Upgrade Authentication to use AWS Signature Version 4 #50
Conversation
…n/signature logic
|
@bji do you know which of the two pull request you are going to merge in? We are relying on the way of setting the region as this pull request implements. |
|
Do you have a preference? This one looks better to me, do you agree? |
|
I'm obviously biased, and would prefer to see this PR merged, but I can at least tell you the reasons I proceeded with a fresh implementation rather than use the other PR:
Let me know if you have questions after performing a review! |
|
Thank you for the excellent write-up! |
| @@ -102,6 +102,7 @@ endif | |||
|
|
|||
| ifndef LIBXML2_LIBS | |||
| LIBXML2_LIBS := $(shell xml2-config --libs) | |||
| LIBXML2_LIBS := $(filter-out -L$(shell xcrun --show-sdk-path)/usr/lib, $(LIBXML2_LIBS)) | |||
There was a problem hiding this comment.
Can you explain this line please? I don't even have the xcrun command on my Fedora installation. What is this supposed to do?
There was a problem hiding this comment.
Oh I just noticed that this is in the osx version of the Makefile, so I guess it's an osx specific command. Still curious about what this change is supposed to do.
There was a problem hiding this comment.
This is actually a workaround for an Xcode error on Mac OS 10.11. See this Stack Overflow post for more information. I just built it now successfully without the workaround on Mac OS 10.12 (to which I've upgraded since I worked on this PR), so it may not be needed unless someone is building on 10.11. We could remove it and let people discover the workaround if they're on 10.11, or keep the workaround as a comment with a note about 10.11. What's your preference?
There was a problem hiding this comment.
My preference is to keep the workaround but add comments to the makefile so that it's not mysterious.
There was a problem hiding this comment.
Well anyway, you've already done the lion's share of the work, I'll just take the commit and add the comments myself. Thanks.
| // base64 encode bytes. The output buffer must have at least | ||
| // ((4 * (inLen + 1)) / 3) bytes in it. Returns the number of bytes written | ||
| // to [out]. | ||
| int base64Encode(const unsigned char *in, int inLen, char *out); |
There was a problem hiding this comment.
Curious -- why did you remove the signatures of these funtions from this header file?
There was a problem hiding this comment.
The base64Encode() function was only used by the implementation of version 2 of the signature algorithm. All of the hashing/encoding in version 4 is done with HMAC/SHA256 routines, so the base64 implementation was no longer needed.
There was a problem hiding this comment.
Does that mean that these functions can be removed from util.c as well?
There was a problem hiding this comment.
I removed them from util.c in the same commit (584bf48).
There was a problem hiding this comment.
Hm, sorry, somehow I didn't see that, and I looked over the diff several times. Must have missed it.
There was a problem hiding this comment.
Ah, it was hidden behind a 'show diff' link. Sorry I am not used to github's change inspection system.
There was a problem hiding this comment.
yeah, that's caught me before, too! I think it does that with diffs larger than some threshold.
|
Thank you again! |
|
On 12/14/16 10:16, Eric Stadtherr wrote:
My pleasure! Would you like another PR adding a comment about the Mac
OS Makefile workaround?
—
You are receiving this because you modified the open/close state.
Reply to this email directly, view it on GitHub
<#50 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/ABDjMbnRzPBgQUuLLPsGbOfFYV2pPjjfks5rIDKNgaJpZM4KONsO>.
Thanks for the offer, but I already did it, it's in a subsequent commit.
Long lost in the annals of history are the reasons why I didn't use
openssl versions of the SHA1 or base64encode functions or whatever else
was custom added to util.c. I vaguely recall getting cross-platform
versions of those libraries that worked well was a pain in 2008 so I
just decided to reduce the dependencies and go with custom code. I have
my fingers crossed that the removal of those functions in preference to
additional external dependencies is going to work well for all platforms ...
Thanks,
Bryan
|
|
On 12/14/16 10:16, Eric Stadtherr wrote:
My pleasure! Would you like another PR adding a comment about the Mac
OS Makefile workaround?
—
You are receiving this because you modified the open/close state.
Reply to this email directly, view it on GitHub
<#50 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/ABDjMbnRzPBgQUuLLPsGbOfFYV2pPjjfks5rIDKNgaJpZM4KONsO>.
Actually looking more closely at the change, I guess I missed the fact
that the mingw makefile probably doesn't work anymore, as it doesn't
include any of the ssl/crypt libs. Or maybe it does work -- did you try it?
To be honest I haven't even tried to build the mingw version in about 7
years so it was very likely broken already anyway.
Bryan
|
|
Unfortunately I don't have anything resembling a Windows environment, so I wasn't able to build or test the mingw version. Sorry, I tried to point that out in the PR description, but that fact was buried a bit in the description of the crypto libraries that I used on Mac OS and Linux. How would you like to handle the mingw version with respect to this change? |
|
On 12/14/16 10:32, Eric Stadtherr wrote:
Unfortunately I don't have anything resembling a Windows environment,
so I wasn't able to build or test the mingw version. Sorry, I tried to
point that out in the PR description, but that fact was buried a bit
in the description of the crypto libraries that I used on Mac OS and
Linux.
How would you like to handle the mingw version with respect to this
change?
—
You are receiving this because you modified the open/close state.
Reply to this email directly, view it on GitHub
<#50 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/ABDjMZro92te-jGXTX88c1jpyKNfvP2wks5rIDYogaJpZM4KONsO>.
I think I'd like to punt on the issue. If someone comes along who
really still cares about the mingw version, then they can get it to work.
Thanks,
Bryan
|
Sounds like a plan - open source philosophy at work! |
|
@codemedic - this PR was merged to master in this commit: 86cbc59 |
|
Thanks @estadtherr .. are these releases tagged or branched? |
|
I suspect the OS distribution maintainers grabbed an untagged commit, and did their own packaging and testing from there. |
This pull request upgrades the authentication logic from version 2 to version 4 of the AWS Signature algorithm. Since more information is needed in the bucket context to compute the signature (namely the region), this is a non-backward-compatible change to the API. Consequently, I bumped the library major version from 2 to 3. I chose to support only version 4 instead of trying to support both V2 and V4, since it made the implementation more intuitive, and V4 is supported everywhere according to this note in the AWS documentation:
As an added bonus, adding region specification to the API should make the library function much better for buckets that reside somewhere other than the default 'us-east-1' region.
Mac OS builds use the SHA/HMAC algorithms built into libSystem. Linux builds use the SHA/HMAC algorithms in libssl/libcrypto (part of OpenSSL). I am not familiar with mingw or windows, so that build may or may not need additional work. The SHA1 implementation has been removed, along with everything else that only applied to the older signature method.
This change also fixes the Mac OS compilation error referenced in #47, in a way that remains compatible with Linux builds.