Merge branch 'main' into RequestResponseBrowserStreaming

awslabs · Nov 18, 2024 · 6d0b84a · 6d0b84a
2 parents 34ee417 + 869ea9a
commit 6d0b84a
Show file tree

Hide file tree

Showing 35 changed files with 437 additions and 256 deletions.
diff --git a/.github/ISSUE_TEMPLATE/bug-report.yml b/.github/ISSUE_TEMPLATE/bug-report.yml
@@ -12,6 +12,14 @@ body:
       description: What is the problem? A clear and concise description of the bug.
     validations:
       required: true
+  - type: checkboxes
+    id: regression
+    attributes:
+      label: Regression Issue
+      description: What is a regression? If it worked in a previous version but doesn't in the latest version, it's considered a regression. In this case, please provide specific version number in the report.
+      options:
+        - label: Select this option if this issue appears to be a regression.
+          required: false
   - type: textarea
     id: expected
     attributes:

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -167,7 +167,7 @@ jobs:
   check-docs:
     runs-on: ubuntu-20.04 # latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
         with:
           submodules: true
       - name: Check docs
@@ -179,7 +179,7 @@ jobs:
     runs-on: ubuntu-20.04 # latest
     steps:
     - name: Checkout Source
-      uses: actions/checkout@v2
+      uses: actions/checkout@v4
       with:
         submodules: true
         fetch-depth: 0
@@ -191,7 +191,7 @@ jobs:
   check-lockfile-version:
     runs-on: ubuntu-20.04 # latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
         with:
           fetch-depth: 0
       - name: Check for edits to package-lock.json

diff --git a/.github/workflows/issue-regression-labeler.yml b/.github/workflows/issue-regression-labeler.yml
@@ -0,0 +1,32 @@
+# Apply potential regression label on issues
+name: issue-regression-label
+on:
+  issues:
+    types: [opened, edited]
+jobs:
+  add-regression-label:
+    runs-on: ubuntu-latest
+    permissions:
+      issues: write
+    steps:
+    - name: Fetch template body
+      id: check_regression
+      uses: actions/github-script@v7
+      env: 
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        TEMPLATE_BODY: ${{ github.event.issue.body }}
+      with:
+        script: |
+          const regressionPattern = /\[x\] Select this option if this issue appears to be a regression\./i;
+          const template = `${process.env.TEMPLATE_BODY}`
+          const match = regressionPattern.test(template);
+          core.setOutput('is_regression', match);
+    - name: Manage regression label
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      run: |
+        if [ "${{ steps.check_regression.outputs.is_regression }}" == "true" ]; then
+          gh issue edit ${{ github.event.issue.number }} --add-label "potential-regression" -R ${{ github.repository }}
+        else
+          gh issue edit ${{ github.event.issue.number }} --remove-label "potential-regression" -R ${{ github.repository }}
+        fi
diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -1,4 +1,4 @@
-cmake_minimum_required(VERSION 3.1)
+cmake_minimum_required(VERSION 3.9)
 project(aws-crt-nodejs C)
 option(BUILD_DEPS "Builds aws common runtime dependencies as part of build, only do this if you don't want to control your dependency chain." ON)
 
@@ -45,7 +45,7 @@ if (BUILD_DEPS)
     if (UNIX AND NOT APPLE)
         include(AwsPrebuildDependency)
         # s2n-tls uses libcrypto during its configuration, so we need to prebuild aws-lc.
-        prebuild_dependency(
+        aws_prebuild_dependency(
             DEPENDENCY_NAME AWSLC
             SOURCE_DIR ${CMAKE_CURRENT_SOURCE_DIR}/crt/aws-lc
             CMAKE_ARGUMENTS
@@ -54,8 +54,14 @@ if (BUILD_DEPS)
                 -DBUILD_LIBSSL=OFF
                 -DBUILD_TESTING=OFF
         )
-        set(UNSAFE_TREAT_WARNINGS_AS_ERRORS OFF)
-        add_subdirectory(crt/s2n)
+        # prebuild s2n-tls.
+        aws_prebuild_dependency(
+            DEPENDENCY_NAME S2N
+            SOURCE_DIR ${CMAKE_CURRENT_SOURCE_DIR}/crt/s2n
+            CMAKE_ARGUMENTS
+                -DUNSAFE_TREAT_WARNINGS_AS_ERRORS=OFF
+                -DBUILD_TESTING=OFF
+        )
     endif()
 
     add_subdirectory(crt/aws-c-sdkutils)
@@ -74,10 +80,6 @@ else()
     set(IN_SOURCE_BUILD OFF)
 endif()
 
-if (POLICY CMP0069)
-    cmake_policy(SET CMP0069 NEW) # Enable LTO/IPO if available in the compiler, see AwsCFlags
-endif()
-
 list(APPEND CMAKE_MODULE_PATH "${CMAKE_PREFIX_PATH}/${CMAKE_INSTALL_LIBDIR}/cmake")
 
 include(AwsCFlags)

diff --git a/crt/aws-c-auth b/crt/aws-c-auth
diff --git a/crt/aws-c-cal b/crt/aws-c-cal
diff --git a/crt/aws-c-common b/crt/aws-c-common
diff --git a/crt/aws-c-compression b/crt/aws-c-compression
diff --git a/crt/aws-c-event-stream b/crt/aws-c-event-stream
diff --git a/crt/aws-c-http b/crt/aws-c-http
diff --git a/crt/aws-c-io b/crt/aws-c-io
diff --git a/crt/aws-c-sdkutils b/crt/aws-c-sdkutils
diff --git a/crt/aws-checksums b/crt/aws-checksums
diff --git a/crt/aws-lc b/crt/aws-lc
diff --git a/crt/s2n b/crt/s2n
diff --git a/lib/browser/crypto.ts b/lib/browser/crypto.ts
@@ -12,25 +12,35 @@
  */
 
 import * as Crypto from "crypto-js";
-import { fromUtf8 } from "@aws-sdk/util-utf8-browser";
 import { Hashable } from "../common/crypto";
 
 export { Hashable } from "../common/crypto";
 
 /**
- * Object that allows for continuous MD5 hashing of data.
- *
- * @category Crypto
+ * CryptoJS does not provide easy access to underlying bytes.
+ * As a workaround just dump it to a string and then reinterpret chars as individual bytes.
+ * Note: we are using Latin1 here because its a static sized 8 bit encoding so each char maps directly to a byte value.
+ * TODO: long term we would probably want to move to WebCrypto for SHA's and some other 3p for crc's and md5.
+ * @param hash 
+ * @returns 
  */
-export class Md5Hash {
-    private hash?: Crypto.WordArray;
+function wordArrayToUint8Array(hash: Crypto.WordArray) {
+    return Uint8Array.from(hash.toString(Crypto.enc.Latin1).split('').map(c => c.charCodeAt(0)));;
+}
+
+class BaseHash {
+    private hasher : any;
+
+    constructor(hasher: any) {
+        this.hasher = hasher;
+    }
 
     /**
      * Hashes additional data
      * @param data Additional data to hash
      */
     update(data: Hashable) {
-        this.hash = Crypto.MD5(data.toString(), this.hash ? this.hash.toString() : undefined);
+        this.hasher.update(data.toString());
     }
 
     /**
@@ -41,10 +51,20 @@ export class Md5Hash {
      * @returns the final hash digest
      */
     finalize(truncate_to?: number): DataView {
-        const digest = this.hash ? this.hash.toString() : '';
-        const truncated = digest.substring(0, truncate_to ? truncate_to : digest.length);
-        const bytes = fromUtf8(truncated);
-        return new DataView(bytes.buffer);
+        const hashBuffer = wordArrayToUint8Array(this.hasher.finalize()) ;
+        const truncated = hashBuffer.slice(0, truncate_to ? truncate_to : hashBuffer.length);
+        return new DataView(truncated.buffer);;
+    }
+}
+
+/**
+ * Object that allows for continuous MD5 hashing of data.
+ *
+ * @category Crypto
+ */
+export class Md5Hash extends BaseHash {
+    constructor() {
+        super(Crypto.algo.MD5.create());
     }
 }
 
@@ -71,29 +91,9 @@ export function hash_md5(data: Hashable, truncate_to?: number): DataView {
  *
  * @category Crypto
  */
-export class Sha256Hash {
-    private hash?: Crypto.WordArray;
-
-    /**
-     * Hashes additional data
-     * @param data Additional data to hash
-     */
-    update(data: Hashable) {
-        this.hash = Crypto.SHA256(data.toString(), this.hash ? this.hash.toString() : undefined);
-    }
-
-    /**
-     * Completes the hash computation and returns the final hash digest.
-     *
-     * @param truncate_to The maximum number of bytes to receive. Leave as undefined or 0 to receive the entire digest.
-     *
-     * @returns the final hash digest
-     */
-    finalize(truncate_to?: number): DataView {
-        const digest = this.hash ? this.hash.toString() : '';
-        const truncated = digest.substring(0, truncate_to ? truncate_to : digest.length);
-        const bytes = fromUtf8(truncated);
-        return new DataView(bytes.buffer);
+export class Sha256Hash extends BaseHash {
+    constructor() {
+        super(Crypto.algo.SHA256.create());
     }
 }
 
@@ -109,40 +109,19 @@ export class Sha256Hash {
  * @category Crypto
  */
 export function hash_sha256(data: Hashable, truncate_to?: number): DataView {
-    const digest = Crypto.SHA256(data.toString()).toString();
-    const truncated = digest.substring(0, truncate_to ? truncate_to : digest.length);
-    const bytes = fromUtf8(truncated);
-    return new DataView(bytes.buffer);
+    const sha256 = new Sha256Hash();
+    sha256.update(data);
+    return sha256.finalize(truncate_to);
 }
 
 /**
  * Object that allows for continuous SHA1 hashing of data.
  *
  * @category Crypto
  */
- export class Sha1Hash {
-    private hash?: Crypto.WordArray;
-
-    /**
-     * Hashes additional data
-     * @param data Additional data to hash
-     */
-    update(data: Hashable) {
-        this.hash = Crypto.SHA1(data.toString(), this.hash ? this.hash.toString() : undefined);
-    }
-
-    /**
-     * Completes the hash computation and returns the final hash digest.
-     *
-     * @param truncate_to The maximum number of bytes to receive. Leave as undefined or 0 to receive the entire digest.
-     *
-     * @returns the final hash digest
-     */
-    finalize(truncate_to?: number): DataView {
-        const digest = this.hash ? this.hash.toString() : '';
-        const truncated = digest.substring(0, truncate_to ? truncate_to : digest.length);
-        const bytes = fromUtf8(truncated);
-        return new DataView(bytes.buffer);
+ export class Sha1Hash extends BaseHash {
+    constructor() {
+        super(Crypto.algo.SHA1.create());
     }
 }
 
@@ -158,49 +137,24 @@ export function hash_sha256(data: Hashable, truncate_to?: number): DataView {
  * @category Crypto
  */
 export function hash_sha1(data: Hashable, truncate_to?: number): DataView {
-    const digest = Crypto.SHA1(data.toString()).toString();
-    const truncated = digest.substring(0, truncate_to ? truncate_to : digest.length);
-    const bytes = fromUtf8(truncated);
-    return new DataView(bytes.buffer);
+    const sha1 = new Sha1Hash();
+    sha1.update(data);
+    return sha1.finalize(truncate_to);
 }
 
 /**
  * Object that allows for continuous hashing of data with an hmac secret.
  *
  * @category Crypto
  */
-export class Sha256Hmac {
-    private hmac: any;
-
+export class Sha256Hmac extends BaseHash {
     /**
      * Constructor for the Sha256Hmac class type
      * @param secret secret key to seed the hmac process with
      */
     constructor(secret: Hashable) {
         // @ts-ignore types file doesn't have this signature of create()
-        this.hmac = Crypto.algo.HMAC.create(Crypto.algo.SHA256, secret);
-    }
-
-    /**
-     * Hashes additional data
-     * @param data Additional data to hash
-     */
-    update(data: Hashable) {
-        this.hmac.update(data.toString());
-    }
-
-    /**
-     * Completes the hash computation and returns the final hmac digest.
-     *
-     * @param truncate_to The maximum number of bytes to receive. Leave as undefined or 0 to receive the entire digest.
-     *
-     * @returns the final hmac digest
-     */
-    finalize(truncate_to?: number): DataView {
-        const digest = this.hmac.finalize();
-        const truncated = digest.toString().substring(0, truncate_to ? truncate_to : digest.length);
-        const bytes = fromUtf8(truncated);
-        return new DataView(bytes.buffer);
+        super(Crypto.algo.HMAC.create(Crypto.algo.SHA256, secret));
     }
 }
 

diff --git a/lib/browser/mqtt.ts b/lib/browser/mqtt.ts
@@ -36,7 +36,7 @@ import {
     OnConnectionFailedResult,
     OnConnectionClosedResult
 } from "../common/mqtt";
-import { normalize_payload } from "../common/mqtt_shared";
+import {normalize_payload, normalize_payload_to_buffer} from "../common/mqtt_shared";
 
 export {
     QoS, Payload, MqttRequest, MqttSubscribeRequest, MqttWill, OnMessageCallback, MqttConnectionConnected, MqttConnectionDisconnected,
@@ -310,7 +310,7 @@ export class MqttClientConnection extends BufferedEventEmitter {
 
         const will = this.config.will ? {
             topic: this.config.will.topic,
-            payload: normalize_payload(this.config.will.payload),
+            payload: normalize_payload_to_buffer(this.config.will.payload),
             qos: this.config.will.qos,
             retain: this.config.will.retain,
         } : undefined;
@@ -576,7 +576,18 @@ export class MqttClientConnection extends BufferedEventEmitter {
                     return this.on_error(error);
                 }
                 const sub = (packet as mqtt.ISubscriptionGrant[])[0];
-                resolve({ topic: sub.topic, qos: sub.qos });
+
+                /*
+                 * 128 is not modeled in QoS, either on our side nor mqtt-js's side.
+                 * We have always passed this 128 to the user and it is not reasonable to extend
+                 * our output type with 128 since it's also our input type and we don't want anyone
+                 * to pass 128 to us.
+                 *
+                 * The 5 client solves this by making the output type a completely separate enum.
+                 *
+                 * By doing this cast, we make the type checker ignore this edge case.
+                 */
+                resolve({ topic: sub.topic, qos: sub.qos as QoS });
             });
         });
     }

diff --git a/lib/browser/mqtt5.ts b/lib/browser/mqtt5.ts
@@ -898,4 +898,4 @@ export class Mqtt5Client extends BufferedEventEmitter implements mqtt5.IMqtt5Cli
             this.emit(Mqtt5Client.MESSAGE_RECEIVED, messageReceivedEvent);
         }, 0);
     }
-}
+}
+15 −3		.github/workflows/ci.yml
+4 −6		.github/workflows/clang-format.yml
+1 −0		.gitignore
+1 −5		CMakeLists.txt
+2 −2		README.md
+47 −0		format-check.py
+0 −24		format-check.sh
+1 −0		include/aws/auth/auth.h
+15 −0		include/aws/auth/credentials.h
+8 −8		include/aws/auth/private/credentials_utils.h
+3 −0		source/auth.c
+25 −0		source/aws_signing.c
+3 −1		source/credentials_provider_cached.c
+1 −16		source/credentials_provider_default_chain.c
+104 −5		source/credentials_provider_ecs.c
+17 −2		source/credentials_provider_process.c
+44 −5		source/credentials_provider_profile.c
+37 −12		source/credentials_provider_sts.c
+1 −0		source/credentials_provider_sts_web_identity.c
+49 −7		source/credentials_utils.c
+17 −9		tests/CMakeLists.txt
+92 −17		tests/credentials_provider_ecs_tests.c
+75 −26		tests/credentials_provider_process_tests.c
+273 −108		tests/credentials_provider_sts_tests.c
+42 −0		tests/credentials_provider_sts_web_identity_tests.c
+58 −0		tests/credentials_utils_tests.c
+2 −6		CMakeLists.txt
+1 −1		README.md
+70 −26		source/unix/openssl_platform_init.c
+2 −2		.github/workflows/proof_ci_resources/config.yaml
+1 −1		AWSCRTAndroidTestRunner/app/src/main/cpp/CMakeLists.txt
+3 −6		CMakeLists.txt
+15 −20		cmake/AwsCFlags.cmake
+19 −4		cmake/AwsCheckHeaders.cmake
+12 −8		cmake/AwsPrebuildDependency.cmake
+9 −2		cmake/AwsSIMD.cmake
+6 −3		cmake/AwsTestHarness.cmake
+1 −1		include/aws/common/array_list.h
+1 −1		include/aws/common/array_list.inl
+2 −1		include/aws/common/atomics.h
+1 −2		include/aws/common/atomics.inl
+1 −1		include/aws/common/byte_order.h
+2 −1		include/aws/common/clock.h
+9 −4		include/aws/common/condition_variable.h
+2 −1		include/aws/common/encoding.h
+1 −2		include/aws/common/error.h
+1 −1		include/aws/common/linked_list.h
+1 −1		include/aws/common/math.h
+10 −3		include/aws/common/math.inl
+2 −1		include/aws/common/ring_buffer.h
+2 −1		include/aws/common/string.h
+2 −1		include/aws/common/zero.h
+5 −6		tests/memtrace_test.c
+212 −183		verification/cbmc/proofs/Makefile.common
+12 −3		.github/workflows/ci.yml
+4 −6		.github/workflows/clang-format.yml
+1 −5		CMakeLists.txt
+47 −0		format-check.py
+0 −24		format-check.sh
+1 −1		source/compression.c
+12 −3		.github/workflows/ci.yml
+4 −8		.github/workflows/clang-format.yml
+7 −4		.github/workflows/stale_issue.yml
+1 −1		CMakeLists.txt
+1 −1		README.md
+47 −0		format-check.py
+0 −24		format-check.sh
+4 −2		include/aws/event-stream/event_stream.h
+15 −5		.github/workflows/ci.yml
+4 −6		.github/workflows/clang-format.yml
+3 −0		.github/workflows/stale_issue.yml
+1 −5		CMakeLists.txt
+1 −1		README.md
+47 −0		format-check.py
+0 −24		format-check.sh
+4 −1		include/aws/http/connection.h
+29 −0		include/aws/http/connection_manager.h
+2 −0		include/aws/http/http.h
+14 −2		include/aws/http/private/h1_connection.h
+3 −1		include/aws/http/private/h2_frames.h
+7 −7		include/aws/http/proxy.h
+3 −1		include/aws/http/request_response.h
+9 −4		include/aws/http/server.h
+1 −1		integration-testing/http_client_test.py
+217 −48		source/connection_manager.c
+125 −25		source/h1_connection.c
+8 −2		source/http.c
+61 −59		source/websocket.c
+10 −0		tests/CMakeLists.txt
+0 −3		tests/test_connection.c
+179 −2		tests/test_connection_manager.c
+219 −5		tests/test_h1_client.c
+4 −1		tests/test_h2_client.c
+2 −1		tests/test_h2_encoder.c
+2 −1		tests/test_h2_headers.c
+4 −1		tests/test_localhost_integ.c
+4 −1		tests/test_message.c
+4 −1		tests/test_stream_manager.c
+135 −36		tests/test_tls.c
+35 −1		tests/test_websocket_handler.c
+40 −5		.github/workflows/ci.yml
+4 −6		.github/workflows/clang-format.yml
+16 −13		CMakeLists.txt
+1 −1		README.md
+47 −0		format-check.py
+0 −24		format-check.sh
+2 −2		include/aws/io/channel.h
+3 −4		include/aws/io/channel_bootstrap.h
+3 −4		include/aws/io/event_loop.h
+6 −0		include/aws/io/private/tls_channel_handler_shared.h
+18 −0		include/aws/io/socket.h
+4 −5		include/aws/io/tls_channel_handler.h
+13 −20		source/channel.c
+126 −60		source/darwin/secure_transport_tls_channel_handler.c
+13 −54		source/future.c
+1 −1		source/io.c
+2 −5		source/message_pool.c
+101 −3		source/posix/socket.c
+125 −59		source/s2n/s2n_tls_channel_handler.c
+1 −7		source/socket_channel_handler.c
+1 −1		source/windows/iocp/iocp_event_loop.c
+25 −0		source/windows/iocp/socket.c
+275 −206		source/windows/secure_channel_tls_handler.c
+24 −0		source/windows/windows_pki_utils.c
+6 −0		tests/CMakeLists.txt
+1 −1		tests/socket_handler_test.c
+96 −7		tests/socket_test.c
+404 −128		tests/tls_handler_test.c
+105 −15		.github/workflows/ci.yml
+4 −6		.github/workflows/clang-format.yml
+61 −55		CMakeLists.txt
+29 −0		bin/benchmark/CMakeLists.txt
+133 −0		bin/benchmark/main.c
+4 −0		builder.json
+47 −0		format-check.py
+0 −24		format-check.sh
+42 −3		include/aws/checksums/crc.h
+51 −0		include/aws/checksums/private/crc64_priv.h
+28 −11		include/aws/checksums/private/crc_priv.h
+24 −0		include/aws/checksums/private/crc_util.h
+4 −4		source/arm/crc32c_arm.c
+208 −0		source/arm/crc64_arm.c
+35 −9		source/crc.c
+131 −0		source/crc64.c
+579 −0		source/crc64_sw.c
+0 −18		source/generic/crc32c_null.c
+3 −14		source/intel/asm/crc32c_sse42_asm.c
+245 −0		source/intel/intrin/crc32c_sse42_avx512.c
+130 −0		source/intel/intrin/crc64nvme_avx512.c
+147 −0		source/intel/intrin/crc64nvme_clmul.c
+0 −77		source/intel/visualc/visualc_crc32c_sse42.c
+3 −0		tests/CMakeLists.txt
+144 −0		tests/crc64_test.c
+129 −43		tests/crc_test.c
-Original file line number
+Diff line change
@@ Expand Up @@
                 this.emit(Mqtt5Client.MESSAGE_RECEIVED, messageReceivedEvent);
             }, 0);
         }
-    }
+    }