Skip to content

Commit

Permalink
Fixes a bug that could cause the SigV4 payload hash to be incorrectly…
Browse files Browse the repository at this point in the history
… encoded, leading to signing errors. (#1684)
  • Loading branch information
skmcgrail authored Apr 26, 2022
1 parent 14b97ee commit 48159ac
Show file tree
Hide file tree
Showing 3 changed files with 32 additions and 1 deletion.
8 changes: 8 additions & 0 deletions .changelog/96bcadc5352b4729806e07feee9091d0.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
{
"id": "96bcadc5-352b-4729-806e-07feee9091d0",
"type": "bugfix",
"description": "Fixes a bug that could cause the SigV4 payload hash to be incorrectly encoded, leading to signing errors.",
"modules": [
"service/internal/checksum"
]
}
Original file line number Diff line number Diff line change
Expand Up @@ -422,7 +422,7 @@ func computeStreamChecksum(algorithm Algorithm, stream io.Reader, computePayload
if algorithm != AlgorithmSHA256 {
sha256Checksum = string(hexEncodeHashSum(sha256Hasher))
} else {
sha256Checksum = checksum
sha256Checksum = string(hexEncodeHashSum(hasher))
}
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -369,6 +369,29 @@ func TestComputeInputPayloadChecksum(t *testing.T) {
"CRC32": "DUoRhQ==",
},
},
"http seekable checksum matches payload hash": {
initContext: func(ctx context.Context) context.Context {
return setContextInputAlgorithm(ctx, string(AlgorithmSHA256))
},
buildInput: middleware.BuildInput{
Request: func() *smithyhttp.Request {
r := smithyhttp.NewStackRequest().(*smithyhttp.Request)
r.URL, _ = url.Parse("http://example.aws")
r.ContentLength = 11
r = requestMust(r.SetStream(bytes.NewReader([]byte("hello world"))))
return r
}(),
},
expectHeader: http.Header{
"X-Amz-Checksum-Sha256": []string{"uU0nuZNNPgilLlLX2n2r+sSE7+N6U4DukIj3rOLvzek="},
},
expectContentLength: 11,
expectPayload: []byte("hello world"),
expectPayloadHash: "b94d27b9934d3e08a52e52d7da7dabfac484efe37a5380ee9088f7ace2efcde9",
expectChecksumMetadata: map[string]string{
"SHA256": "uU0nuZNNPgilLlLX2n2r+sSE7+N6U4DukIj3rOLvzek=",
},
},
"http payload hash disabled": {
initContext: func(ctx context.Context) context.Context {
return setContextInputAlgorithm(ctx, string(AlgorithmCRC32))
Expand Down

0 comments on commit 48159ac

Please sign in to comment.