byte_buf_write_u8(buf, 0)) {
+ return aws_raise_error(AWS_ERROR_INVALID_BUFFER_SIZE);
+ }
+ /* FALLTHROUGH */
+ case AWS_DER_BMPString:
+ case AWS_DER_IA5String:
+ case AWS_DER_PrintableString:
+ case AWS_DER_UTF8_STRING:
+ case AWS_DER_OBJECT_IDENTIFIER:
+ case AWS_DER_OCTET_STRING:
+ case AWS_DER_SEQUENCE:
+ case AWS_DER_SET:
+ if (!aws_byte_buf_write(buf, tlv->value, tlv->length)) {
+ return aws_raise_error(AWS_ERROR_INVALID_BUFFER_SIZE);
+ }
+ break;
+ case AWS_DER_NULL:
+ /* No value bytes */
+ break;
+ default:
+ return aws_raise_error(AWS_ERROR_CAL_MISMATCHED_DER_TYPE);
+ }
+
+ return AWS_OP_SUCCESS;
+}
+
+struct aws_der_encoder *aws_der_encoder_new(struct aws_allocator *allocator, size_t capacity) {
+ struct aws_der_encoder *encoder = aws_mem_calloc(allocator, 1, sizeof(struct aws_der_encoder));
+ AWS_FATAL_ASSERT(encoder);
+
+ encoder->allocator = allocator;
+ if (aws_byte_buf_init(&encoder->storage, encoder->allocator, capacity)) {
+ goto error;
+ }
+ if (aws_array_list_init_dynamic(&encoder->stack, encoder->allocator, 4, sizeof(struct der_tlv))) {
+ goto error;
+ }
+
+ encoder->buffer = &encoder->storage;
+ return encoder;
+
+error:
+ aws_array_list_clean_up(&encoder->stack);
+ aws_byte_buf_clean_up(&encoder->storage);
+ aws_mem_release(allocator, encoder);
+ return NULL;
+}
+
+void aws_der_encoder_destroy(struct aws_der_encoder *encoder) {
+ if (!encoder) {
+ return;
+ }
+ aws_byte_buf_clean_up_secure(&encoder->storage);
+ aws_array_list_clean_up(&encoder->stack);
+ aws_mem_release(encoder->allocator, encoder);
+}
+
+int aws_der_encoder_write_integer(struct aws_der_encoder *encoder, struct aws_byte_cursor integer) {
+ AWS_FATAL_ASSERT(integer.len <= UINT32_MAX);
+ struct der_tlv tlv = {
+ .tag = AWS_DER_INTEGER,
+ .length = (uint32_t)integer.len,
+ .value = integer.ptr,
+ };
+
+ return s_der_write_tlv(&tlv, encoder->buffer);
+}
+
+int aws_der_encoder_write_boolean(struct aws_der_encoder *encoder, bool boolean) {
+ struct der_tlv tlv = {.tag = AWS_DER_BOOLEAN, .length = 1, .value = (uint8_t *)&boolean};
+
+ return s_der_write_tlv(&tlv, encoder->buffer);
+}
+
+int aws_der_encoder_write_null(struct aws_der_encoder *encoder) {
+ struct der_tlv tlv = {
+ .tag = AWS_DER_NULL,
+ .length = 0,
+ .value = NULL,
+ };
+
+ return s_der_write_tlv(&tlv, encoder->buffer);
+}
+
+int aws_der_encoder_write_bit_string(struct aws_der_encoder *encoder, struct aws_byte_cursor bit_string) {
+ AWS_FATAL_ASSERT(bit_string.len <= UINT32_MAX);
+ struct der_tlv tlv = {
+ .tag = AWS_DER_BIT_STRING,
+ .length = (uint32_t)bit_string.len,
+ .value = bit_string.ptr,
+ };
+
+ return s_der_write_tlv(&tlv, encoder->buffer);
+}
+
+int aws_der_encoder_write_octet_string(struct aws_der_encoder *encoder, struct aws_byte_cursor octet_string) {
+ AWS_FATAL_ASSERT(octet_string.len <= UINT32_MAX);
+ struct der_tlv tlv = {
+ .tag = AWS_DER_OCTET_STRING,
+ .length = (uint32_t)octet_string.len,
+ .value = octet_string.ptr,
+ };
+
+ return s_der_write_tlv(&tlv, encoder->buffer);
+}
+
+static int s_der_encoder_begin_container(struct aws_der_encoder *encoder, enum aws_der_type type) {
+ struct aws_byte_buf *seq_buf = aws_mem_acquire(encoder->allocator, sizeof(struct aws_byte_buf));
+ AWS_FATAL_ASSERT(seq_buf);
+ if (aws_byte_buf_init(seq_buf, encoder->allocator, encoder->storage.capacity)) {
+ return AWS_OP_ERR;
+ }
+ struct der_tlv tlv_seq = {
+ .tag = type,
+ .length = 0, /* not known yet, will update later */
+ .value = (void *)seq_buf,
+ };
+ if (aws_array_list_push_back(&encoder->stack, &tlv_seq)) {
+ aws_byte_buf_clean_up(seq_buf);
+ return AWS_OP_ERR;
+ }
+ encoder->buffer = seq_buf;
+ return AWS_OP_SUCCESS;
+}
+
+static int s_der_encoder_end_container(struct aws_der_encoder *encoder) {
+ struct der_tlv tlv;
+ if (aws_array_list_back(&encoder->stack, &tlv)) {
+ return AWS_OP_ERR;
+ }
+ aws_array_list_pop_back(&encoder->stack);
+ /* update the buffer to point at the next container on the stack */
+ if (encoder->stack.length > 0) {
+ struct der_tlv outer;
+ if (aws_array_list_back(&encoder->stack, &outer)) {
+ return AWS_OP_ERR;
+ }
+ encoder->buffer = (struct aws_byte_buf *)outer.value;
+ } else {
+ encoder->buffer = &encoder->storage;
+ }
+
+ struct aws_byte_buf *seq_buf = (struct aws_byte_buf *)tlv.value;
+ tlv.length = (uint32_t)seq_buf->len;
+ tlv.value = seq_buf->buffer;
+ int result = s_der_write_tlv(&tlv, encoder->buffer);
+ aws_byte_buf_clean_up_secure(seq_buf);
+ aws_mem_release(encoder->allocator, seq_buf);
+ return result;
+}
+
+int aws_der_encoder_begin_sequence(struct aws_der_encoder *encoder) {
+ return s_der_encoder_begin_container(encoder, AWS_DER_SEQUENCE);
+}
+
+int aws_der_encoder_end_sequence(struct aws_der_encoder *encoder) {
+ return s_der_encoder_end_container(encoder);
+}
+
+int aws_der_encoder_begin_set(struct aws_der_encoder *encoder) {
+ return s_der_encoder_begin_container(encoder, AWS_DER_SET);
+}
+
+int aws_der_encoder_end_set(struct aws_der_encoder *encoder) {
+ return s_der_encoder_end_container(encoder);
+}
+
+int aws_der_encoder_get_contents(struct aws_der_encoder *encoder, struct aws_byte_cursor *contents) {
+ if (encoder->storage.len == 0) {
+ return aws_raise_error(AWS_ERROR_INVALID_STATE);
+ }
+ if (encoder->buffer != &encoder->storage) {
+ /* someone forgot to end a sequence or set */
+ return aws_raise_error(AWS_ERROR_INVALID_STATE);
+ }
+ *contents = aws_byte_cursor_from_buf(&encoder->storage);
+ return AWS_OP_SUCCESS;
+}
+
+/*
+ * DECODER
+ */
+int s_decoder_parse(struct aws_der_decoder *decoder);
+
+struct aws_der_decoder *aws_der_decoder_new(struct aws_allocator *allocator, struct aws_byte_cursor input) {
+ struct aws_der_decoder *decoder = aws_mem_calloc(allocator, 1, sizeof(struct aws_der_decoder));
+ AWS_FATAL_ASSERT(decoder);
+
+ decoder->allocator = allocator;
+ decoder->input = input;
+ decoder->tlv_idx = -1;
+ decoder->depth = 0;
+ decoder->container = NULL;
+ if (aws_array_list_init_dynamic(&decoder->tlvs, decoder->allocator, 16, sizeof(struct der_tlv))) {
+ goto error;
+ }
+
+ if (s_decoder_parse(decoder)) {
+ goto error;
+ }
+
+ return decoder;
+
+error:
+ aws_array_list_clean_up(&decoder->tlvs);
+ aws_mem_release(allocator, decoder);
+ return NULL;
+}
+
+void aws_der_decoder_destroy(struct aws_der_decoder *decoder) {
+ if (!decoder) {
+ return;
+ }
+ aws_array_list_clean_up(&decoder->tlvs);
+ aws_mem_release(decoder->allocator, decoder);
+}
+
+int s_parse_cursor(struct aws_der_decoder *decoder, struct aws_byte_cursor cur) {
+ if (++decoder->depth > 16) {
+ /* stream contains too many nested containers, probably malformed/attack */
+ return aws_raise_error(AWS_ERROR_CAL_MALFORMED_ASN1_ENCOUNTERED);
+ }
+
+ while (cur.len) {
+ struct der_tlv tlv = {0};
+ if (s_der_read_tlv(&cur, &tlv)) {
+ return aws_raise_error(AWS_ERROR_CAL_MALFORMED_ASN1_ENCOUNTERED);
+ }
+ /* skip trailing newlines in the stream after any TLV */
+ while (cur.len && *cur.ptr == '\n') {
+ aws_byte_cursor_advance(&cur, 1);
+ }
+ if (aws_array_list_push_back(&decoder->tlvs, &tlv)) {
+ return aws_raise_error(AWS_ERROR_INVALID_STATE);
+ }
+ if (decoder->container) {
+ decoder->container->count++;
+ }
+ /* if the last element was a container, expand it recursively to maintain order */
+ if (tlv.tag & AWS_DER_FORM_CONSTRUCTED) {
+ struct der_tlv *outer_container = decoder->container;
+ struct der_tlv *container = NULL;
+ aws_array_list_get_at_ptr(&decoder->tlvs, (void **)&container, decoder->tlvs.length - 1);
+ decoder->container = container;
+
+ if (!container) {
+ return aws_raise_error(AWS_ERROR_INVALID_STATE);
+ }
+
+ struct aws_byte_cursor container_cur = aws_byte_cursor_from_array(container->value, container->length);
+ if (s_parse_cursor(decoder, container_cur)) {
+ return aws_raise_error(AWS_ERROR_CAL_MALFORMED_ASN1_ENCOUNTERED);
+ }
+ decoder->container = outer_container; /* restore the container stack */
+ }
+ }
+
+ --decoder->depth;
+
+ return AWS_OP_SUCCESS;
+}
+
+int s_decoder_parse(struct aws_der_decoder *decoder) {
+ return s_parse_cursor(decoder, decoder->input);
+}
+
+bool aws_der_decoder_next(struct aws_der_decoder *decoder) {
+ return (++decoder->tlv_idx < (int)decoder->tlvs.length);
+}
+
+static struct der_tlv s_decoder_tlv(struct aws_der_decoder *decoder) {
+ AWS_FATAL_ASSERT(decoder->tlv_idx < (int)decoder->tlvs.length);
+ struct der_tlv tlv = {0};
+ aws_array_list_get_at(&decoder->tlvs, &tlv, decoder->tlv_idx);
+ return tlv;
+}
+
+enum aws_der_type aws_der_decoder_tlv_type(struct aws_der_decoder *decoder) {
+ struct der_tlv tlv = s_decoder_tlv(decoder);
+ return tlv.tag;
+}
+
+size_t aws_der_decoder_tlv_length(struct aws_der_decoder *decoder) {
+ struct der_tlv tlv = s_decoder_tlv(decoder);
+ return tlv.length;
+}
+
+size_t aws_der_decoder_tlv_count(struct aws_der_decoder *decoder) {
+ struct der_tlv tlv = s_decoder_tlv(decoder);
+ AWS_FATAL_ASSERT(tlv.tag & AWS_DER_FORM_CONSTRUCTED);
+ return tlv.count;
+}
+
+static void s_tlv_to_blob(struct der_tlv *tlv, struct aws_byte_cursor *blob) {
+ AWS_FATAL_ASSERT(tlv->tag != AWS_DER_NULL);
+ *blob = aws_byte_cursor_from_array(tlv->value, tlv->length);
+}
+
+int aws_der_decoder_tlv_string(struct aws_der_decoder *decoder, struct aws_byte_cursor *string) {
+ struct der_tlv tlv = s_decoder_tlv(decoder);
+ if (tlv.tag != AWS_DER_OCTET_STRING && tlv.tag != AWS_DER_BIT_STRING) {
+ return aws_raise_error(AWS_ERROR_CAL_MISMATCHED_DER_TYPE);
+ }
+ s_tlv_to_blob(&tlv, string);
+ return AWS_OP_SUCCESS;
+}
+
+int aws_der_decoder_tlv_integer(struct aws_der_decoder *decoder, struct aws_byte_cursor *integer) {
+ struct der_tlv tlv = s_decoder_tlv(decoder);
+ if (tlv.tag != AWS_DER_INTEGER) {
+ return aws_raise_error(AWS_ERROR_CAL_MISMATCHED_DER_TYPE);
+ }
+ s_tlv_to_blob(&tlv, integer);
+ return AWS_OP_SUCCESS;
+}
+
+int aws_der_decoder_tlv_boolean(struct aws_der_decoder *decoder, bool *boolean) {
+ struct der_tlv tlv = s_decoder_tlv(decoder);
+ if (tlv.tag != AWS_DER_BOOLEAN) {
+ return aws_raise_error(AWS_ERROR_CAL_MISMATCHED_DER_TYPE);
+ }
+ *boolean = *tlv.value != 0;
+ return AWS_OP_SUCCESS;
+}
+
+int aws_der_decoder_tlv_blob(struct aws_der_decoder *decoder, struct aws_byte_cursor *blob) {
+ struct der_tlv tlv = s_decoder_tlv(decoder);
+ s_tlv_to_blob(&tlv, blob);
+ return AWS_OP_SUCCESS;
+}
+
+#ifdef _MSC_VER
+# pragma warning(pop)
+#endif
diff --git a/contrib/restricted/aws/aws-c-cal/source/ecc.c b/contrib/restricted/aws/aws-c-cal/source/ecc.c
index d4e65fda64..40a78d59c9 100644
--- a/contrib/restricted/aws/aws-c-cal/source/ecc.c
+++ b/contrib/restricted/aws/aws-c-cal/source/ecc.c
@@ -1,269 +1,269 @@
-/**
- * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
- * SPDX-License-Identifier: Apache-2.0.
- */
-#include <aws/cal/private/ecc.h>
-
-#include <aws/cal/cal.h>
-#include <aws/cal/private/der.h>
-#include <aws/common/encoding.h>
-
-#define STATIC_INIT_BYTE_CURSOR(a, name) \
- static struct aws_byte_cursor s_##name = { \
- .ptr = (a), \
- .len = sizeof(a), \
- };
-
-static uint8_t s_p256_oid[] = {
- 0x2A,
- 0x86,
- 0x48,
- 0xCE,
- 0x3D,
- 0x03,
- 0x01,
- 0x07,
-};
-STATIC_INIT_BYTE_CURSOR(s_p256_oid, ecc_p256_oid)
-
-static uint8_t s_p384_oid[] = {
- 0x2B,
- 0x81,
- 0x04,
- 0x00,
- 0x22,
-};
-STATIC_INIT_BYTE_CURSOR(s_p384_oid, ecc_p384_oid)
-
-static struct aws_byte_cursor *s_ecc_curve_oids[] = {
- [AWS_CAL_ECDSA_P256] = &s_ecc_p256_oid,
- [AWS_CAL_ECDSA_P384] = &s_ecc_p384_oid,
-};
-
-int aws_ecc_curve_name_from_oid(struct aws_byte_cursor *oid, enum aws_ecc_curve_name *curve_name) {
- if (aws_byte_cursor_eq(oid, &s_ecc_p256_oid)) {
- *curve_name = AWS_CAL_ECDSA_P256;
- return AWS_OP_SUCCESS;
- }
-
- if (aws_byte_cursor_eq(oid, &s_ecc_p384_oid)) {
- *curve_name = AWS_CAL_ECDSA_P384;
- return AWS_OP_SUCCESS;
- }
-
- return aws_raise_error(AWS_ERROR_CAL_UNKNOWN_OBJECT_IDENTIFIER);
-}
-
-int aws_ecc_oid_from_curve_name(enum aws_ecc_curve_name curve_name, struct aws_byte_cursor *oid) {
- if (curve_name < AWS_CAL_ECDSA_P256 || curve_name > AWS_CAL_ECDSA_P384) {
- return aws_raise_error(AWS_ERROR_CAL_UNSUPPORTED_ALGORITHM);
- }
- *oid = *s_ecc_curve_oids[curve_name];
- return AWS_OP_SUCCESS;
-}
-
-static void s_aws_ecc_key_pair_destroy(struct aws_ecc_key_pair *key_pair) {
- if (key_pair) {
- AWS_FATAL_ASSERT(key_pair->vtable->destroy && "ECC KEY PAIR destroy function must be included on the vtable");
- key_pair->vtable->destroy(key_pair);
- }
-}
-
-int aws_ecc_key_pair_derive_public_key(struct aws_ecc_key_pair *key_pair) {
- AWS_FATAL_ASSERT(key_pair->vtable->derive_pub_key && "ECC KEY PAIR derive function must be included on the vtable");
- return key_pair->vtable->derive_pub_key(key_pair);
-}
-
-int aws_ecc_key_pair_sign_message(
- const struct aws_ecc_key_pair *key_pair,
- const struct aws_byte_cursor *message,
- struct aws_byte_buf *signature) {
- AWS_FATAL_ASSERT(key_pair->vtable->sign_message && "ECC KEY PAIR sign message must be included on the vtable");
- return key_pair->vtable->sign_message(key_pair, message, signature);
-}
-
-int aws_ecc_key_pair_verify_signature(
- const struct aws_ecc_key_pair *key_pair,
- const struct aws_byte_cursor *message,
- const struct aws_byte_cursor *signature) {
- AWS_FATAL_ASSERT(
- key_pair->vtable->verify_signature && "ECC KEY PAIR verify signature must be included on the vtable");
- return key_pair->vtable->verify_signature(key_pair, message, signature);
-}
-
-size_t aws_ecc_key_pair_signature_length(const struct aws_ecc_key_pair *key_pair) {
- AWS_FATAL_ASSERT(
- key_pair->vtable->signature_length && "ECC KEY PAIR signature length must be included on the vtable");
- return key_pair->vtable->signature_length(key_pair);
-}
-
-void aws_ecc_key_pair_get_public_key(
- const struct aws_ecc_key_pair *key_pair,
- struct aws_byte_cursor *pub_x,
- struct aws_byte_cursor *pub_y) {
- *pub_x = aws_byte_cursor_from_buf(&key_pair->pub_x);
- *pub_y = aws_byte_cursor_from_buf(&key_pair->pub_y);
-}
-
-void aws_ecc_key_pair_get_private_key(const struct aws_ecc_key_pair *key_pair, struct aws_byte_cursor *private_d) {
- *private_d = aws_byte_cursor_from_buf(&key_pair->priv_d);
-}
-
-size_t aws_ecc_key_coordinate_byte_size_from_curve_name(enum aws_ecc_curve_name curve_name) {
- switch (curve_name) {
- case AWS_CAL_ECDSA_P256:
- return 32;
- case AWS_CAL_ECDSA_P384:
- return 48;
- default:
- return 0;
- }
-}
-
-int aws_der_decoder_load_ecc_key_pair(
- struct aws_der_decoder *decoder,
- struct aws_byte_cursor *out_public_x_coor,
- struct aws_byte_cursor *out_public_y_coor,
- struct aws_byte_cursor *out_private_d,
- enum aws_ecc_curve_name *out_curve_name) {
-
- AWS_ZERO_STRUCT(*out_public_x_coor);
- AWS_ZERO_STRUCT(*out_public_y_coor);
- AWS_ZERO_STRUCT(*out_private_d);
-
- /* we could have private key or a public key, or a full pair. */
- struct aws_byte_cursor pair_part_1;
- AWS_ZERO_STRUCT(pair_part_1);
- struct aws_byte_cursor pair_part_2;
- AWS_ZERO_STRUCT(pair_part_2);
-
- bool curve_name_recognized = false;
-
- /* work with this pointer and move it to the next after using it. We need
- * to know which curve we're dealing with before we can figure out which is which. */
- struct aws_byte_cursor *current_part = &pair_part_1;
-
- while (aws_der_decoder_next(decoder)) {
- enum aws_der_type type = aws_der_decoder_tlv_type(decoder);
-
- if (type == AWS_DER_OBJECT_IDENTIFIER) {
- struct aws_byte_cursor oid;
- AWS_ZERO_STRUCT(oid);
- aws_der_decoder_tlv_blob(decoder, &oid);
- /* There can be other OID's so just look for one that is the curve. */
- if (!aws_ecc_curve_name_from_oid(&oid, out_curve_name)) {
- curve_name_recognized = true;
- }
- continue;
- }
-
- /* you'd think we'd get some type hints on which key this is, but it's not consistent
- * as far as I can tell. */
- if (type == AWS_DER_BIT_STRING || type == AWS_DER_OCTET_STRING) {
- aws_der_decoder_tlv_string(decoder, current_part);
- current_part = &pair_part_2;
- }
- }
-
- if (!curve_name_recognized) {
- return aws_raise_error(AWS_ERROR_CAL_UNKNOWN_OBJECT_IDENTIFIER);
- }
-
- size_t key_coordinate_size = aws_ecc_key_coordinate_byte_size_from_curve_name(*out_curve_name);
-
- struct aws_byte_cursor *private_key = NULL;
- struct aws_byte_cursor *public_key = NULL;
-
- size_t public_key_blob_size = key_coordinate_size * 2 + 1;
-
- if (pair_part_1.ptr && pair_part_1.len) {
- if (pair_part_1.len == key_coordinate_size) {
- private_key = &pair_part_1;
- } else if (pair_part_1.len == public_key_blob_size) {
- public_key = &pair_part_1;
- }
- }
-
- if (pair_part_2.ptr && pair_part_2.len) {
- if (pair_part_2.len == key_coordinate_size) {
- private_key = &pair_part_2;
- } else if (pair_part_2.len == public_key_blob_size) {
- public_key = &pair_part_2;
- }
- }
-
- if (!private_key && !public_key) {
- return aws_raise_error(AWS_ERROR_CAL_MISSING_REQUIRED_KEY_COMPONENT);
- }
-
- if (private_key) {
- *out_private_d = *private_key;
- }
-
- if (public_key) {
- aws_byte_cursor_advance(public_key, 1);
- *out_public_x_coor = *public_key;
- out_public_x_coor->len = key_coordinate_size;
- out_public_y_coor->ptr = public_key->ptr + key_coordinate_size;
- out_public_y_coor->len = key_coordinate_size;
- }
-
- return AWS_OP_SUCCESS;
-}
-
-void aws_ecc_key_pair_acquire(struct aws_ecc_key_pair *key_pair) {
- aws_atomic_fetch_add(&key_pair->ref_count, 1);
-}
-
-void aws_ecc_key_pair_release(struct aws_ecc_key_pair *key_pair) {
- if (key_pair == NULL) {
- return;
- }
-
- size_t old_value = aws_atomic_fetch_sub(&key_pair->ref_count, 1);
-
- if (old_value == 1) {
- s_aws_ecc_key_pair_destroy(key_pair);
- }
-}
-
-struct aws_ecc_key_pair *aws_ecc_key_new_from_hex_coordinates(
- struct aws_allocator *allocator,
- enum aws_ecc_curve_name curve_name,
- struct aws_byte_cursor pub_x_hex_cursor,
- struct aws_byte_cursor pub_y_hex_cursor) {
- struct aws_byte_buf pub_x_buffer;
- AWS_ZERO_STRUCT(pub_x_buffer);
- struct aws_byte_buf pub_y_buffer;
- AWS_ZERO_STRUCT(pub_y_buffer);
-
- struct aws_ecc_key_pair *key = NULL;
-
- size_t pub_x_length = 0;
- size_t pub_y_length = 0;
- if (aws_hex_compute_decoded_len(pub_x_hex_cursor.len, &pub_x_length) ||
- aws_hex_compute_decoded_len(pub_y_hex_cursor.len, &pub_y_length)) {
- goto done;
- }
-
- if (aws_byte_buf_init(&pub_x_buffer, allocator, pub_x_length) ||
- aws_byte_buf_init(&pub_y_buffer, allocator, pub_y_length)) {
- goto done;
- }
-
- if (aws_hex_decode(&pub_x_hex_cursor, &pub_x_buffer) || aws_hex_decode(&pub_y_hex_cursor, &pub_y_buffer)) {
- goto done;
- }
-
- struct aws_byte_cursor pub_x_cursor = aws_byte_cursor_from_buf(&pub_x_buffer);
- struct aws_byte_cursor pub_y_cursor = aws_byte_cursor_from_buf(&pub_y_buffer);
-
- key = aws_ecc_key_pair_new_from_public_key(allocator, curve_name, &pub_x_cursor, &pub_y_cursor);
-
-done:
-
- aws_byte_buf_clean_up(&pub_x_buffer);
- aws_byte_buf_clean_up(&pub_y_buffer);
-
- return key;
-}
+/**
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0.
+ */
+#include <aws/cal/private/ecc.h>
+
+#include <aws/cal/cal.h>
+#include <aws/cal/private/der.h>
+#include <aws/common/encoding.h>
+
+#define STATIC_INIT_BYTE_CURSOR(a, name) \
+ static struct aws_byte_cursor s_##name = { \
+ .ptr = (a), \
+ .len = sizeof(a), \
+ };
+
+static uint8_t s_p256_oid[] = {
+ 0x2A,
+ 0x86,
+ 0x48,
+ 0xCE,
+ 0x3D,
+ 0x03,
+ 0x01,
+ 0x07,
+};
+STATIC_INIT_BYTE_CURSOR(s_p256_oid, ecc_p256_oid)
+
+static uint8_t s_p384_oid[] = {
+ 0x2B,
+ 0x81,
+ 0x04,
+ 0x00,
+ 0x22,
+};
+STATIC_INIT_BYTE_CURSOR(s_p384_oid, ecc_p384_oid)
+
+static struct aws_byte_cursor *s_ecc_curve_oids[] = {
+ [AWS_CAL_ECDSA_P256] = &s_ecc_p256_oid,
+ [AWS_CAL_ECDSA_P384] = &s_ecc_p384_oid,
+};
+
+int aws_ecc_curve_name_from_oid(struct aws_byte_cursor *oid, enum aws_ecc_curve_name *curve_name) {
+ if (aws_byte_cursor_eq(oid, &s_ecc_p256_oid)) {
+ *curve_name = AWS_CAL_ECDSA_P256;
+ return AWS_OP_SUCCESS;
+ }
+
+ if (aws_byte_cursor_eq(oid, &s_ecc_p384_oid)) {
+ *curve_name = AWS_CAL_ECDSA_P384;
+ return AWS_OP_SUCCESS;
+ }
+
+ return aws_raise_error(AWS_ERROR_CAL_UNKNOWN_OBJECT_IDENTIFIER);
+}
+
+int aws_ecc_oid_from_curve_name(enum aws_ecc_curve_name curve_name, struct aws_byte_cursor *oid) {
+ if (curve_name < AWS_CAL_ECDSA_P256 || curve_name > AWS_CAL_ECDSA_P384) {
+ return aws_raise_error(AWS_ERROR_CAL_UNSUPPORTED_ALGORITHM);
+ }
+ *oid = *s_ecc_curve_oids[curve_name];
+ return AWS_OP_SUCCESS;
+}
+
+static void s_aws_ecc_key_pair_destroy(struct aws_ecc_key_pair *key_pair) {
+ if (key_pair) {
+ AWS_FATAL_ASSERT(key_pair->vtable->destroy && "ECC KEY PAIR destroy function must be included on the vtable");
+ key_pair->vtable->destroy(key_pair);
+ }
+}
+
+int aws_ecc_key_pair_derive_public_key(struct aws_ecc_key_pair *key_pair) {
+ AWS_FATAL_ASSERT(key_pair->vtable->derive_pub_key && "ECC KEY PAIR derive function must be included on the vtable");
+ return key_pair->vtable->derive_pub_key(key_pair);
+}
+
+int aws_ecc_key_pair_sign_message(
+ const struct aws_ecc_key_pair *key_pair,
+ const struct aws_byte_cursor *message,
+ struct aws_byte_buf *signature) {
+ AWS_FATAL_ASSERT(key_pair->vtable->sign_message && "ECC KEY PAIR sign message must be included on the vtable");
+ return key_pair->vtable->sign_message(key_pair, message, signature);
+}
+
+int aws_ecc_key_pair_verify_signature(
+ const struct aws_ecc_key_pair *key_pair,
+ const struct aws_byte_cursor *message,
+ const struct aws_byte_cursor *signature) {
+ AWS_FATAL_ASSERT(
+ key_pair->vtable->verify_signature && "ECC KEY PAIR verify signature must be included on the vtable");
+ return key_pair->vtable->verify_signature(key_pair, message, signature);
+}
+
+size_t aws_ecc_key_pair_signature_length(const struct aws_ecc_key_pair *key_pair) {
+ AWS_FATAL_ASSERT(
+ key_pair->vtable->signature_length && "ECC KEY PAIR signature length must be included on the vtable");
+ return key_pair->vtable->signature_length(key_pair);
+}
+
+void aws_ecc_key_pair_get_public_key(
+ const struct aws_ecc_key_pair *key_pair,
+ struct aws_byte_cursor *pub_x,
+ struct aws_byte_cursor *pub_y) {
+ *pub_x = aws_byte_cursor_from_buf(&key_pair->pub_x);
+ *pub_y = aws_byte_cursor_from_buf(&key_pair->pub_y);
+}
+
+void aws_ecc_key_pair_get_private_key(const struct aws_ecc_key_pair *key_pair, struct aws_byte_cursor *private_d) {
+ *private_d = aws_byte_cursor_from_buf(&key_pair->priv_d);
+}
+
+size_t aws_ecc_key_coordinate_byte_size_from_curve_name(enum aws_ecc_curve_name curve_name) {
+ switch (curve_name) {
+ case AWS_CAL_ECDSA_P256:
+ return 32;
+ case AWS_CAL_ECDSA_P384:
+ return 48;
+ default:
+ return 0;
+ }
+}
+
+int aws_der_decoder_load_ecc_key_pair(
+ struct aws_der_decoder *decoder,
+ struct aws_byte_cursor *out_public_x_coor,
+ struct aws_byte_cursor *out_public_y_coor,
+ struct aws_byte_cursor *out_private_d,
+ enum aws_ecc_curve_name *out_curve_name) {
+
+ AWS_ZERO_STRUCT(*out_public_x_coor);
+ AWS_ZERO_STRUCT(*out_public_y_coor);
+ AWS_ZERO_STRUCT(*out_private_d);
+
+ /* we could have private key or a public key, or a full pair. */
+ struct aws_byte_cursor pair_part_1;
+ AWS_ZERO_STRUCT(pair_part_1);
+ struct aws_byte_cursor pair_part_2;
+ AWS_ZERO_STRUCT(pair_part_2);
+
+ bool curve_name_recognized = false;
+
+ /* work with this pointer and move it to the next after using it. We need
+ * to know which curve we're dealing with before we can figure out which is which. */
+ struct aws_byte_cursor *current_part = &pair_part_1;
+
+ while (aws_der_decoder_next(decoder)) {
+ enum aws_der_type type = aws_der_decoder_tlv_type(decoder);
+
+ if (type == AWS_DER_OBJECT_IDENTIFIER) {
+ struct aws_byte_cursor oid;
+ AWS_ZERO_STRUCT(oid);
+ aws_der_decoder_tlv_blob(decoder, &oid);
+ /* There can be other OID's so just look for one that is the curve. */
+ if (!aws_ecc_curve_name_from_oid(&oid, out_curve_name)) {
+ curve_name_recognized = true;
+ }
+ continue;
+ }
+
+ /* you'd think we'd get some type hints on which key this is, but it's not consistent
+ * as far as I can tell. */
+ if (type == AWS_DER_BIT_STRING || type == AWS_DER_OCTET_STRING) {
+ aws_der_decoder_tlv_string(decoder, current_part);
+ current_part = &pair_part_2;
+ }
+ }
+
+ if (!curve_name_recognized) {
+ return aws_raise_error(AWS_ERROR_CAL_UNKNOWN_OBJECT_IDENTIFIER);
+ }
+
+ size_t key_coordinate_size = aws_ecc_key_coordinate_byte_size_from_curve_name(*out_curve_name);
+
+ struct aws_byte_cursor *private_key = NULL;
+ struct aws_byte_cursor *public_key = NULL;
+
+ size_t public_key_blob_size = key_coordinate_size * 2 + 1;
+
+ if (pair_part_1.ptr && pair_part_1.len) {
+ if (pair_part_1.len == key_coordinate_size) {
+ private_key = &pair_part_1;
+ } else if (pair_part_1.len == public_key_blob_size) {
+ public_key = &pair_part_1;
+ }
+ }
+
+ if (pair_part_2.ptr && pair_part_2.len) {
+ if (pair_part_2.len == key_coordinate_size) {
+ private_key = &pair_part_2;
+ } else if (pair_part_2.len == public_key_blob_size) {
+ public_key = &pair_part_2;
+ }
+ }
+
+ if (!private_key && !public_key) {
+ return aws_raise_error(AWS_ERROR_CAL_MISSING_REQUIRED_KEY_COMPONENT);
+ }
+
+ if (private_key) {
+ *out_private_d = *private_key;
+ }
+
+ if (public_key) {
+ aws_byte_cursor_advance(public_key, 1);
+ *out_public_x_coor = *public_key;
+ out_public_x_coor->len = key_coordinate_size;
+ out_public_y_coor->ptr = public_key->ptr + key_coordinate_size;
+ out_public_y_coor->len = key_coordinate_size;
+ }
+
+ return AWS_OP_SUCCESS;
+}
+
+void aws_ecc_key_pair_acquire(struct aws_ecc_key_pair *key_pair) {
+ aws_atomic_fetch_add(&key_pair->ref_count, 1);
+}
+
+void aws_ecc_key_pair_release(struct aws_ecc_key_pair *key_pair) {
+ if (key_pair == NULL) {
+ return;
+ }
+
+ size_t old_value = aws_atomic_fetch_sub(&key_pair->ref_count, 1);
+
+ if (old_value == 1) {
+ s_aws_ecc_key_pair_destroy(key_pair);
+ }
+}
+
+struct aws_ecc_key_pair *aws_ecc_key_new_from_hex_coordinates(
+ struct aws_allocator *allocator,
+ enum aws_ecc_curve_name curve_name,
+ struct aws_byte_cursor pub_x_hex_cursor,
+ struct aws_byte_cursor pub_y_hex_cursor) {
+ struct aws_byte_buf pub_x_buffer;
+ AWS_ZERO_STRUCT(pub_x_buffer);
+ struct aws_byte_buf pub_y_buffer;
+ AWS_ZERO_STRUCT(pub_y_buffer);
+
+ struct aws_ecc_key_pair *key = NULL;
+
+ size_t pub_x_length = 0;
+ size_t pub_y_length = 0;
+ if (aws_hex_compute_decoded_len(pub_x_hex_cursor.len, &pub_x_length) ||
+ aws_hex_compute_decoded_len(pub_y_hex_cursor.len, &pub_y_length)) {
+ goto done;
+ }
+
+ if (aws_byte_buf_init(&pub_x_buffer, allocator, pub_x_length) ||
+ aws_byte_buf_init(&pub_y_buffer, allocator, pub_y_length)) {
+ goto done;
+ }
+
+ if (aws_hex_decode(&pub_x_hex_cursor, &pub_x_buffer) || aws_hex_decode(&pub_y_hex_cursor, &pub_y_buffer)) {
+ goto done;
+ }
+
+ struct aws_byte_cursor pub_x_cursor = aws_byte_cursor_from_buf(&pub_x_buffer);
+ struct aws_byte_cursor pub_y_cursor = aws_byte_cursor_from_buf(&pub_y_buffer);
+
+ key = aws_ecc_key_pair_new_from_public_key(allocator, curve_name, &pub_x_cursor, &pub_y_cursor);
+
+done:
+
+ aws_byte_buf_clean_up(&pub_x_buffer);
+ aws_byte_buf_clean_up(&pub_y_buffer);
+
+ return key;
+}
diff --git a/contrib/restricted/aws/aws-c-cal/source/hash.c b/contrib/restricted/aws/aws-c-cal/source/hash.c
index 9a797cf1a5..b4a9163fc4 100644
--- a/contrib/restricted/aws/aws-c-cal/source/hash.c
+++ b/contrib/restricted/aws/aws-c-cal/source/hash.c
@@ -1,110 +1,110 @@
-/**
- * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
- * SPDX-License-Identifier: Apache-2.0.
- */
-#include <aws/cal/hash.h>
-
-#ifndef AWS_BYO_CRYPTO
-extern struct aws_hash *aws_sha256_default_new(struct aws_allocator *allocator);
-extern struct aws_hash *aws_md5_default_new(struct aws_allocator *allocator);
-
-static aws_hash_new_fn *s_sha256_new_fn = aws_sha256_default_new;
-static aws_hash_new_fn *s_md5_new_fn = aws_md5_default_new;
-#else
-static struct aws_hash *aws_hash_new_abort(struct aws_allocator *allocator) {
- (void)allocator;
- abort();
-}
-
-static aws_hash_new_fn *s_sha256_new_fn = aws_hash_new_abort;
-static aws_hash_new_fn *s_md5_new_fn = aws_hash_new_abort;
-#endif
-
-struct aws_hash *aws_sha256_new(struct aws_allocator *allocator) {
- return s_sha256_new_fn(allocator);
-}
-
-struct aws_hash *aws_md5_new(struct aws_allocator *allocator) {
- return s_md5_new_fn(allocator);
-}
-
-void aws_set_md5_new_fn(aws_hash_new_fn *fn) {
- s_md5_new_fn = fn;
-}
-
-void aws_set_sha256_new_fn(aws_hash_new_fn *fn) {
- s_sha256_new_fn = fn;
-}
-
-void aws_hash_destroy(struct aws_hash *hash) {
- hash->vtable->destroy(hash);
-}
-
-int aws_hash_update(struct aws_hash *hash, const struct aws_byte_cursor *to_hash) {
- return hash->vtable->update(hash, to_hash);
-}
-
-int aws_hash_finalize(struct aws_hash *hash, struct aws_byte_buf *output, size_t truncate_to) {
-
- if (truncate_to && truncate_to < hash->digest_size) {
- size_t available_buffer = output->capacity - output->len;
- if (available_buffer < truncate_to) {
- return aws_raise_error(AWS_ERROR_SHORT_BUFFER);
- }
-
- uint8_t tmp_output[128] = {0};
- AWS_ASSERT(sizeof(tmp_output) >= hash->digest_size);
-
- struct aws_byte_buf tmp_out_buf = aws_byte_buf_from_array(tmp_output, sizeof(tmp_output));
- tmp_out_buf.len = 0;
-
- if (hash->vtable->finalize(hash, &tmp_out_buf)) {
- return AWS_OP_ERR;
- }
-
- memcpy(output->buffer + output->len, tmp_output, truncate_to);
- output->len += truncate_to;
- return AWS_OP_SUCCESS;
- }
-
- return hash->vtable->finalize(hash, output);
-}
-
-static inline int compute_hash(
- struct aws_hash *hash,
- const struct aws_byte_cursor *input,
- struct aws_byte_buf *output,
- size_t truncate_to) {
- if (!hash) {
- return AWS_OP_ERR;
- }
-
- if (aws_hash_update(hash, input)) {
- aws_hash_destroy(hash);
- return AWS_OP_ERR;
- }
-
- if (aws_hash_finalize(hash, output, truncate_to)) {
- aws_hash_destroy(hash);
- return AWS_OP_ERR;
- }
-
- aws_hash_destroy(hash);
- return AWS_OP_SUCCESS;
-}
-
-int aws_md5_compute(
- struct aws_allocator *allocator,
- const struct aws_byte_cursor *input,
- struct aws_byte_buf *output,
- size_t truncate_to) {
- return compute_hash(aws_md5_new(allocator), input, output, truncate_to);
-}
-
-int aws_sha256_compute(
- struct aws_allocator *allocator,
- const struct aws_byte_cursor *input,
- struct aws_byte_buf *output,
- size_t truncate_to) {
- return compute_hash(aws_sha256_new(allocator), input, output, truncate_to);
-}
+/**
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0.
+ */
+#include <aws/cal/hash.h>
+
+#ifndef AWS_BYO_CRYPTO
+extern struct aws_hash *aws_sha256_default_new(struct aws_allocator *allocator);
+extern struct aws_hash *aws_md5_default_new(struct aws_allocator *allocator);
+
+static aws_hash_new_fn *s_sha256_new_fn = aws_sha256_default_new;
+static aws_hash_new_fn *s_md5_new_fn = aws_md5_default_new;
+#else
+static struct aws_hash *aws_hash_new_abort(struct aws_allocator *allocator) {
+ (void)allocator;
+ abort();
+}
+
+static aws_hash_new_fn *s_sha256_new_fn = aws_hash_new_abort;
+static aws_hash_new_fn *s_md5_new_fn = aws_hash_new_abort;
+#endif
+
+struct aws_hash *aws_sha256_new(struct aws_allocator *allocator) {
+ return s_sha256_new_fn(allocator);
+}
+
+struct aws_hash *aws_md5_new(struct aws_allocator *allocator) {
+ return s_md5_new_fn(allocator);
+}
+
+void aws_set_md5_new_fn(aws_hash_new_fn *fn) {
+ s_md5_new_fn = fn;
+}
+
+void aws_set_sha256_new_fn(aws_hash_new_fn *fn) {
+ s_sha256_new_fn = fn;
+}
+
+void aws_hash_destroy(struct aws_hash *hash) {
+ hash->vtable->destroy(hash);
+}
+
+int aws_hash_update(struct aws_hash *hash, const struct aws_byte_cursor *to_hash) {
+ return hash->vtable->update(hash, to_hash);
+}
+
+int aws_hash_finalize(struct aws_hash *hash, struct aws_byte_buf *output, size_t truncate_to) {
+
+ if (truncate_to && truncate_to < hash->digest_size) {
+ size_t available_buffer = output->capacity - output->len;
+ if (available_buffer < truncate_to) {
+ return aws_raise_error(AWS_ERROR_SHORT_BUFFER);
+ }
+
+ uint8_t tmp_output[128] = {0};
+ AWS_ASSERT(sizeof(tmp_output) >= hash->digest_size);
+
+ struct aws_byte_buf tmp_out_buf = aws_byte_buf_from_array(tmp_output, sizeof(tmp_output));
+ tmp_out_buf.len = 0;
+
+ if (hash->vtable->finalize(hash, &tmp_out_buf)) {
+ return AWS_OP_ERR;
+ }
+
+ memcpy(output->buffer + output->len, tmp_output, truncate_to);
+ output->len += truncate_to;
+ return AWS_OP_SUCCESS;
+ }
+
+ return hash->vtable->finalize(hash, output);
+}
+
+static inline int compute_hash(
+ struct aws_hash *hash,
+ const struct aws_byte_cursor *input,
+ struct aws_byte_buf *output,
+ size_t truncate_to) {
+ if (!hash) {
+ return AWS_OP_ERR;
+ }
+
+ if (aws_hash_update(hash, input)) {
+ aws_hash_destroy(hash);
+ return AWS_OP_ERR;
+ }
+
+ if (aws_hash_finalize(hash, output, truncate_to)) {
+ aws_hash_destroy(hash);
+ return AWS_OP_ERR;
+ }
+
+ aws_hash_destroy(hash);
+ return AWS_OP_SUCCESS;
+}
+
+int aws_md5_compute(
+ struct aws_allocator *allocator,
+ const struct aws_byte_cursor *input,
+ struct aws_byte_buf *output,
+ size_t truncate_to) {
+ return compute_hash(aws_md5_new(allocator), input, output, truncate_to);
+}
+
+int aws_sha256_compute(
+ struct aws_allocator *allocator,
+ const struct aws_byte_cursor *input,
+ struct aws_byte_buf *output,
+ size_t truncate_to) {
+ return compute_hash(aws_sha256_new(allocator), input, output, truncate_to);
+}
diff --git a/contrib/restricted/aws/aws-c-cal/source/hmac.c b/contrib/restricted/aws/aws-c-cal/source/hmac.c
index 01f5ea5898..4664cbabdd 100644
--- a/contrib/restricted/aws/aws-c-cal/source/hmac.c
+++ b/contrib/restricted/aws/aws-c-cal/source/hmac.c
@@ -1,87 +1,87 @@
-/**
- * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
- * SPDX-License-Identifier: Apache-2.0.
- */
-#include <aws/cal/hmac.h>
-
-#ifndef AWS_BYO_CRYPTO
-extern struct aws_hmac *aws_sha256_hmac_default_new(
- struct aws_allocator *allocator,
- const struct aws_byte_cursor *secret);
-static aws_hmac_new_fn *s_sha256_hmac_new_fn = aws_sha256_hmac_default_new;
-#else
-static struct aws_hmac *aws_hmac_new_abort(struct aws_allocator *allocator, const struct aws_byte_cursor *secret) {
- (void)allocator;
- (void)secret;
- abort();
-}
-
-static aws_hmac_new_fn *s_sha256_hmac_new_fn = aws_hmac_new_abort;
-#endif
-
-struct aws_hmac *aws_sha256_hmac_new(struct aws_allocator *allocator, const struct aws_byte_cursor *secret) {
- return s_sha256_hmac_new_fn(allocator, secret);
-}
-
-void aws_set_sha256_hmac_new_fn(aws_hmac_new_fn *fn) {
- s_sha256_hmac_new_fn = fn;
-}
-
-void aws_hmac_destroy(struct aws_hmac *hmac) {
- hmac->vtable->destroy(hmac);
-}
-
-int aws_hmac_update(struct aws_hmac *hmac, const struct aws_byte_cursor *to_hmac) {
- return hmac->vtable->update(hmac, to_hmac);
-}
-
-int aws_hmac_finalize(struct aws_hmac *hmac, struct aws_byte_buf *output, size_t truncate_to) {
- if (truncate_to && truncate_to < hmac->digest_size) {
- size_t available_buffer = output->capacity - output->len;
- if (available_buffer < truncate_to) {
- return aws_raise_error(AWS_ERROR_SHORT_BUFFER);
- }
-
- uint8_t tmp_output[128] = {0};
- AWS_ASSERT(sizeof(tmp_output) >= hmac->digest_size);
-
- struct aws_byte_buf tmp_out_buf = aws_byte_buf_from_array(tmp_output, sizeof(tmp_output));
- tmp_out_buf.len = 0;
-
- if (hmac->vtable->finalize(hmac, &tmp_out_buf)) {
- return AWS_OP_ERR;
- }
-
- memcpy(output->buffer + output->len, tmp_output, truncate_to);
- output->len += truncate_to;
- return AWS_OP_SUCCESS;
- }
-
- return hmac->vtable->finalize(hmac, output);
-}
-
-int aws_sha256_hmac_compute(
- struct aws_allocator *allocator,
- const struct aws_byte_cursor *secret,
- const struct aws_byte_cursor *to_hmac,
- struct aws_byte_buf *output,
- size_t truncate_to) {
- struct aws_hmac *hmac = aws_sha256_hmac_new(allocator, secret);
-
- if (!hmac) {
- return AWS_OP_ERR;
- }
-
- if (aws_hmac_update(hmac, to_hmac)) {
- aws_hmac_destroy(hmac);
- return AWS_OP_ERR;
- }
-
- if (aws_hmac_finalize(hmac, output, truncate_to)) {
- aws_hmac_destroy(hmac);
- return AWS_OP_ERR;
- }
-
- aws_hmac_destroy(hmac);
- return AWS_OP_SUCCESS;
-}
+/**
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0.
+ */
+#include <aws/cal/hmac.h>
+
+#ifndef AWS_BYO_CRYPTO
+extern struct aws_hmac *aws_sha256_hmac_default_new(
+ struct aws_allocator *allocator,
+ const struct aws_byte_cursor *secret);
+static aws_hmac_new_fn *s_sha256_hmac_new_fn = aws_sha256_hmac_default_new;
+#else
+static struct aws_hmac *aws_hmac_new_abort(struct aws_allocator *allocator, const struct aws_byte_cursor *secret) {
+ (void)allocator;
+ (void)secret;
+ abort();
+}
+
+static aws_hmac_new_fn *s_sha256_hmac_new_fn = aws_hmac_new_abort;
+#endif
+
+struct aws_hmac *aws_sha256_hmac_new(struct aws_allocator *allocator, const struct aws_byte_cursor *secret) {
+ return s_sha256_hmac_new_fn(allocator, secret);
+}
+
+void aws_set_sha256_hmac_new_fn(aws_hmac_new_fn *fn) {
+ s_sha256_hmac_new_fn = fn;
+}
+
+void aws_hmac_destroy(struct aws_hmac *hmac) {
+ hmac->vtable->destroy(hmac);
+}
+
+int aws_hmac_update(struct aws_hmac *hmac, const struct aws_byte_cursor *to_hmac) {
+ return hmac->vtable->update(hmac, to_hmac);
+}
+
+int aws_hmac_finalize(struct aws_hmac *hmac, struct aws_byte_buf *output, size_t truncate_to) {
+ if (truncate_to && truncate_to < hmac->digest_size) {
+ size_t available_buffer = output->capacity - output->len;
+ if (available_buffer < truncate_to) {
+ return aws_raise_error(AWS_ERROR_SHORT_BUFFER);
+ }
+
+ uint8_t tmp_output[128] = {0};
+ AWS_ASSERT(sizeof(tmp_output) >= hmac->digest_size);
+
+ struct aws_byte_buf tmp_out_buf = aws_byte_buf_from_array(tmp_output, sizeof(tmp_output));
+ tmp_out_buf.len = 0;
+
+ if (hmac->vtable->finalize(hmac, &tmp_out_buf)) {
+ return AWS_OP_ERR;
+ }
+
+ memcpy(output->buffer + output->len, tmp_output, truncate_to);
+ output->len += truncate_to;
+ return AWS_OP_SUCCESS;
+ }
+
+ return hmac->vtable->finalize(hmac, output);
+}
+
+int aws_sha256_hmac_compute(
+ struct aws_allocator *allocator,
+ const struct aws_byte_cursor *secret,
+ const struct aws_byte_cursor *to_hmac,
+ struct aws_byte_buf *output,
+ size_t truncate_to) {
+ struct aws_hmac *hmac = aws_sha256_hmac_new(allocator, secret);
+
+ if (!hmac) {
+ return AWS_OP_ERR;
+ }
+
+ if (aws_hmac_update(hmac, to_hmac)) {
+ aws_hmac_destroy(hmac);
+ return AWS_OP_ERR;
+ }
+
+ if (aws_hmac_finalize(hmac, output, truncate_to)) {
+ aws_hmac_destroy(hmac);
+ return AWS_OP_ERR;
+ }
+
+ aws_hmac_destroy(hmac);
+ return AWS_OP_SUCCESS;
+}
diff --git a/contrib/restricted/aws/aws-c-cal/source/unix/openssl_platform_init.c b/contrib/restricted/aws/aws-c-cal/source/unix/openssl_platform_init.c
index e98168b4ac..83c94ed5aa 100644
--- a/contrib/restricted/aws/aws-c-cal/source/unix/openssl_platform_init.c
+++ b/contrib/restricted/aws/aws-c-cal/source/unix/openssl_platform_init.c
@@ -1,417 +1,417 @@
-/**
- * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
- * SPDX-License-Identifier: Apache-2.0.
- */
-
-#include <aws/common/allocator.h>
-#include <aws/common/mutex.h>
-#include <aws/common/thread.h>
-
-#include <dlfcn.h>
-
-#include <aws/cal/private/opensslcrypto_common.h>
-
-#if defined(AWS_LIBCRYPTO_LOG_RESOLVE)
-# define FLOGF(...) \
- do { \
- fprintf(stderr, "AWS libcrypto resolve: "); \
- fprintf(stderr, __VA_ARGS__); \
- fprintf(stderr, "\n"); \
- } while (0)
-#else
-# define FLOGF(...)
-#endif
-
-static struct openssl_hmac_ctx_table hmac_ctx_table;
-static struct openssl_evp_md_ctx_table evp_md_ctx_table;
-
-struct openssl_hmac_ctx_table *g_aws_openssl_hmac_ctx_table = NULL;
-struct openssl_evp_md_ctx_table *g_aws_openssl_evp_md_ctx_table = NULL;
-
-/* weak refs to libcrypto functions to force them to at least try to link
- * and avoid dead-stripping
- */
-/* 1.1 */
-extern HMAC_CTX *HMAC_CTX_new(void) __attribute__((weak)) __attribute__((used));
-extern void HMAC_CTX_free(HMAC_CTX *) __attribute__((weak)) __attribute__((used));
-extern int HMAC_CTX_reset(HMAC_CTX *) __attribute__((weak)) __attribute__((used));
-
-/* 1.0.2 */
-extern void HMAC_CTX_init(HMAC_CTX *) __attribute__((weak)) __attribute__((used));
-extern void HMAC_CTX_cleanup(HMAC_CTX *) __attribute__((weak)) __attribute__((used));
-
-/* common */
-extern int HMAC_Update(HMAC_CTX *, const unsigned char *, size_t) __attribute__((weak)) __attribute__((used));
-extern int HMAC_Final(HMAC_CTX *, unsigned char *, unsigned int *) __attribute__((weak)) __attribute__((used));
-extern int HMAC_Init_ex(HMAC_CTX *, const void *, int, const EVP_MD *, ENGINE *) __attribute__((weak))
-__attribute__((used));
-
-/* libcrypto 1.1 stub for init */
-static void s_hmac_ctx_init_noop(HMAC_CTX *ctx) {
- (void)ctx;
-}
-
-/* libcrypto 1.1 stub for clean_up */
-static void s_hmac_ctx_clean_up_noop(HMAC_CTX *ctx) {
- (void)ctx;
-}
-
-/* libcrypto 1.0 shim for new */
-static HMAC_CTX *s_hmac_ctx_new(void) {
- AWS_PRECONDITION(
- g_aws_openssl_hmac_ctx_table->init_fn != s_hmac_ctx_init_noop &&
- "libcrypto 1.0 init called on libcrypto 1.1 vtable");
- HMAC_CTX *ctx = aws_mem_calloc(aws_default_allocator(), 1, 300);
- AWS_FATAL_ASSERT(ctx && "Unable to allocate to HMAC_CTX");
- g_aws_openssl_hmac_ctx_table->init_fn(ctx);
- return ctx;
-}
-
-/* libcrypto 1.0 shim for free */
-static void s_hmac_ctx_free(HMAC_CTX *ctx) {
- AWS_PRECONDITION(ctx);
- AWS_PRECONDITION(
- g_aws_openssl_hmac_ctx_table->clean_up_fn != s_hmac_ctx_clean_up_noop &&
- "libcrypto 1.0 clean_up called on libcrypto 1.1 vtable");
- g_aws_openssl_hmac_ctx_table->clean_up_fn(ctx);
- aws_mem_release(aws_default_allocator(), ctx);
-}
-
-/* libcrypto 1.0 shim for reset, matches HMAC_CTX_reset semantics */
-static int s_hmac_ctx_reset(HMAC_CTX *ctx) {
- AWS_PRECONDITION(ctx);
- AWS_PRECONDITION(
- g_aws_openssl_hmac_ctx_table->init_fn != s_hmac_ctx_init_noop &&
- g_aws_openssl_hmac_ctx_table->clean_up_fn != s_hmac_ctx_clean_up_noop &&
- "libcrypto 1.0 reset called on libcrypto 1.1 vtable");
- g_aws_openssl_hmac_ctx_table->clean_up_fn(ctx);
- g_aws_openssl_hmac_ctx_table->init_fn(ctx);
- return 1;
-}
-
-static struct aws_mutex *s_libcrypto_locks = NULL;
-static struct aws_allocator *s_libcrypto_allocator = NULL;
-
-static void s_locking_fn(int mode, int n, const char *unused0, int unused1) {
- (void)unused0;
- (void)unused1;
-
- if (mode & CRYPTO_LOCK) {
- aws_mutex_lock(&s_libcrypto_locks[n]);
- } else {
- aws_mutex_unlock(&s_libcrypto_locks[n]);
- }
-}
-
-static unsigned long s_id_fn(void) {
- return (unsigned long)aws_thread_current_thread_id();
-}
-
-enum aws_libcrypto_version {
- AWS_LIBCRYPTO_NONE = 0,
- AWS_LIBCRYPTO_1_0_2,
- AWS_LIBCRYPTO_1_1_1,
- AWS_LIBCRYPTO_LC,
-} s_libcrypto_version = AWS_LIBCRYPTO_NONE;
-
-static int s_resolve_libcrypto_hmac(enum aws_libcrypto_version version, void *module) {
- hmac_ctx_init init_fn = 0;
- hmac_ctx_clean_up clean_up_fn = 0;
- hmac_ctx_new new_fn = HMAC_CTX_new;
- hmac_ctx_free free_fn = HMAC_CTX_free;
- hmac_ctx_reset reset_fn = HMAC_CTX_reset;
- hmac_ctx_update update_fn = HMAC_Update;
- hmac_ctx_final final_fn = HMAC_Final;
- hmac_ctx_init_ex init_ex_fn = HMAC_Init_ex;
-
- /* were symbols bound by static linking? */
- bool has_102_symbols = init_fn && clean_up_fn && update_fn && final_fn && init_ex_fn;
- bool has_111_symbols = new_fn && free_fn && update_fn && final_fn && init_ex_fn && reset_fn;
-
- if (version == AWS_LIBCRYPTO_NONE) {
- if (has_102_symbols) {
- version = AWS_LIBCRYPTO_1_0_2;
- FLOGF("auto-resolving libcrypto 1.0.2");
- } else if (has_111_symbols) {
- version = AWS_LIBCRYPTO_1_1_1;
- FLOGF("auto-resolving libcrypto 1.1.1");
- } else {
- /* not pre-linked, need to ask for a specific version */
- return AWS_LIBCRYPTO_NONE;
- }
- }
-
- if (has_102_symbols) {
- FLOGF("found static libcrypto 1.0.2 HMAC");
- }
- if (has_111_symbols) {
- FLOGF("found static libcrypto 1.1.1 HMAC");
- }
-
- /* If symbols aren't already found, try to find the requested version */
- /* when built as a shared lib, and multiple versions of openssl are possibly
- * available (e.g. brazil), select 1.0.2 by default for consistency */
- if (!has_102_symbols && version == AWS_LIBCRYPTO_1_0_2) {
- *(void **)(&init_fn) = dlsym(module, "HMAC_CTX_init");
- *(void **)(&clean_up_fn) = dlsym(module, "HMAC_CTX_cleanup");
- *(void **)(&update_fn) = dlsym(module, "HMAC_Update");
- *(void **)(&final_fn) = dlsym(module, "HMAC_Final");
- *(void **)(&init_ex_fn) = dlsym(module, "HMAC_Init_ex");
- if (init_fn) {
- FLOGF("found dynamic libcrypto 1.0.2 HMAC symbols");
- }
- }
-
- if (!has_111_symbols && version == AWS_LIBCRYPTO_1_1_1) {
- *(void **)(&new_fn) = dlsym(module, "HMAC_CTX_new");
- *(void **)(&reset_fn) = dlsym(module, "HMAC_CTX_reset");
- *(void **)(&free_fn) = dlsym(module, "HMAC_CTX_free");
- *(void **)(&update_fn) = dlsym(module, "HMAC_Update");
- *(void **)(&final_fn) = dlsym(module, "HMAC_Final");
- *(void **)(&init_ex_fn) = dlsym(module, "HMAC_Init_ex");
- if (new_fn) {
- FLOGF("found dynamic libcrypto 1.1.1 HMAC symbols");
- }
- }
-
- /* Fill out the vtable for the requested version */
- if (version == AWS_LIBCRYPTO_1_0_2 && init_fn) {
- hmac_ctx_table.new_fn = s_hmac_ctx_new;
- hmac_ctx_table.reset_fn = s_hmac_ctx_reset;
- hmac_ctx_table.free_fn = s_hmac_ctx_free;
- hmac_ctx_table.init_fn = init_fn;
- hmac_ctx_table.clean_up_fn = clean_up_fn;
- } else if (version == AWS_LIBCRYPTO_1_1_1 && new_fn) {
- hmac_ctx_table.new_fn = new_fn;
- hmac_ctx_table.reset_fn = reset_fn;
- hmac_ctx_table.free_fn = free_fn;
- hmac_ctx_table.init_fn = s_hmac_ctx_init_noop;
- hmac_ctx_table.clean_up_fn = s_hmac_ctx_clean_up_noop;
- }
- hmac_ctx_table.update_fn = update_fn;
- hmac_ctx_table.final_fn = final_fn;
- hmac_ctx_table.init_ex_fn = init_ex_fn;
- g_aws_openssl_hmac_ctx_table = &hmac_ctx_table;
-
- return version;
-}
-
-/* EVP_MD_CTX API */
-/* 1.0.2 NOTE: these are macros in 1.1.x, so we have to undef them to weak link */
-#if defined(EVP_MD_CTX_create)
-# pragma push_macro("EVP_MD_CTX_create")
-# undef EVP_MD_CTX_create
-#endif
-extern EVP_MD_CTX *EVP_MD_CTX_create(void) __attribute__((weak, used));
-static evp_md_ctx_new s_EVP_MD_CTX_create = 0;
-#if defined(EVP_MD_CTX_create)
-# pragma pop_macro("EVP_MD_CTX_create")
-#endif
-
-#if defined(EVP_MD_CTX_destroy)
-# pragma push_macro("EVP_MD_CTX_destroy")
-# undef EVP_MD_CTX_destroy
-#endif
-extern void EVP_MD_CTX_destroy(EVP_MD_CTX *) __attribute__((weak, used));
-static evp_md_ctx_free s_EVP_MD_CTX_destroy = 0;
-#if defined(EVP_MD_CTX_destroy)
-# pragma pop_macro("EVP_MD_CTX_destroy")
-#endif
-
-/* 1.1 */
-extern EVP_MD_CTX *EVP_MD_CTX_new(void) __attribute__((weak, used));
-extern void EVP_MD_CTX_free(EVP_MD_CTX *) __attribute__((weak, used));
-
-/* common */
-extern int EVP_DigestInit_ex(EVP_MD_CTX *, const EVP_MD *, ENGINE *) __attribute__((weak, used));
-extern int EVP_DigestUpdate(EVP_MD_CTX *, const void *, size_t) __attribute__((weak, used));
-extern int EVP_DigestFinal_ex(EVP_MD_CTX *, unsigned char *, unsigned int *) __attribute__((weak, used));
-
-static int s_resolve_libcrypto_md(enum aws_libcrypto_version version, void *module) {
- /* OpenSSL changed the EVP api in 1.1 to use new/free verbs */
- evp_md_ctx_new md_new_fn = EVP_MD_CTX_new;
- evp_md_ctx_new md_create_fn = s_EVP_MD_CTX_create;
- evp_md_ctx_free md_free_fn = EVP_MD_CTX_free;
- evp_md_ctx_free md_destroy_fn = s_EVP_MD_CTX_destroy;
- evp_md_ctx_digest_init_ex md_init_ex_fn = EVP_DigestInit_ex;
- evp_md_ctx_digest_update md_update_fn = EVP_DigestUpdate;
- evp_md_ctx_digest_final_ex md_final_ex_fn = EVP_DigestFinal_ex;
-
- bool has_102_symbols = md_create_fn && md_destroy_fn && md_init_ex_fn && md_update_fn && md_final_ex_fn;
- bool has_111_symbols = md_new_fn && md_free_fn && md_init_ex_fn && md_update_fn && md_final_ex_fn;
-
- if (has_102_symbols) {
- FLOGF("found static libcrypto 1.0.2 EVP_MD");
- }
- if (has_111_symbols) {
- FLOGF("found static libcrypto 1.1.1 EVP_MD");
- }
-
- if (!has_102_symbols && version == AWS_LIBCRYPTO_1_0_2) {
- *(void **)(&md_create_fn) = dlsym(module, "EVP_MD_CTX_create");
- *(void **)(&md_destroy_fn) = dlsym(module, "EVP_MD_CTX_destroy");
- *(void **)(&md_init_ex_fn) = dlsym(module, "EVP_DigestInit_ex");
- *(void **)(&md_update_fn) = dlsym(module, "EVP_DigestUpdate");
- *(void **)(&md_final_ex_fn) = dlsym(module, "EVP_DigestFinal_ex");
- if (md_create_fn) {
- FLOGF("found dynamic libcrypto 1.0.2 EVP_MD symbols");
- }
- }
-
- if (!has_111_symbols && version == AWS_LIBCRYPTO_1_1_1) {
- *(void **)(&md_new_fn) = dlsym(module, "EVP_MD_CTX_new");
- *(void **)(&md_free_fn) = dlsym(module, "EVP_MD_CTX_free");
- *(void **)(&md_init_ex_fn) = dlsym(module, "EVP_DigestInit_ex");
- *(void **)(&md_update_fn) = dlsym(module, "EVP_DigestUpdate");
- *(void **)(&md_final_ex_fn) = dlsym(module, "EVP_DigestFinal_ex");
- if (md_new_fn) {
- FLOGF("found dynamic libcrypto 1.1.1 EVP_MD symbols");
- }
- }
-
- /* Add the found symbols to the vtable */
- if (version == AWS_LIBCRYPTO_1_0_2 && md_create_fn) {
- evp_md_ctx_table.new_fn = md_create_fn;
- evp_md_ctx_table.free_fn = md_destroy_fn;
- evp_md_ctx_table.init_ex_fn = md_init_ex_fn;
- evp_md_ctx_table.update_fn = md_update_fn;
- evp_md_ctx_table.final_ex_fn = md_final_ex_fn;
- g_aws_openssl_evp_md_ctx_table = &evp_md_ctx_table;
- return version;
- } else if (version == AWS_LIBCRYPTO_1_1_1 && md_new_fn) {
- evp_md_ctx_table.new_fn = md_new_fn;
- evp_md_ctx_table.free_fn = md_free_fn;
- evp_md_ctx_table.init_ex_fn = md_init_ex_fn;
- evp_md_ctx_table.update_fn = md_update_fn;
- evp_md_ctx_table.final_ex_fn = md_final_ex_fn;
- g_aws_openssl_evp_md_ctx_table = &evp_md_ctx_table;
- return version;
- }
-
- return AWS_LIBCRYPTO_NONE;
-}
-
-static int s_resolve_libcrypto_symbols(enum aws_libcrypto_version version, void *module) {
- int found_version = s_resolve_libcrypto_hmac(version, module);
- if (!found_version) {
- return AWS_LIBCRYPTO_NONE;
- }
- if (!s_resolve_libcrypto_md(found_version, module)) {
- return AWS_LIBCRYPTO_NONE;
- }
- return found_version;
-}
-
-static int s_resolve_libcrypto_version(enum aws_libcrypto_version version) {
- const char *libcrypto_102 = "libcrypto.so.1.0.0";
- const char *libcrypto_111 = "libcrypto.so.1.1";
- switch (version) {
- case AWS_LIBCRYPTO_NONE: {
- FLOGF("searching process and loaded modules");
- void *process = dlopen(NULL, RTLD_NOW);
- AWS_FATAL_ASSERT(process && "Unable to load symbols from process space");
- int result = s_resolve_libcrypto_symbols(version, process);
- dlclose(process);
- return result;
- }
- case AWS_LIBCRYPTO_1_0_2: {
- FLOGF("loading libcrypto 1.0.2");
- void *module = dlopen(libcrypto_102, RTLD_NOW);
- if (module) {
- FLOGF("resolving against libcrypto 1.0.2");
- int result = s_resolve_libcrypto_symbols(version, module);
- dlclose(module);
- return result;
- }
- FLOGF("libcrypto 1.0.2 not found");
- break;
- }
- case AWS_LIBCRYPTO_1_1_1: {
- FLOGF("loading libcrypto 1.1.1");
- void *module = dlopen(libcrypto_111, RTLD_NOW);
- if (module) {
- FLOGF("resolving against libcrypto 1.1.1");
- int result = s_resolve_libcrypto_symbols(version, module);
- dlclose(module);
- return result;
- }
- FLOGF("libcrypto 1.1.1 not found");
- break;
- }
- default:
- AWS_FATAL_ASSERT("Attempted to use an unsupported version of libcrypto");
- }
- return AWS_LIBCRYPTO_NONE;
-}
-
-static int s_resolve_libcrypto(void) {
- if (s_libcrypto_version != AWS_LIBCRYPTO_NONE) {
- return s_libcrypto_version;
- }
-
- /* Try to auto-resolve against what's linked in/process space */
- FLOGF("Attempting auto-resolve against static linkage");
- s_libcrypto_version = s_resolve_libcrypto_version(AWS_LIBCRYPTO_NONE);
- /* try 1.0.2 */
- if (s_libcrypto_version == AWS_LIBCRYPTO_NONE) {
- FLOGF("Attempting resolve against libcrypto 1.0.2");
- s_libcrypto_version = s_resolve_libcrypto_version(AWS_LIBCRYPTO_1_0_2);
- }
- /* try 1.1.1 */
- if (s_libcrypto_version == AWS_LIBCRYPTO_NONE) {
- FLOGF("Attempting resolve against libcrypto 1.1.1");
- s_libcrypto_version = s_resolve_libcrypto_version(AWS_LIBCRYPTO_1_1_1);
- }
-
- return s_libcrypto_version;
-}
-
-/* Ignore warnings about how CRYPTO_get_locking_callback() always returns NULL on 1.1.1 */
-#if !defined(__GNUC__) || (__GNUC__ >= 4 && __GNUC_MINOR__ > 1)
-# pragma GCC diagnostic push
-# pragma GCC diagnostic ignored "-Waddress"
-#endif
-
-void aws_cal_platform_init(struct aws_allocator *allocator) {
- s_libcrypto_allocator = allocator;
-
- int version = s_resolve_libcrypto();
- AWS_FATAL_ASSERT(version != AWS_LIBCRYPTO_NONE && "libcrypto could not be resolved");
-
- /* Ensure that libcrypto 1.0.2 has working locking mechanisms. This code is macro'ed
- * by libcrypto to be a no-op on 1.1.1 */
- if (!CRYPTO_get_locking_callback()) {
- /* on 1.1.1 this is a no-op */
- CRYPTO_set_locking_callback(s_locking_fn);
- if (CRYPTO_get_locking_callback() == s_locking_fn) {
- s_libcrypto_locks = aws_mem_acquire(allocator, sizeof(struct aws_mutex) * CRYPTO_num_locks());
- AWS_FATAL_ASSERT(s_libcrypto_locks);
- size_t lock_count = (size_t)CRYPTO_num_locks();
- for (size_t i = 0; i < lock_count; ++i) {
- aws_mutex_init(&s_libcrypto_locks[i]);
- }
- }
- }
-
- if (!CRYPTO_get_id_callback()) {
- CRYPTO_set_id_callback(s_id_fn);
- }
-}
-
-void aws_cal_platform_clean_up(void) {
- if (CRYPTO_get_locking_callback() == s_locking_fn) {
- CRYPTO_set_locking_callback(NULL);
- size_t lock_count = (size_t)CRYPTO_num_locks();
- for (size_t i = 0; i < lock_count; ++i) {
- aws_mutex_clean_up(&s_libcrypto_locks[i]);
- }
- aws_mem_release(s_libcrypto_allocator, s_libcrypto_locks);
- }
-
- if (CRYPTO_get_id_callback() == s_id_fn) {
- CRYPTO_set_id_callback(NULL);
- }
-}
-#if !defined(__GNUC__) || (__GNUC__ >= 4 && __GNUC_MINOR__ > 1)
-# pragma GCC diagnostic pop
-#endif
+/**
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0.
+ */
+
+#include <aws/common/allocator.h>
+#include <aws/common/mutex.h>
+#include <aws/common/thread.h>
+
+#include <dlfcn.h>
+
+#include <aws/cal/private/opensslcrypto_common.h>
+
+#if defined(AWS_LIBCRYPTO_LOG_RESOLVE)
+# define FLOGF(...) \
+ do { \
+ fprintf(stderr, "AWS libcrypto resolve: "); \
+ fprintf(stderr, __VA_ARGS__); \
+ fprintf(stderr, "\n"); \
+ } while (0)
+#else
+# define FLOGF(...)
+#endif
+
+static struct openssl_hmac_ctx_table hmac_ctx_table;
+static struct openssl_evp_md_ctx_table evp_md_ctx_table;
+
+struct openssl_hmac_ctx_table *g_aws_openssl_hmac_ctx_table = NULL;
+struct openssl_evp_md_ctx_table *g_aws_openssl_evp_md_ctx_table = NULL;
+
+/* weak refs to libcrypto functions to force them to at least try to link
+ * and avoid dead-stripping
+ */
+/* 1.1 */
+extern HMAC_CTX *HMAC_CTX_new(void) __attribute__((weak)) __attribute__((used));
+extern void HMAC_CTX_free(HMAC_CTX *) __attribute__((weak)) __attribute__((used));
+extern int HMAC_CTX_reset(HMAC_CTX *) __attribute__((weak)) __attribute__((used));
+
+/* 1.0.2 */
+extern void HMAC_CTX_init(HMAC_CTX *) __attribute__((weak)) __attribute__((used));
+extern void HMAC_CTX_cleanup(HMAC_CTX *) __attribute__((weak)) __attribute__((used));
+
+/* common */
+extern int HMAC_Update(HMAC_CTX *, const unsigned char *, size_t) __attribute__((weak)) __attribute__((used));
+extern int HMAC_Final(HMAC_CTX *, unsigned char *, unsigned int *) __attribute__((weak)) __attribute__((used));
+extern int HMAC_Init_ex(HMAC_CTX *, const void *, int, const EVP_MD *, ENGINE *) __attribute__((weak))
+__attribute__((used));
+
+/* libcrypto 1.1 stub for init */
+static void s_hmac_ctx_init_noop(HMAC_CTX *ctx) {
+ (void)ctx;
+}
+
+/* libcrypto 1.1 stub for clean_up */
+static void s_hmac_ctx_clean_up_noop(HMAC_CTX *ctx) {
+ (void)ctx;
+}
+
+/* libcrypto 1.0 shim for new */
+static HMAC_CTX *s_hmac_ctx_new(void) {
+ AWS_PRECONDITION(
+ g_aws_openssl_hmac_ctx_table->init_fn != s_hmac_ctx_init_noop &&
+ "libcrypto 1.0 init called on libcrypto 1.1 vtable");
+ HMAC_CTX *ctx = aws_mem_calloc(aws_default_allocator(), 1, 300);
+ AWS_FATAL_ASSERT(ctx && "Unable to allocate to HMAC_CTX");
+ g_aws_openssl_hmac_ctx_table->init_fn(ctx);
+ return ctx;
+}
+
+/* libcrypto 1.0 shim for free */
+static void s_hmac_ctx_free(HMAC_CTX *ctx) {
+ AWS_PRECONDITION(ctx);
+ AWS_PRECONDITION(
+ g_aws_openssl_hmac_ctx_table->clean_up_fn != s_hmac_ctx_clean_up_noop &&
+ "libcrypto 1.0 clean_up called on libcrypto 1.1 vtable");
+ g_aws_openssl_hmac_ctx_table->clean_up_fn(ctx);
+ aws_mem_release(aws_default_allocator(), ctx);
+}
+
+/* libcrypto 1.0 shim for reset, matches HMAC_CTX_reset semantics */
+static int s_hmac_ctx_reset(HMAC_CTX *ctx) {
+ AWS_PRECONDITION(ctx);
+ AWS_PRECONDITION(
+ g_aws_openssl_hmac_ctx_table->init_fn != s_hmac_ctx_init_noop &&
+ g_aws_openssl_hmac_ctx_table->clean_up_fn != s_hmac_ctx_clean_up_noop &&
+ "libcrypto 1.0 reset called on libcrypto 1.1 vtable");
+ g_aws_openssl_hmac_ctx_table->clean_up_fn(ctx);
+ g_aws_openssl_hmac_ctx_table->init_fn(ctx);
+ return 1;
+}
+
+static struct aws_mutex *s_libcrypto_locks = NULL;
+static struct aws_allocator *s_libcrypto_allocator = NULL;
+
+static void s_locking_fn(int mode, int n, const char *unused0, int unused1) {
+ (void)unused0;
+ (void)unused1;
+
+ if (mode & CRYPTO_LOCK) {
+ aws_mutex_lock(&s_libcrypto_locks[n]);
+ } else {
+ aws_mutex_unlock(&s_libcrypto_locks[n]);
+ }
+}
+
+static unsigned long s_id_fn(void) {
+ return (unsigned long)aws_thread_current_thread_id();
+}
+
+enum aws_libcrypto_version {
+ AWS_LIBCRYPTO_NONE = 0,
+ AWS_LIBCRYPTO_1_0_2,
+ AWS_LIBCRYPTO_1_1_1,
+ AWS_LIBCRYPTO_LC,
+} s_libcrypto_version = AWS_LIBCRYPTO_NONE;
+
+static int s_resolve_libcrypto_hmac(enum aws_libcrypto_version version, void *module) {
+ hmac_ctx_init init_fn = 0;
+ hmac_ctx_clean_up clean_up_fn = 0;
+ hmac_ctx_new new_fn = HMAC_CTX_new;
+ hmac_ctx_free free_fn = HMAC_CTX_free;
+ hmac_ctx_reset reset_fn = HMAC_CTX_reset;
+ hmac_ctx_update update_fn = HMAC_Update;
+ hmac_ctx_final final_fn = HMAC_Final;
+ hmac_ctx_init_ex init_ex_fn = HMAC_Init_ex;
+
+ /* were symbols bound by static linking? */
+ bool has_102_symbols = init_fn && clean_up_fn && update_fn && final_fn && init_ex_fn;
+ bool has_111_symbols = new_fn && free_fn && update_fn && final_fn && init_ex_fn && reset_fn;
+
+ if (version == AWS_LIBCRYPTO_NONE) {
+ if (has_102_symbols) {
+ version = AWS_LIBCRYPTO_1_0_2;
+ FLOGF("auto-resolving libcrypto 1.0.2");
+ } else if (has_111_symbols) {
+ version = AWS_LIBCRYPTO_1_1_1;
+ FLOGF("auto-resolving libcrypto 1.1.1");
+ } else {
+ /* not pre-linked, need to ask for a specific version */
+ return AWS_LIBCRYPTO_NONE;
+ }
+ }
+
+ if (has_102_symbols) {
+ FLOGF("found static libcrypto 1.0.2 HMAC");
+ }
+ if (has_111_symbols) {
+ FLOGF("found static libcrypto 1.1.1 HMAC");
+ }
+
+ /* If symbols aren't already found, try to find the requested version */
+ /* when built as a shared lib, and multiple versions of openssl are possibly
+ * available (e.g. brazil), select 1.0.2 by default for consistency */
+ if (!has_102_symbols && version == AWS_LIBCRYPTO_1_0_2) {
+ *(void **)(&init_fn) = dlsym(module, "HMAC_CTX_init");
+ *(void **)(&clean_up_fn) = dlsym(module, "HMAC_CTX_cleanup");
+ *(void **)(&update_fn) = dlsym(module, "HMAC_Update");
+ *(void **)(&final_fn) = dlsym(module, "HMAC_Final");
+ *(void **)(&init_ex_fn) = dlsym(module, "HMAC_Init_ex");
+ if (init_fn) {
+ FLOGF("found dynamic libcrypto 1.0.2 HMAC symbols");
+ }
+ }
+
+ if (!has_111_symbols && version == AWS_LIBCRYPTO_1_1_1) {
+ *(void **)(&new_fn) = dlsym(module, "HMAC_CTX_new");
+ *(void **)(&reset_fn) = dlsym(module, "HMAC_CTX_reset");
+ *(void **)(&free_fn) = dlsym(module, "HMAC_CTX_free");
+ *(void **)(&update_fn) = dlsym(module, "HMAC_Update");
+ *(void **)(&final_fn) = dlsym(module, "HMAC_Final");
+ *(void **)(&init_ex_fn) = dlsym(module, "HMAC_Init_ex");
+ if (new_fn) {
+ FLOGF("found dynamic libcrypto 1.1.1 HMAC symbols");
+ }
+ }
+
+ /* Fill out the vtable for the requested version */
+ if (version == AWS_LIBCRYPTO_1_0_2 && init_fn) {
+ hmac_ctx_table.new_fn = s_hmac_ctx_new;
+ hmac_ctx_table.reset_fn = s_hmac_ctx_reset;
+ hmac_ctx_table.free_fn = s_hmac_ctx_free;
+ hmac_ctx_table.init_fn = init_fn;
+ hmac_ctx_table.clean_up_fn = clean_up_fn;
+ } else if (version == AWS_LIBCRYPTO_1_1_1 && new_fn) {
+ hmac_ctx_table.new_fn = new_fn;
+ hmac_ctx_table.reset_fn = reset_fn;
+ hmac_ctx_table.free_fn = free_fn;
+ hmac_ctx_table.init_fn = s_hmac_ctx_init_noop;
+ hmac_ctx_table.clean_up_fn = s_hmac_ctx_clean_up_noop;
+ }
+ hmac_ctx_table.update_fn = update_fn;
+ hmac_ctx_table.final_fn = final_fn;
+ hmac_ctx_table.init_ex_fn = init_ex_fn;
+ g_aws_openssl_hmac_ctx_table = &hmac_ctx_table;
+
+ return version;
+}
+
+/* EVP_MD_CTX API */
+/* 1.0.2 NOTE: these are macros in 1.1.x, so we have to undef them to weak link */
+#if defined(EVP_MD_CTX_create)
+# pragma push_macro("EVP_MD_CTX_create")
+# undef EVP_MD_CTX_create
+#endif
+extern EVP_MD_CTX *EVP_MD_CTX_create(void) __attribute__((weak, used));
+static evp_md_ctx_new s_EVP_MD_CTX_create = 0;
+#if defined(EVP_MD_CTX_create)
+# pragma pop_macro("EVP_MD_CTX_create")
+#endif
+
+#if defined(EVP_MD_CTX_destroy)
+# pragma push_macro("EVP_MD_CTX_destroy")
+# undef EVP_MD_CTX_destroy
+#endif
+extern void EVP_MD_CTX_destroy(EVP_MD_CTX *) __attribute__((weak, used));
+static evp_md_ctx_free s_EVP_MD_CTX_destroy = 0;
+#if defined(EVP_MD_CTX_destroy)
+# pragma pop_macro("EVP_MD_CTX_destroy")
+#endif
+
+/* 1.1 */
+extern EVP_MD_CTX *EVP_MD_CTX_new(void) __attribute__((weak, used));
+extern void EVP_MD_CTX_free(EVP_MD_CTX *) __attribute__((weak, used));
+
+/* common */
+extern int EVP_DigestInit_ex(EVP_MD_CTX *, const EVP_MD *, ENGINE *) __attribute__((weak, used));
+extern int EVP_DigestUpdate(EVP_MD_CTX *, const void *, size_t) __attribute__((weak, used));
+extern int EVP_DigestFinal_ex(EVP_MD_CTX *, unsigned char *, unsigned int *) __attribute__((weak, used));
+
+static int s_resolve_libcrypto_md(enum aws_libcrypto_version version, void *module) {
+ /* OpenSSL changed the EVP api in 1.1 to use new/free verbs */
+ evp_md_ctx_new md_new_fn = EVP_MD_CTX_new;
+ evp_md_ctx_new md_create_fn = s_EVP_MD_CTX_create;
+ evp_md_ctx_free md_free_fn = EVP_MD_CTX_free;
+ evp_md_ctx_free md_destroy_fn = s_EVP_MD_CTX_destroy;
+ evp_md_ctx_digest_init_ex md_init_ex_fn = EVP_DigestInit_ex;
+ evp_md_ctx_digest_update md_update_fn = EVP_DigestUpdate;
+ evp_md_ctx_digest_final_ex md_final_ex_fn = EVP_DigestFinal_ex;
+
+ bool has_102_symbols = md_create_fn && md_destroy_fn && md_init_ex_fn && md_update_fn && md_final_ex_fn;
+ bool has_111_symbols = md_new_fn && md_free_fn && md_init_ex_fn && md_update_fn && md_final_ex_fn;
+
+ if (has_102_symbols) {
+ FLOGF("found static libcrypto 1.0.2 EVP_MD");
+ }
+ if (has_111_symbols) {
+ FLOGF("found static libcrypto 1.1.1 EVP_MD");
+ }
+
+ if (!has_102_symbols && version == AWS_LIBCRYPTO_1_0_2) {
+ *(void **)(&md_create_fn) = dlsym(module, "EVP_MD_CTX_create");
+ *(void **)(&md_destroy_fn) = dlsym(module, "EVP_MD_CTX_destroy");
+ *(void **)(&md_init_ex_fn) = dlsym(module, "EVP_DigestInit_ex");
+ *(void **)(&md_update_fn) = dlsym(module, "EVP_DigestUpdate");
+ *(void **)(&md_final_ex_fn) = dlsym(module, "EVP_DigestFinal_ex");
+ if (md_create_fn) {
+ FLOGF("found dynamic libcrypto 1.0.2 EVP_MD symbols");
+ }
+ }
+
+ if (!has_111_symbols && version == AWS_LIBCRYPTO_1_1_1) {
+ *(void **)(&md_new_fn) = dlsym(module, "EVP_MD_CTX_new");
+ *(void **)(&md_free_fn) = dlsym(module, "EVP_MD_CTX_free");
+ *(void **)(&md_init_ex_fn) = dlsym(module, "EVP_DigestInit_ex");
+ *(void **)(&md_update_fn) = dlsym(module, "EVP_DigestUpdate");
+ *(void **)(&md_final_ex_fn) = dlsym(module, "EVP_DigestFinal_ex");
+ if (md_new_fn) {
+ FLOGF("found dynamic libcrypto 1.1.1 EVP_MD symbols");
+ }
+ }
+
+ /* Add the found symbols to the vtable */
+ if (version == AWS_LIBCRYPTO_1_0_2 && md_create_fn) {
+ evp_md_ctx_table.new_fn = md_create_fn;
+ evp_md_ctx_table.free_fn = md_destroy_fn;
+ evp_md_ctx_table.init_ex_fn = md_init_ex_fn;
+ evp_md_ctx_table.update_fn = md_update_fn;
+ evp_md_ctx_table.final_ex_fn = md_final_ex_fn;
+ g_aws_openssl_evp_md_ctx_table = &evp_md_ctx_table;
+ return version;
+ } else if (version == AWS_LIBCRYPTO_1_1_1 && md_new_fn) {
+ evp_md_ctx_table.new_fn = md_new_fn;
+ evp_md_ctx_table.free_fn = md_free_fn;
+ evp_md_ctx_table.init_ex_fn = md_init_ex_fn;
+ evp_md_ctx_table.update_fn = md_update_fn;
+ evp_md_ctx_table.final_ex_fn = md_final_ex_fn;
+ g_aws_openssl_evp_md_ctx_table = &evp_md_ctx_table;
+ return version;
+ }
+
+ return AWS_LIBCRYPTO_NONE;
+}
+
+static int s_resolve_libcrypto_symbols(enum aws_libcrypto_version version, void *module) {
+ int found_version = s_resolve_libcrypto_hmac(version, module);
+ if (!found_version) {
+ return AWS_LIBCRYPTO_NONE;
+ }
+ if (!s_resolve_libcrypto_md(found_version, module)) {
+ return AWS_LIBCRYPTO_NONE;
+ }
+ return found_version;
+}
+
+static int s_resolve_libcrypto_version(enum aws_libcrypto_version version) {
+ const char *libcrypto_102 = "libcrypto.so.1.0.0";
+ const char *libcrypto_111 = "libcrypto.so.1.1";
+ switch (version) {
+ case AWS_LIBCRYPTO_NONE: {
+ FLOGF("searching process and loaded modules");
+ void *process = dlopen(NULL, RTLD_NOW);
+ AWS_FATAL_ASSERT(process && "Unable to load symbols from process space");
+ int result = s_resolve_libcrypto_symbols(version, process);
+ dlclose(process);
+ return result;
+ }
+ case AWS_LIBCRYPTO_1_0_2: {
+ FLOGF("loading libcrypto 1.0.2");
+ void *module = dlopen(libcrypto_102, RTLD_NOW);
+ if (module) {
+ FLOGF("resolving against libcrypto 1.0.2");
+ int result = s_resolve_libcrypto_symbols(version, module);
+ dlclose(module);
+ return result;
+ }
+ FLOGF("libcrypto 1.0.2 not found");
+ break;
+ }
+ case AWS_LIBCRYPTO_1_1_1: {
+ FLOGF("loading libcrypto 1.1.1");
+ void *module = dlopen(libcrypto_111, RTLD_NOW);
+ if (module) {
+ FLOGF("resolving against libcrypto 1.1.1");
+ int result = s_resolve_libcrypto_symbols(version, module);
+ dlclose(module);
+ return result;
+ }
+ FLOGF("libcrypto 1.1.1 not found");
+ break;
+ }
+ default:
+ AWS_FATAL_ASSERT("Attempted to use an unsupported version of libcrypto");
+ }
+ return AWS_LIBCRYPTO_NONE;
+}
+
+static int s_resolve_libcrypto(void) {
+ if (s_libcrypto_version != AWS_LIBCRYPTO_NONE) {
+ return s_libcrypto_version;
+ }
+
+ /* Try to auto-resolve against what's linked in/process space */
+ FLOGF("Attempting auto-resolve against static linkage");
+ s_libcrypto_version = s_resolve_libcrypto_version(AWS_LIBCRYPTO_NONE);
+ /* try 1.0.2 */
+ if (s_libcrypto_version == AWS_LIBCRYPTO_NONE) {
+ FLOGF("Attempting resolve against libcrypto 1.0.2");
+ s_libcrypto_version = s_resolve_libcrypto_version(AWS_LIBCRYPTO_1_0_2);
+ }
+ /* try 1.1.1 */
+ if (s_libcrypto_version == AWS_LIBCRYPTO_NONE) {
+ FLOGF("Attempting resolve against libcrypto 1.1.1");
+ s_libcrypto_version = s_resolve_libcrypto_version(AWS_LIBCRYPTO_1_1_1);
+ }
+
+ return s_libcrypto_version;
+}
+
+/* Ignore warnings about how CRYPTO_get_locking_callback() always returns NULL on 1.1.1 */
+#if !defined(__GNUC__) || (__GNUC__ >= 4 && __GNUC_MINOR__ > 1)
+# pragma GCC diagnostic push
+# pragma GCC diagnostic ignored "-Waddress"
+#endif
+
+void aws_cal_platform_init(struct aws_allocator *allocator) {
+ s_libcrypto_allocator = allocator;
+
+ int version = s_resolve_libcrypto();
+ AWS_FATAL_ASSERT(version != AWS_LIBCRYPTO_NONE && "libcrypto could not be resolved");
+
+ /* Ensure that libcrypto 1.0.2 has working locking mechanisms. This code is macro'ed
+ * by libcrypto to be a no-op on 1.1.1 */
+ if (!CRYPTO_get_locking_callback()) {
+ /* on 1.1.1 this is a no-op */
+ CRYPTO_set_locking_callback(s_locking_fn);
+ if (CRYPTO_get_locking_callback() == s_locking_fn) {
+ s_libcrypto_locks = aws_mem_acquire(allocator, sizeof(struct aws_mutex) * CRYPTO_num_locks());
+ AWS_FATAL_ASSERT(s_libcrypto_locks);
+ size_t lock_count = (size_t)CRYPTO_num_locks();
+ for (size_t i = 0; i < lock_count; ++i) {
+ aws_mutex_init(&s_libcrypto_locks[i]);
+ }
+ }
+ }
+
+ if (!CRYPTO_get_id_callback()) {
+ CRYPTO_set_id_callback(s_id_fn);
+ }
+}
+
+void aws_cal_platform_clean_up(void) {
+ if (CRYPTO_get_locking_callback() == s_locking_fn) {
+ CRYPTO_set_locking_callback(NULL);
+ size_t lock_count = (size_t)CRYPTO_num_locks();
+ for (size_t i = 0; i < lock_count; ++i) {
+ aws_mutex_clean_up(&s_libcrypto_locks[i]);
+ }
+ aws_mem_release(s_libcrypto_allocator, s_libcrypto_locks);
+ }
+
+ if (CRYPTO_get_id_callback() == s_id_fn) {
+ CRYPTO_set_id_callback(NULL);
+ }
+}
+#if !defined(__GNUC__) || (__GNUC__ >= 4 && __GNUC_MINOR__ > 1)
+# pragma GCC diagnostic pop
+#endif
diff --git a/contrib/restricted/aws/aws-c-cal/source/unix/opensslcrypto_ecc.c b/contrib/restricted/aws/aws-c-cal/source/unix/opensslcrypto_ecc.c
index 14be8c3df5..153bcd5f4e 100644
--- a/contrib/restricted/aws/aws-c-cal/source/unix/opensslcrypto_ecc.c
+++ b/contrib/restricted/aws/aws-c-cal/source/unix/opensslcrypto_ecc.c
@@ -1,374 +1,374 @@
-/**
- * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
- * SPDX-License-Identifier: Apache-2.0.
- */
-#include <aws/cal/private/ecc.h>
-
-#include <aws/cal/cal.h>
-#include <aws/cal/private/der.h>
-
-#include <openssl/bn.h>
-#include <openssl/ec.h>
-#include <openssl/ecdsa.h>
-#include <openssl/obj_mac.h>
-
-struct libcrypto_ecc_key {
- struct aws_ecc_key_pair key_pair;
- EC_KEY *ec_key;
-};
-
-static int s_curve_name_to_nid(enum aws_ecc_curve_name curve_name) {
- switch (curve_name) {
- case AWS_CAL_ECDSA_P256:
- return NID_X9_62_prime256v1;
- case AWS_CAL_ECDSA_P384:
- return NID_secp384r1;
- }
-
- AWS_FATAL_ASSERT(!"Unsupported elliptic curve name");
- return -1;
-}
-
-static void s_key_pair_destroy(struct aws_ecc_key_pair *key_pair) {
-
- if (key_pair) {
- aws_byte_buf_clean_up(&key_pair->pub_x);
- aws_byte_buf_clean_up(&key_pair->pub_y);
- aws_byte_buf_clean_up_secure(&key_pair->priv_d);
-
- struct libcrypto_ecc_key *key_impl = key_pair->impl;
-
- if (key_impl->ec_key) {
- EC_KEY_free(key_impl->ec_key);
- }
- aws_mem_release(key_pair->allocator, key_pair);
- }
-}
-
-static int s_sign_payload(
- const struct aws_ecc_key_pair *key_pair,
- const struct aws_byte_cursor *hash,
- struct aws_byte_buf *signature_output) {
- struct libcrypto_ecc_key *libcrypto_key_pair = key_pair->impl;
-
- unsigned int signature_size = signature_output->capacity - signature_output->len;
- int ret_val = ECDSA_sign(
- 0,
- hash->ptr,
- hash->len,
- signature_output->buffer + signature_output->len,
- &signature_size,
- libcrypto_key_pair->ec_key);
- signature_output->len += signature_size;
-
- return ret_val == 1 ? AWS_OP_SUCCESS : aws_raise_error(AWS_ERROR_INVALID_ARGUMENT);
-}
-
-static int s_verify_payload(
- const struct aws_ecc_key_pair *key_pair,
- const struct aws_byte_cursor *hash,
- const struct aws_byte_cursor *signature) {
- struct libcrypto_ecc_key *libcrypto_key_pair = key_pair->impl;
-
- return ECDSA_verify(0, hash->ptr, hash->len, signature->ptr, signature->len, libcrypto_key_pair->ec_key) == 1
- ? AWS_OP_SUCCESS
- : aws_raise_error(AWS_ERROR_CAL_SIGNATURE_VALIDATION_FAILED);
-}
-
-static size_t s_signature_length(const struct aws_ecc_key_pair *key_pair) {
- struct libcrypto_ecc_key *libcrypto_key_pair = key_pair->impl;
-
- return ECDSA_size(libcrypto_key_pair->ec_key);
-}
-
-static int s_fill_in_public_key_info(
- struct libcrypto_ecc_key *libcrypto_key_pair,
- const EC_GROUP *group,
- const EC_POINT *pub_key_point) {
- BIGNUM *big_num_x = BN_new();
- BIGNUM *big_num_y = BN_new();
-
- int ret_val = AWS_OP_ERR;
-
- if (EC_POINT_get_affine_coordinates_GFp(group, pub_key_point, big_num_x, big_num_y, NULL) != 1) {
- aws_raise_error(AWS_ERROR_INVALID_STATE);
- goto clean_up;
- }
-
- size_t x_coor_size = BN_num_bytes(big_num_x);
- size_t y_coor_size = BN_num_bytes(big_num_y);
-
- if (aws_byte_buf_init(&libcrypto_key_pair->key_pair.pub_x, libcrypto_key_pair->key_pair.allocator, x_coor_size)) {
- goto clean_up;
- }
-
- if (aws_byte_buf_init(&libcrypto_key_pair->key_pair.pub_y, libcrypto_key_pair->key_pair.allocator, y_coor_size)) {
- goto clean_up;
- }
-
- BN_bn2bin(big_num_x, libcrypto_key_pair->key_pair.pub_x.buffer);
- BN_bn2bin(big_num_y, libcrypto_key_pair->key_pair.pub_y.buffer);
-
- libcrypto_key_pair->key_pair.pub_x.len = x_coor_size;
- libcrypto_key_pair->key_pair.pub_y.len = y_coor_size;
-
- ret_val = AWS_OP_SUCCESS;
-
-clean_up:
- BN_free(big_num_x);
- BN_free(big_num_y);
-
- return ret_val;
-}
-
-static int s_derive_public_key(struct aws_ecc_key_pair *key_pair) {
- struct libcrypto_ecc_key *libcrypto_key_pair = key_pair->impl;
-
- if (!libcrypto_key_pair->key_pair.priv_d.buffer) {
- return aws_raise_error(AWS_ERROR_INVALID_STATE);
- }
-
- /* we already have a public key. */
- if (libcrypto_key_pair->key_pair.pub_x.len) {
- return AWS_OP_SUCCESS;
- }
-
- BIGNUM *priv_key_num =
- BN_bin2bn(libcrypto_key_pair->key_pair.priv_d.buffer, libcrypto_key_pair->key_pair.priv_d.len, NULL);
-
- const EC_GROUP *group = EC_KEY_get0_group(libcrypto_key_pair->ec_key);
- EC_POINT *point = EC_POINT_new(group);
-
- EC_POINT_mul(group, point, priv_key_num, NULL, NULL, NULL);
- BN_free(priv_key_num);
-
- EC_KEY_set_public_key(libcrypto_key_pair->ec_key, point);
- int ret_val = s_fill_in_public_key_info(libcrypto_key_pair, group, point);
- EC_POINT_free(point);
- return ret_val;
-}
-
-static struct aws_ecc_key_pair_vtable vtable = {
- .sign_message = s_sign_payload,
- .verify_signature = s_verify_payload,
- .derive_pub_key = s_derive_public_key,
- .signature_length = s_signature_length,
- .destroy = s_key_pair_destroy,
-};
-
-struct aws_ecc_key_pair *aws_ecc_key_pair_new_from_private_key(
- struct aws_allocator *allocator,
- enum aws_ecc_curve_name curve_name,
- const struct aws_byte_cursor *priv_key) {
-
- size_t key_length = aws_ecc_key_coordinate_byte_size_from_curve_name(curve_name);
- if (priv_key->len != key_length) {
- aws_raise_error(AWS_ERROR_CAL_INVALID_KEY_LENGTH_FOR_ALGORITHM);
- return NULL;
- }
-
- struct libcrypto_ecc_key *key_impl = aws_mem_calloc(allocator, 1, sizeof(struct libcrypto_ecc_key));
-
- key_impl->ec_key = EC_KEY_new_by_curve_name(s_curve_name_to_nid(curve_name));
- key_impl->key_pair.curve_name = curve_name;
- key_impl->key_pair.allocator = allocator;
- key_impl->key_pair.vtable = &vtable;
- key_impl->key_pair.impl = key_impl;
- aws_atomic_init_int(&key_impl->key_pair.ref_count, 1);
- aws_byte_buf_init_copy_from_cursor(&key_impl->key_pair.priv_d, allocator, *priv_key);
-
- BIGNUM *priv_key_num = BN_bin2bn(key_impl->key_pair.priv_d.buffer, key_impl->key_pair.priv_d.len, NULL);
- if (!EC_KEY_set_private_key(key_impl->ec_key, priv_key_num)) {
- aws_raise_error(AWS_ERROR_INVALID_ARGUMENT);
- BN_free(priv_key_num);
- s_key_pair_destroy(&key_impl->key_pair);
- return NULL;
- }
- BN_free(priv_key_num);
- return &key_impl->key_pair;
-}
-
-struct aws_ecc_key_pair *aws_ecc_key_pair_new_generate_random(
- struct aws_allocator *allocator,
- enum aws_ecc_curve_name curve_name) {
- struct libcrypto_ecc_key *key_impl = aws_mem_calloc(allocator, 1, sizeof(struct libcrypto_ecc_key));
-
- key_impl->ec_key = EC_KEY_new_by_curve_name(s_curve_name_to_nid(curve_name));
- key_impl->key_pair.curve_name = curve_name;
- key_impl->key_pair.allocator = allocator;
- key_impl->key_pair.vtable = &vtable;
- key_impl->key_pair.impl = key_impl;
- aws_atomic_init_int(&key_impl->key_pair.ref_count, 1);
-
- if (EC_KEY_generate_key(key_impl->ec_key) != 1) {
- goto error;
- }
-
- const EC_POINT *pub_key_point = EC_KEY_get0_public_key(key_impl->ec_key);
- const EC_GROUP *group = EC_KEY_get0_group(key_impl->ec_key);
-
- const BIGNUM *private_key_num = EC_KEY_get0_private_key(key_impl->ec_key);
- size_t priv_key_size = BN_num_bytes(private_key_num);
- if (aws_byte_buf_init(&key_impl->key_pair.priv_d, allocator, priv_key_size)) {
- goto error;
- }
-
- BN_bn2bin(private_key_num, key_impl->key_pair.priv_d.buffer);
- key_impl->key_pair.priv_d.len = priv_key_size;
-
- if (!s_fill_in_public_key_info(key_impl, group, pub_key_point)) {
- return &key_impl->key_pair;
- }
-
-error:
- s_key_pair_destroy(&key_impl->key_pair);
- return NULL;
-}
-
-struct aws_ecc_key_pair *aws_ecc_key_pair_new_from_public_key(
- struct aws_allocator *allocator,
- enum aws_ecc_curve_name curve_name,
- const struct aws_byte_cursor *public_key_x,
- const struct aws_byte_cursor *public_key_y) {
- struct libcrypto_ecc_key *key_impl = aws_mem_calloc(allocator, 1, sizeof(struct libcrypto_ecc_key));
- BIGNUM *pub_x_num = NULL;
- BIGNUM *pub_y_num = NULL;
- EC_POINT *point = NULL;
-
- if (!key_impl) {
- return NULL;
- }
-
- key_impl->ec_key = EC_KEY_new_by_curve_name(s_curve_name_to_nid(curve_name));
- key_impl->key_pair.curve_name = curve_name;
- key_impl->key_pair.allocator = allocator;
- key_impl->key_pair.vtable = &vtable;
- key_impl->key_pair.impl = key_impl;
- aws_atomic_init_int(&key_impl->key_pair.ref_count, 1);
-
- if (aws_byte_buf_init_copy_from_cursor(&key_impl->key_pair.pub_x, allocator, *public_key_x)) {
- s_key_pair_destroy(&key_impl->key_pair);
- return NULL;
- }
-
- if (aws_byte_buf_init_copy_from_cursor(&key_impl->key_pair.pub_y, allocator, *public_key_y)) {
- s_key_pair_destroy(&key_impl->key_pair);
- return NULL;
- }
-
- pub_x_num = BN_bin2bn(public_key_x->ptr, public_key_x->len, NULL);
- pub_y_num = BN_bin2bn(public_key_y->ptr, public_key_y->len, NULL);
-
- const EC_GROUP *group = EC_KEY_get0_group(key_impl->ec_key);
- point = EC_POINT_new(group);
-
- if (EC_POINT_set_affine_coordinates_GFp(group, point, pub_x_num, pub_y_num, NULL) != 1) {
- goto error;
- }
-
- if (EC_KEY_set_public_key(key_impl->ec_key, point) != 1) {
- goto error;
- }
-
- EC_POINT_free(point);
- BN_free(pub_x_num);
- BN_free(pub_y_num);
-
- return &key_impl->key_pair;
-
-error:
- if (point) {
- EC_POINT_free(point);
- }
-
- if (pub_x_num) {
- BN_free(pub_x_num);
- }
-
- if (pub_y_num) {
- BN_free(pub_y_num);
- }
-
- s_key_pair_destroy(&key_impl->key_pair);
-
- return NULL;
-}
-
-struct aws_ecc_key_pair *aws_ecc_key_pair_new_from_asn1(
- struct aws_allocator *allocator,
- const struct aws_byte_cursor *encoded_keys) {
-
- struct aws_ecc_key_pair *key = NULL;
- struct aws_der_decoder *decoder = aws_der_decoder_new(allocator, *encoded_keys);
-
- if (!decoder) {
- return NULL;
- }
-
- struct aws_byte_cursor pub_x;
- struct aws_byte_cursor pub_y;
- struct aws_byte_cursor priv_d;
-
- enum aws_ecc_curve_name curve_name;
- if (aws_der_decoder_load_ecc_key_pair(decoder, &pub_x, &pub_y, &priv_d, &curve_name)) {
- goto error;
- }
-
- if (priv_d.ptr) {
- struct libcrypto_ecc_key *key_impl = aws_mem_calloc(allocator, 1, sizeof(struct libcrypto_ecc_key));
- key_impl->key_pair.curve_name = curve_name;
- /* as awkward as it seems, there's not a great way to manually set the public key, so let openssl just parse
- * the der document manually now that we know what parts are what. */
- if (!d2i_ECPrivateKey(&key_impl->ec_key, (const unsigned char **)&encoded_keys->ptr, encoded_keys->len)) {
- aws_mem_release(allocator, key_impl);
- aws_raise_error(AWS_ERROR_CAL_MISSING_REQUIRED_KEY_COMPONENT);
- goto error;
- }
-
- key_impl->key_pair.allocator = allocator;
- key_impl->key_pair.vtable = &vtable;
- key_impl->key_pair.impl = key_impl;
- aws_atomic_init_int(&key_impl->key_pair.ref_count, 1);
- key = &key_impl->key_pair;
-
- struct aws_byte_buf temp_buf;
- AWS_ZERO_STRUCT(temp_buf);
-
- if (pub_x.ptr) {
- temp_buf = aws_byte_buf_from_array(pub_x.ptr, pub_x.len);
- if (aws_byte_buf_init_copy(&key->pub_x, allocator, &temp_buf)) {
- goto error;
- }
- }
-
- if (pub_y.ptr) {
- temp_buf = aws_byte_buf_from_array(pub_y.ptr, pub_y.len);
- if (aws_byte_buf_init_copy(&key->pub_y, allocator, &temp_buf)) {
- goto error;
- }
- }
-
- if (priv_d.ptr) {
- temp_buf = aws_byte_buf_from_array(priv_d.ptr, priv_d.len);
- if (aws_byte_buf_init_copy(&key->priv_d, allocator, &temp_buf)) {
- goto error;
- }
- }
-
- } else {
- key = aws_ecc_key_pair_new_from_public_key(allocator, curve_name, &pub_x, &pub_y);
-
- if (!key) {
- goto error;
- }
- }
-
- aws_der_decoder_destroy(decoder);
- return key;
-
-error:
- aws_der_decoder_destroy(decoder);
- s_key_pair_destroy(key);
-
- return NULL;
-}
+/**
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0.
+ */
+#include <aws/cal/private/ecc.h>
+
+#include <aws/cal/cal.h>
+#include <aws/cal/private/der.h>
+
+#include <openssl/bn.h>
+#include <openssl/ec.h>
+#include <openssl/ecdsa.h>
+#include <openssl/obj_mac.h>
+
+struct libcrypto_ecc_key {
+ struct aws_ecc_key_pair key_pair;
+ EC_KEY *ec_key;
+};
+
+static int s_curve_name_to_nid(enum aws_ecc_curve_name curve_name) {
+ switch (curve_name) {
+ case AWS_CAL_ECDSA_P256:
+ return NID_X9_62_prime256v1;
+ case AWS_CAL_ECDSA_P384:
+ return NID_secp384r1;
+ }
+
+ AWS_FATAL_ASSERT(!"Unsupported elliptic curve name");
+ return -1;
+}
+
+static void s_key_pair_destroy(struct aws_ecc_key_pair *key_pair) {
+
+ if (key_pair) {
+ aws_byte_buf_clean_up(&key_pair->pub_x);
+ aws_byte_buf_clean_up(&key_pair->pub_y);
+ aws_byte_buf_clean_up_secure(&key_pair->priv_d);
+
+ struct libcrypto_ecc_key *key_impl = key_pair->impl;
+
+ if (key_impl->ec_key) {
+ EC_KEY_free(key_impl->ec_key);
+ }
+ aws_mem_release(key_pair->allocator, key_pair);
+ }
+}
+
+static int s_sign_payload(
+ const struct aws_ecc_key_pair *key_pair,
+ const struct aws_byte_cursor *hash,
+ struct aws_byte_buf *signature_output) {
+ struct libcrypto_ecc_key *libcrypto_key_pair = key_pair->impl;
+
+ unsigned int signature_size = signature_output->capacity - signature_output->len;
+ int ret_val = ECDSA_sign(
+ 0,
+ hash->ptr,
+ hash->len,
+ signature_output->buffer + signature_output->len,
+ &signature_size,
+ libcrypto_key_pair->ec_key);
+ signature_output->len += signature_size;
+
+ return ret_val == 1 ? AWS_OP_SUCCESS : aws_raise_error(AWS_ERROR_INVALID_ARGUMENT);
+}
+
+static int s_verify_payload(
+ const struct aws_ecc_key_pair *key_pair,
+ const struct aws_byte_cursor *hash,
+ const struct aws_byte_cursor *signature) {
+ struct libcrypto_ecc_key *libcrypto_key_pair = key_pair->impl;
+
+ return ECDSA_verify(0, hash->ptr, hash->len, signature->ptr, signature->len, libcrypto_key_pair->ec_key) == 1
+ ? AWS_OP_SUCCESS
+ : aws_raise_error(AWS_ERROR_CAL_SIGNATURE_VALIDATION_FAILED);
+}
+
+static size_t s_signature_length(const struct aws_ecc_key_pair *key_pair) {
+ struct libcrypto_ecc_key *libcrypto_key_pair = key_pair->impl;
+
+ return ECDSA_size(libcrypto_key_pair->ec_key);
+}
+
+static int s_fill_in_public_key_info(
+ struct libcrypto_ecc_key *libcrypto_key_pair,
+ const EC_GROUP *group,
+ const EC_POINT *pub_key_point) {
+ BIGNUM *big_num_x = BN_new();
+ BIGNUM *big_num_y = BN_new();
+
+ int ret_val = AWS_OP_ERR;
+
+ if (EC_POINT_get_affine_coordinates_GFp(group, pub_key_point, big_num_x, big_num_y, NULL) != 1) {
+ aws_raise_error(AWS_ERROR_INVALID_STATE);
+ goto clean_up;
+ }
+
+ size_t x_coor_size = BN_num_bytes(big_num_x);
+ size_t y_coor_size = BN_num_bytes(big_num_y);
+
+ if (aws_byte_buf_init(&libcrypto_key_pair->key_pair.pub_x, libcrypto_key_pair->key_pair.allocator, x_coor_size)) {
+ goto clean_up;
+ }
+
+ if (aws_byte_buf_init(&libcrypto_key_pair->key_pair.pub_y, libcrypto_key_pair->key_pair.allocator, y_coor_size)) {
+ goto clean_up;
+ }
+
+ BN_bn2bin(big_num_x, libcrypto_key_pair->key_pair.pub_x.buffer);
+ BN_bn2bin(big_num_y, libcrypto_key_pair->key_pair.pub_y.buffer);
+
+ libcrypto_key_pair->key_pair.pub_x.len = x_coor_size;
+ libcrypto_key_pair->key_pair.pub_y.len = y_coor_size;
+
+ ret_val = AWS_OP_SUCCESS;
+
+clean_up:
+ BN_free(big_num_x);
+ BN_free(big_num_y);
+
+ return ret_val;
+}
+
+static int s_derive_public_key(struct aws_ecc_key_pair *key_pair) {
+ struct libcrypto_ecc_key *libcrypto_key_pair = key_pair->impl;
+
+ if (!libcrypto_key_pair->key_pair.priv_d.buffer) {
+ return aws_raise_error(AWS_ERROR_INVALID_STATE);
+ }
+
+ /* we already have a public key. */
+ if (libcrypto_key_pair->key_pair.pub_x.len) {
+ return AWS_OP_SUCCESS;
+ }
+
+ BIGNUM *priv_key_num =
+ BN_bin2bn(libcrypto_key_pair->key_pair.priv_d.buffer, libcrypto_key_pair->key_pair.priv_d.len, NULL);
+
+ const EC_GROUP *group = EC_KEY_get0_group(libcrypto_key_pair->ec_key);
+ EC_POINT *point = EC_POINT_new(group);
+
+ EC_POINT_mul(group, point, priv_key_num, NULL, NULL, NULL);
+ BN_free(priv_key_num);
+
+ EC_KEY_set_public_key(libcrypto_key_pair->ec_key, point);
+ int ret_val = s_fill_in_public_key_info(libcrypto_key_pair, group, point);
+ EC_POINT_free(point);
+ return ret_val;
+}
+
+static struct aws_ecc_key_pair_vtable vtable = {
+ .sign_message = s_sign_payload,
+ .verify_signature = s_verify_payload,
+ .derive_pub_key = s_derive_public_key,
+ .signature_length = s_signature_length,
+ .destroy = s_key_pair_destroy,
+};
+
+struct aws_ecc_key_pair *aws_ecc_key_pair_new_from_private_key(
+ struct aws_allocator *allocator,
+ enum aws_ecc_curve_name curve_name,
+ const struct aws_byte_cursor *priv_key) {
+
+ size_t key_length = aws_ecc_key_coordinate_byte_size_from_curve_name(curve_name);
+ if (priv_key->len != key_length) {
+ aws_raise_error(AWS_ERROR_CAL_INVALID_KEY_LENGTH_FOR_ALGORITHM);
+ return NULL;
+ }
+
+ struct libcrypto_ecc_key *key_impl = aws_mem_calloc(allocator, 1, sizeof(struct libcrypto_ecc_key));
+
+ key_impl->ec_key = EC_KEY_new_by_curve_name(s_curve_name_to_nid(curve_name));
+ key_impl->key_pair.curve_name = curve_name;
+ key_impl->key_pair.allocator = allocator;
+ key_impl->key_pair.vtable = &vtable;
+ key_impl->key_pair.impl = key_impl;
+ aws_atomic_init_int(&key_impl->key_pair.ref_count, 1);
+ aws_byte_buf_init_copy_from_cursor(&key_impl->key_pair.priv_d, allocator, *priv_key);
+
+ BIGNUM *priv_key_num = BN_bin2bn(key_impl->key_pair.priv_d.buffer, key_impl->key_pair.priv_d.len, NULL);
+ if (!EC_KEY_set_private_key(key_impl->ec_key, priv_key_num)) {
+ aws_raise_error(AWS_ERROR_INVALID_ARGUMENT);
+ BN_free(priv_key_num);
+ s_key_pair_destroy(&key_impl->key_pair);
+ return NULL;
+ }
+ BN_free(priv_key_num);
+ return &key_impl->key_pair;
+}
+
+struct aws_ecc_key_pair *aws_ecc_key_pair_new_generate_random(
+ struct aws_allocator *allocator,
+ enum aws_ecc_curve_name curve_name) {
+ struct libcrypto_ecc_key *key_impl = aws_mem_calloc(allocator, 1, sizeof(struct libcrypto_ecc_key));
+
+ key_impl->ec_key = EC_KEY_new_by_curve_name(s_curve_name_to_nid(curve_name));
+ key_impl->key_pair.curve_name = curve_name;
+ key_impl->key_pair.allocator = allocator;
+ key_impl->key_pair.vtable = &vtable;
+ key_impl->key_pair.impl = key_impl;
+ aws_atomic_init_int(&key_impl->key_pair.ref_count, 1);
+
+ if (EC_KEY_generate_key(key_impl->ec_key) != 1) {
+ goto error;
+ }
+
+ const EC_POINT *pub_key_point = EC_KEY_get0_public_key(key_impl->ec_key);
+ const EC_GROUP *group = EC_KEY_get0_group(key_impl->ec_key);
+
+ const BIGNUM *private_key_num = EC_KEY_get0_private_key(key_impl->ec_key);
+ size_t priv_key_size = BN_num_bytes(private_key_num);
+ if (aws_byte_buf_init(&key_impl->key_pair.priv_d, allocator, priv_key_size)) {
+ goto error;
+ }
+
+ BN_bn2bin(private_key_num, key_impl->key_pair.priv_d.buffer);
+ key_impl->key_pair.priv_d.len = priv_key_size;
+
+ if (!s_fill_in_public_key_info(key_impl, group, pub_key_point)) {
+ return &key_impl->key_pair;
+ }
+
+error:
+ s_key_pair_destroy(&key_impl->key_pair);
+ return NULL;
+}
+
+struct aws_ecc_key_pair *aws_ecc_key_pair_new_from_public_key(
+ struct aws_allocator *allocator,
+ enum aws_ecc_curve_name curve_name,
+ const struct aws_byte_cursor *public_key_x,
+ const struct aws_byte_cursor *public_key_y) {
+ struct libcrypto_ecc_key *key_impl = aws_mem_calloc(allocator, 1, sizeof(struct libcrypto_ecc_key));
+ BIGNUM *pub_x_num = NULL;
+ BIGNUM *pub_y_num = NULL;
+ EC_POINT *point = NULL;
+
+ if (!key_impl) {
+ return NULL;
+ }
+
+ key_impl->ec_key = EC_KEY_new_by_curve_name(s_curve_name_to_nid(curve_name));
+ key_impl->key_pair.curve_name = curve_name;
+ key_impl->key_pair.allocator = allocator;
+ key_impl->key_pair.vtable = &vtable;
+ key_impl->key_pair.impl = key_impl;
+ aws_atomic_init_int(&key_impl->key_pair.ref_count, 1);
+
+ if (aws_byte_buf_init_copy_from_cursor(&key_impl->key_pair.pub_x, allocator, *public_key_x)) {
+ s_key_pair_destroy(&key_impl->key_pair);
+ return NULL;
+ }
+
+ if (aws_byte_buf_init_copy_from_cursor(&key_impl->key_pair.pub_y, allocator, *public_key_y)) {
+ s_key_pair_destroy(&key_impl->key_pair);
+ return NULL;
+ }
+
+ pub_x_num = BN_bin2bn(public_key_x->ptr, public_key_x->len, NULL);
+ pub_y_num = BN_bin2bn(public_key_y->ptr, public_key_y->len, NULL);
+
+ const EC_GROUP *group = EC_KEY_get0_group(key_impl->ec_key);
+ point = EC_POINT_new(group);
+
+ if (EC_POINT_set_affine_coordinates_GFp(group, point, pub_x_num, pub_y_num, NULL) != 1) {
+ goto error;
+ }
+
+ if (EC_KEY_set_public_key(key_impl->ec_key, point) != 1) {
+ goto error;
+ }
+
+ EC_POINT_free(point);
+ BN_free(pub_x_num);
+ BN_free(pub_y_num);
+
+ return &key_impl->key_pair;
+
+error:
+ if (point) {
+ EC_POINT_free(point);
+ }
+
+ if (pub_x_num) {
+ BN_free(pub_x_num);
+ }
+
+ if (pub_y_num) {
+ BN_free(pub_y_num);
+ }
+
+ s_key_pair_destroy(&key_impl->key_pair);
+
+ return NULL;
+}
+
+struct aws_ecc_key_pair *aws_ecc_key_pair_new_from_asn1(
+ struct aws_allocator *allocator,
+ const struct aws_byte_cursor *encoded_keys) {
+
+ struct aws_ecc_key_pair *key = NULL;
+ struct aws_der_decoder *decoder = aws_der_decoder_new(allocator, *encoded_keys);
+
+ if (!decoder) {
+ return NULL;
+ }
+
+ struct aws_byte_cursor pub_x;
+ struct aws_byte_cursor pub_y;
+ struct aws_byte_cursor priv_d;
+
+ enum aws_ecc_curve_name curve_name;
+ if (aws_der_decoder_load_ecc_key_pair(decoder, &pub_x, &pub_y, &priv_d, &curve_name)) {
+ goto error;
+ }
+
+ if (priv_d.ptr) {
+ struct libcrypto_ecc_key *key_impl = aws_mem_calloc(allocator, 1, sizeof(struct libcrypto_ecc_key));
+ key_impl->key_pair.curve_name = curve_name;
+ /* as awkward as it seems, there's not a great way to manually set the public key, so let openssl just parse
+ * the der document manually now that we know what parts are what. */
+ if (!d2i_ECPrivateKey(&key_impl->ec_key, (const unsigned char **)&encoded_keys->ptr, encoded_keys->len)) {
+ aws_mem_release(allocator, key_impl);
+ aws_raise_error(AWS_ERROR_CAL_MISSING_REQUIRED_KEY_COMPONENT);
+ goto error;
+ }
+
+ key_impl->key_pair.allocator = allocator;
+ key_impl->key_pair.vtable = &vtable;
+ key_impl->key_pair.impl = key_impl;
+ aws_atomic_init_int(&key_impl->key_pair.ref_count, 1);
+ key = &key_impl->key_pair;
+
+ struct aws_byte_buf temp_buf;
+ AWS_ZERO_STRUCT(temp_buf);
+
+ if (pub_x.ptr) {
+ temp_buf = aws_byte_buf_from_array(pub_x.ptr, pub_x.len);
+ if (aws_byte_buf_init_copy(&key->pub_x, allocator, &temp_buf)) {
+ goto error;
+ }
+ }
+
+ if (pub_y.ptr) {
+ temp_buf = aws_byte_buf_from_array(pub_y.ptr, pub_y.len);
+ if (aws_byte_buf_init_copy(&key->pub_y, allocator, &temp_buf)) {
+ goto error;
+ }
+ }
+
+ if (priv_d.ptr) {
+ temp_buf = aws_byte_buf_from_array(priv_d.ptr, priv_d.len);
+ if (aws_byte_buf_init_copy(&key->priv_d, allocator, &temp_buf)) {
+ goto error;
+ }
+ }
+
+ } else {
+ key = aws_ecc_key_pair_new_from_public_key(allocator, curve_name, &pub_x, &pub_y);
+
+ if (!key) {
+ goto error;
+ }
+ }
+
+ aws_der_decoder_destroy(decoder);
+ return key;
+
+error:
+ aws_der_decoder_destroy(decoder);
+ s_key_pair_destroy(key);
+
+ return NULL;
+}
diff --git a/contrib/restricted/aws/aws-c-cal/source/unix/opensslcrypto_hash.c b/contrib/restricted/aws/aws-c-cal/source/unix/opensslcrypto_hash.c
index e74237eec4..05422a6f16 100644
--- a/contrib/restricted/aws/aws-c-cal/source/unix/opensslcrypto_hash.c
+++ b/contrib/restricted/aws/aws-c-cal/source/unix/opensslcrypto_hash.c
@@ -1,139 +1,139 @@
-/**
- * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
- * SPDX-License-Identifier: Apache-2.0.
- */
-#include <aws/cal/hash.h>
-#include <aws/cal/private/opensslcrypto_common.h>
-
-#include <openssl/evp.h>
-#include <openssl/sha.h>
-
-static void s_destroy(struct aws_hash *hash);
-static int s_update(struct aws_hash *hash, const struct aws_byte_cursor *to_hash);
-static int s_finalize(struct aws_hash *hash, struct aws_byte_buf *output);
-
-static struct aws_hash_vtable s_md5_vtable = {
- .destroy = s_destroy,
- .update = s_update,
- .finalize = s_finalize,
- .alg_name = "MD5",
- .provider = "OpenSSL Compatible libcrypto",
-};
-
-static struct aws_hash_vtable s_sha256_vtable = {
- .destroy = s_destroy,
- .update = s_update,
- .finalize = s_finalize,
- .alg_name = "SHA256",
- .provider = "OpenSSL Compatible libcrypto",
-};
-
-static void s_destroy(struct aws_hash *hash) {
- if (hash == NULL) {
- return;
- }
-
- EVP_MD_CTX *ctx = hash->impl;
- if (ctx != NULL) {
- g_aws_openssl_evp_md_ctx_table->free_fn(ctx);
- }
-
- aws_mem_release(hash->allocator, hash);
-}
-
-struct aws_hash *aws_md5_default_new(struct aws_allocator *allocator) {
- struct aws_hash *hash = aws_mem_acquire(allocator, sizeof(struct aws_hash));
-
- if (!hash) {
- return NULL;
- }
-
- hash->allocator = allocator;
- hash->vtable = &s_md5_vtable;
- hash->digest_size = AWS_MD5_LEN;
- EVP_MD_CTX *ctx = g_aws_openssl_evp_md_ctx_table->new_fn();
- hash->impl = ctx;
- hash->good = true;
-
- if (!hash->impl) {
- s_destroy(hash);
- aws_raise_error(AWS_ERROR_OOM);
- return NULL;
- }
-
- if (!g_aws_openssl_evp_md_ctx_table->init_ex_fn(ctx, EVP_md5(), NULL)) {
- s_destroy(hash);
- aws_raise_error(AWS_ERROR_UNKNOWN);
- return NULL;
- }
-
- return hash;
-}
-
-struct aws_hash *aws_sha256_default_new(struct aws_allocator *allocator) {
- struct aws_hash *hash = aws_mem_acquire(allocator, sizeof(struct aws_hash));
-
- if (!hash) {
- return NULL;
- }
-
- hash->allocator = allocator;
- hash->vtable = &s_sha256_vtable;
- hash->digest_size = AWS_SHA256_LEN;
- EVP_MD_CTX *ctx = g_aws_openssl_evp_md_ctx_table->new_fn();
- hash->impl = ctx;
- hash->good = true;
-
- if (!hash->impl) {
- s_destroy(hash);
- aws_raise_error(AWS_ERROR_OOM);
- return NULL;
- }
-
- if (!g_aws_openssl_evp_md_ctx_table->init_ex_fn(ctx, EVP_sha256(), NULL)) {
- s_destroy(hash);
- aws_raise_error(AWS_ERROR_UNKNOWN);
- return NULL;
- }
-
- return hash;
-}
-
-static int s_update(struct aws_hash *hash, const struct aws_byte_cursor *to_hash) {
- if (!hash->good) {
- return aws_raise_error(AWS_ERROR_INVALID_STATE);
- }
-
- EVP_MD_CTX *ctx = hash->impl;
-
- if (AWS_LIKELY(g_aws_openssl_evp_md_ctx_table->update_fn(ctx, to_hash->ptr, to_hash->len))) {
- return AWS_OP_SUCCESS;
- }
-
- hash->good = false;
- return aws_raise_error(AWS_ERROR_INVALID_ARGUMENT);
-}
-
-static int s_finalize(struct aws_hash *hash, struct aws_byte_buf *output) {
- if (!hash->good) {
- return aws_raise_error(AWS_ERROR_INVALID_STATE);
- }
-
- EVP_MD_CTX *ctx = hash->impl;
-
- size_t buffer_len = output->capacity - output->len;
-
- if (buffer_len < hash->digest_size) {
- return aws_raise_error(AWS_ERROR_SHORT_BUFFER);
- }
-
- if (AWS_LIKELY(g_aws_openssl_evp_md_ctx_table->final_ex_fn(
- ctx, output->buffer + output->len, (unsigned int *)&buffer_len))) {
- output->len += buffer_len;
- hash->good = false;
- return AWS_OP_SUCCESS;
- }
-
- hash->good = false;
- return aws_raise_error(AWS_ERROR_INVALID_ARGUMENT);
-}
+/**
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0.
+ */
+#include <aws/cal/hash.h>
+#include <aws/cal/private/opensslcrypto_common.h>
+
+#include <openssl/evp.h>
+#include <openssl/sha.h>
+
+static void s_destroy(struct aws_hash *hash);
+static int s_update(struct aws_hash *hash, const struct aws_byte_cursor *to_hash);
+static int s_finalize(struct aws_hash *hash, struct aws_byte_buf *output);
+
+static struct aws_hash_vtable s_md5_vtable = {
+ .destroy = s_destroy,
+ .update = s_update,
+ .finalize = s_finalize,
+ .alg_name = "MD5",
+ .provider = "OpenSSL Compatible libcrypto",
+};
+
+static struct aws_hash_vtable s_sha256_vtable = {
+ .destroy = s_destroy,
+ .update = s_update,
+ .finalize = s_finalize,
+ .alg_name = "SHA256",
+ .provider = "OpenSSL Compatible libcrypto",
+};
+
+static void s_destroy(struct aws_hash *hash) {
+ if (hash == NULL) {
+ return;
+ }
+
+ EVP_MD_CTX *ctx = hash->impl;
+ if (ctx != NULL) {
+ g_aws_openssl_evp_md_ctx_table->free_fn(ctx);
+ }
+
+ aws_mem_release(hash->allocator, hash);
+}
+
+struct aws_hash *aws_md5_default_new(struct aws_allocator *allocator) {
+ struct aws_hash *hash = aws_mem_acquire(allocator, sizeof(struct aws_hash));
+
+ if (!hash) {
+ return NULL;
+ }
+
+ hash->allocator = allocator;
+ hash->vtable = &s_md5_vtable;
+ hash->digest_size = AWS_MD5_LEN;
+ EVP_MD_CTX *ctx = g_aws_openssl_evp_md_ctx_table->new_fn();
+ hash->impl = ctx;
+ hash->good = true;
+
+ if (!hash->impl) {
+ s_destroy(hash);
+ aws_raise_error(AWS_ERROR_OOM);
+ return NULL;
+ }
+
+ if (!g_aws_openssl_evp_md_ctx_table->init_ex_fn(ctx, EVP_md5(), NULL)) {
+ s_destroy(hash);
+ aws_raise_error(AWS_ERROR_UNKNOWN);
+ return NULL;
+ }
+
+ return hash;
+}
+
+struct aws_hash *aws_sha256_default_new(struct aws_allocator *allocator) {
+ struct aws_hash *hash = aws_mem_acquire(allocator, sizeof(struct aws_hash));
+
+ if (!hash) {
+ return NULL;
+ }
+
+ hash->allocator = allocator;
+ hash->vtable = &s_sha256_vtable;
+ hash->digest_size = AWS_SHA256_LEN;
+ EVP_MD_CTX *ctx = g_aws_openssl_evp_md_ctx_table->new_fn();
+ hash->impl = ctx;
+ hash->good = true;
+
+ if (!hash->impl) {
+ s_destroy(hash);
+ aws_raise_error(AWS_ERROR_OOM);
+ return NULL;
+ }
+
+ if (!g_aws_openssl_evp_md_ctx_table->init_ex_fn(ctx, EVP_sha256(), NULL)) {
+ s_destroy(hash);
+ aws_raise_error(AWS_ERROR_UNKNOWN);
+ return NULL;
+ }
+
+ return hash;
+}
+
+static int s_update(struct aws_hash *hash, const struct aws_byte_cursor *to_hash) {
+ if (!hash->good) {
+ return aws_raise_error(AWS_ERROR_INVALID_STATE);
+ }
+
+ EVP_MD_CTX *ctx = hash->impl;
+
+ if (AWS_LIKELY(g_aws_openssl_evp_md_ctx_table->update_fn(ctx, to_hash->ptr, to_hash->len))) {
+ return AWS_OP_SUCCESS;
+ }
+
+ hash->good = false;
+ return aws_raise_error(AWS_ERROR_INVALID_ARGUMENT);
+}
+
+static int s_finalize(struct aws_hash *hash, struct aws_byte_buf *output) {
+ if (!hash->good) {
+ return aws_raise_error(AWS_ERROR_INVALID_STATE);
+ }
+
+ EVP_MD_CTX *ctx = hash->impl;
+
+ size_t buffer_len = output->capacity - output->len;
+
+ if (buffer_len < hash->digest_size) {
+ return aws_raise_error(AWS_ERROR_SHORT_BUFFER);
+ }
+
+ if (AWS_LIKELY(g_aws_openssl_evp_md_ctx_table->final_ex_fn(
+ ctx, output->buffer + output->len, (unsigned int *)&buffer_len))) {
+ output->len += buffer_len;
+ hash->good = false;
+ return AWS_OP_SUCCESS;
+ }
+
+ hash->good = false;
+ return aws_raise_error(AWS_ERROR_INVALID_ARGUMENT);
+}
diff --git a/contrib/restricted/aws/aws-c-cal/source/unix/opensslcrypto_hmac.c b/contrib/restricted/aws/aws-c-cal/source/unix/opensslcrypto_hmac.c
index b040ffdf5c..c44295aae0 100644
--- a/contrib/restricted/aws/aws-c-cal/source/unix/opensslcrypto_hmac.c
+++ b/contrib/restricted/aws/aws-c-cal/source/unix/opensslcrypto_hmac.c
@@ -1,122 +1,122 @@
-/**
- * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
- * SPDX-License-Identifier: Apache-2.0.
- */
-#include <aws/cal/hmac.h>
-#include <aws/cal/private/opensslcrypto_common.h>
-
-#include <openssl/evp.h>
-#include <openssl/hmac.h>
-
-static void s_destroy(struct aws_hmac *hmac);
-static int s_update(struct aws_hmac *hmac, const struct aws_byte_cursor *to_hmac);
-static int s_finalize(struct aws_hmac *hmac, struct aws_byte_buf *output);
-
-static struct aws_hmac_vtable s_sha256_hmac_vtable = {
- .destroy = s_destroy,
- .update = s_update,
- .finalize = s_finalize,
- .alg_name = "SHA256 HMAC",
- .provider = "OpenSSL Compatible libcrypto",
-};
-
-static void s_destroy(struct aws_hmac *hmac) {
- if (hmac == NULL) {
- return;
- }
-
- HMAC_CTX *ctx = hmac->impl;
- if (ctx != NULL) {
- g_aws_openssl_hmac_ctx_table->free_fn(ctx);
- }
-
- aws_mem_release(hmac->allocator, hmac);
-}
-
-/*
-typedef struct hmac_ctx_st {
- const EVP_MD *md;
- EVP_MD_CTX md_ctx;
- EVP_MD_CTX i_ctx;
- EVP_MD_CTX o_ctx;
- unsigned int key_length;
- unsigned char key[HMAC_MAX_MD_CBLOCK];
-} HMAC_CTX;
-
-*/
-
-#define SIZEOF_OPENSSL_HMAC_CTX 300 /* <= 288 on 64 bit systems with openssl 1.0.* */
-
-struct aws_hmac *aws_sha256_hmac_default_new(struct aws_allocator *allocator, const struct aws_byte_cursor *secret) {
- AWS_ASSERT(secret->ptr);
-
- struct aws_hmac *hmac = aws_mem_acquire(allocator, sizeof(struct aws_hmac));
-
- if (!hmac) {
- return NULL;
- }
-
- hmac->allocator = allocator;
- hmac->vtable = &s_sha256_hmac_vtable;
- hmac->digest_size = AWS_SHA256_HMAC_LEN;
- HMAC_CTX *ctx = NULL;
- ctx = g_aws_openssl_hmac_ctx_table->new_fn();
-
- if (!ctx) {
- aws_raise_error(AWS_ERROR_OOM);
- aws_mem_release(allocator, hmac);
- return NULL;
- }
-
- g_aws_openssl_hmac_ctx_table->init_fn(ctx);
-
- hmac->impl = ctx;
- hmac->good = true;
-
- if (!g_aws_openssl_hmac_ctx_table->init_ex_fn(ctx, secret->ptr, (int)secret->len, EVP_sha256(), NULL)) {
- s_destroy(hmac);
- aws_raise_error(AWS_ERROR_INVALID_ARGUMENT);
- return NULL;
- }
-
- return hmac;
-}
-
-static int s_update(struct aws_hmac *hmac, const struct aws_byte_cursor *to_hmac) {
- if (!hmac->good) {
- return aws_raise_error(AWS_ERROR_INVALID_STATE);
- }
-
- HMAC_CTX *ctx = hmac->impl;
-
- if (AWS_LIKELY(g_aws_openssl_hmac_ctx_table->update_fn(ctx, to_hmac->ptr, to_hmac->len))) {
- return AWS_OP_SUCCESS;
- }
-
- hmac->good = false;
- return aws_raise_error(AWS_ERROR_INVALID_ARGUMENT);
-}
-
-static int s_finalize(struct aws_hmac *hmac, struct aws_byte_buf *output) {
- if (!hmac->good) {
- return aws_raise_error(AWS_ERROR_INVALID_STATE);
- }
-
- HMAC_CTX *ctx = hmac->impl;
-
- size_t buffer_len = output->capacity - output->len;
-
- if (buffer_len < hmac->digest_size) {
- return aws_raise_error(AWS_ERROR_SHORT_BUFFER);
- }
-
- if (AWS_LIKELY(
- g_aws_openssl_hmac_ctx_table->final_fn(ctx, output->buffer + output->len, (unsigned int *)&buffer_len))) {
- hmac->good = false;
- output->len += buffer_len;
- return AWS_OP_SUCCESS;
- }
-
- hmac->good = false;
- return aws_raise_error(AWS_ERROR_INVALID_ARGUMENT);
-}
+/**
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0.
+ */
+#include <aws/cal/hmac.h>
+#include <aws/cal/private/opensslcrypto_common.h>
+
+#include <openssl/evp.h>
+#include <openssl/hmac.h>
+
+static void s_destroy(struct aws_hmac *hmac);
+static int s_update(struct aws_hmac *hmac, const struct aws_byte_cursor *to_hmac);
+static int s_finalize(struct aws_hmac *hmac, struct aws_byte_buf *output);
+
+static struct aws_hmac_vtable s_sha256_hmac_vtable = {
+ .destroy = s_destroy,
+ .update = s_update,
+ .finalize = s_finalize,
+ .alg_name = "SHA256 HMAC",
+ .provider = "OpenSSL Compatible libcrypto",
+};
+
+static void s_destroy(struct aws_hmac *hmac) {
+ if (hmac == NULL) {
+ return;
+ }
+
+ HMAC_CTX *ctx = hmac->impl;
+ if (ctx != NULL) {
+ g_aws_openssl_hmac_ctx_table->free_fn(ctx);
+ }
+
+ aws_mem_release(hmac->allocator, hmac);
+}
+
+/*
+typedef struct hmac_ctx_st {
+ const EVP_MD *md;
+ EVP_MD_CTX md_ctx;
+ EVP_MD_CTX i_ctx;
+ EVP_MD_CTX o_ctx;
+ unsigned int key_length;
+ unsigned char key[HMAC_MAX_MD_CBLOCK];
+} HMAC_CTX;
+
+*/
+
+#define SIZEOF_OPENSSL_HMAC_CTX 300 /* <= 288 on 64 bit systems with openssl 1.0.* */
+
+struct aws_hmac *aws_sha256_hmac_default_new(struct aws_allocator *allocator, const struct aws_byte_cursor *secret) {
+ AWS_ASSERT(secret->ptr);
+
+ struct aws_hmac *hmac = aws_mem_acquire(allocator, sizeof(struct aws_hmac));
+
+ if (!hmac) {
+ return NULL;
+ }
+
+ hmac->allocator = allocator;
+ hmac->vtable = &s_sha256_hmac_vtable;
+ hmac->digest_size = AWS_SHA256_HMAC_LEN;
+ HMAC_CTX *ctx = NULL;
+ ctx = g_aws_openssl_hmac_ctx_table->new_fn();
+
+ if (!ctx) {
+ aws_raise_error(AWS_ERROR_OOM);
+ aws_mem_release(allocator, hmac);
+ return NULL;
+ }
+
+ g_aws_openssl_hmac_ctx_table->init_fn(ctx);
+
+ hmac->impl = ctx;
+ hmac->good = true;
+
+ if (!g_aws_openssl_hmac_ctx_table->init_ex_fn(ctx, secret->ptr, (int)secret->len, EVP_sha256(), NULL)) {
+ s_destroy(hmac);
+ aws_raise_error(AWS_ERROR_INVALID_ARGUMENT);
+ return NULL;
+ }
+
+ return hmac;
+}
+
+static int s_update(struct aws_hmac *hmac, const struct aws_byte_cursor *to_hmac) {
+ if (!hmac->good) {
+ return aws_raise_error(AWS_ERROR_INVALID_STATE);
+ }
+
+ HMAC_CTX *ctx = hmac->impl;
+
+ if (AWS_LIKELY(g_aws_openssl_hmac_ctx_table->update_fn(ctx, to_hmac->ptr, to_hmac->len))) {
+ return AWS_OP_SUCCESS;
+ }
+
+ hmac->good = false;
+ return aws_raise_error(AWS_ERROR_INVALID_ARGUMENT);
+}
+
+static int s_finalize(struct aws_hmac *hmac, struct aws_byte_buf *output) {
+ if (!hmac->good) {
+ return aws_raise_error(AWS_ERROR_INVALID_STATE);
+ }
+
+ HMAC_CTX *ctx = hmac->impl;
+
+ size_t buffer_len = output->capacity - output->len;
+
+ if (buffer_len < hmac->digest_size) {
+ return aws_raise_error(AWS_ERROR_SHORT_BUFFER);
+ }
+
+ if (AWS_LIKELY(
+ g_aws_openssl_hmac_ctx_table->final_fn(ctx, output->buffer + output->len, (unsigned int *)&buffer_len))) {
+ hmac->good = false;
+ output->len += buffer_len;
+ return AWS_OP_SUCCESS;
+ }
+
+ hmac->good = false;
+ return aws_raise_error(AWS_ERROR_INVALID_ARGUMENT);
+}
diff --git a/contrib/restricted/aws/aws-c-cal/ya.make b/contrib/restricted/aws/aws-c-cal/ya.make
index 9c4193a677..522f585b59 100644
--- a/contrib/restricted/aws/aws-c-cal/ya.make
+++ b/contrib/restricted/aws/aws-c-cal/ya.make
@@ -1,41 +1,41 @@
-# Generated by devtools/yamaker.
-
-LIBRARY()
-
+# Generated by devtools/yamaker.
+
+LIBRARY()
+
OWNER(
orivej
g:cpp-contrib
)
-
-VERSION(0.4.5)
-
-LICENSE(Apache-2.0)
-
+
+VERSION(0.4.5)
+
+LICENSE(Apache-2.0)
+
LICENSE_TEXTS(.yandex_meta/licenses.list.txt)
-PEERDIR(
- contrib/libs/openssl
- contrib/restricted/aws/aws-c-common
-)
-
-ADDINCL(
- GLOBAL contrib/restricted/aws/aws-c-cal/include
-)
-
-NO_COMPILER_WARNINGS()
-
-NO_RUNTIME()
-
-SRCS(
- source/cal.c
- source/der.c
- source/ecc.c
- source/hash.c
- source/hmac.c
- source/unix/openssl_platform_init.c
- source/unix/opensslcrypto_ecc.c
- source/unix/opensslcrypto_hash.c
- source/unix/opensslcrypto_hmac.c
-)
-
-END()
+PEERDIR(
+ contrib/libs/openssl
+ contrib/restricted/aws/aws-c-common
+)
+
+ADDINCL(
+ GLOBAL contrib/restricted/aws/aws-c-cal/include
+)
+
+NO_COMPILER_WARNINGS()
+
+NO_RUNTIME()
+
+SRCS(
+ source/cal.c
+ source/der.c
+ source/ecc.c
+ source/hash.c
+ source/hmac.c
+ source/unix/openssl_platform_init.c
+ source/unix/opensslcrypto_ecc.c
+ source/unix/opensslcrypto_hash.c
+ source/unix/opensslcrypto_hmac.c
+)
+
+END()