aws · sbiscigl · May 28, 2024 · Apr 12, 2024
diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -41,7 +41,6 @@ if (LEGACY_BUILD)
     option(ENABLE_TESTING "Flag to enable/disable building unit and integration tests" ON)
     option(AUTORUN_UNIT_TESTS "Flag to enable/disable automatically run unit tests after building" ON)
     option(ANDROID_BUILD_CURL "When building for Android, should curl be built as well" ON)
-    option(ANDROID_BUILD_OPENSSL "When building for Android, should Openssl be built as well" ON)
     option(ANDROID_BUILD_ZLIB "When building for Android, should Zlib be built as well" ON)
     option(FORCE_CURL "Forces usage of the Curl client rather than the default OS-specific api" OFF)
     option(ENABLE_ADDRESS_SANITIZER "Flags to enable/disable Address Sanitizer for gcc or clang" OFF)
@@ -66,7 +65,6 @@ if (LEGACY_BUILD)
     option(BUILD_OPTEL_OTLP_BENCHMARKS "Enables building the benchmark tests with open telemetry OTLP clients" OFF)
     option(USE_TLS_V1_2 "Set http client to enforce TLS 1.2" ON)
     option(USE_TLS_V1_3 "Set http client to enforce TLS 1.3" OFF)
-    option(AWS_USE_CRYPTO_SHARED_LIBS "Forces FindCrypto to use a shared crypto library if found. regardless of the value of BUILD_SHARED_LIBS" OFF)
 
     set(AWS_USER_AGENT_CUSTOMIZATION "" CACHE STRING "User agent extension")
     set(AWS_TEST_REGION "US_EAST_1" CACHE STRING "Region to target integration tests against")
@@ -109,10 +107,6 @@ if (LEGACY_BUILD)
         set(BoldWhite "${Esc}[1;37m")
     endif ()
 
-    if (NOT USE_OPENSSL)
-        message(WARNING "Turning off USE_OPENSSL will install AWS-LC as replacement of OpenSSL in the system default directory. This is an experimental feature. Do not use if you have an OpenSSL installation in your system already.")
-    endif ()
-
     # backwards compatibility with old command line params
     if ("${STATIC_LINKING}" STREQUAL "1")
         set(BUILD_SHARED_LIBS OFF)
@@ -230,22 +224,28 @@ if (LEGACY_BUILD)
         set(BUILD_TESTING_PREV ${BUILD_TESTING})
         set(BUILD_TESTING OFF CACHE BOOL "Disable all tests in dependencies.")
         # TODO: Use same BUILD_SHARED_LIBS for Aws Common Runtime dependencies.
-        # libcurl and aws-sdk-cpp-core may link to different libcrypto, which leads to some issues for shared build.
-        if (ENABLE_OPENSSL_ENCRYPTION)
-            set(BUILD_SHARED_LIBS_PREV ${BUILD_SHARED_LIBS})
-            set(BUILD_SHARED_LIBS OFF)
-        endif ()
         set(CRT_BUILD_SHARED_LIBS ${BUILD_SHARED_LIBS})
         add_subdirectory(crt/aws-crt-cpp)
         set(BUILD_TESTING ${BUILD_TESTING_PREV})
-        if (ENABLE_OPENSSL_ENCRYPTION)
-            set(BUILD_SHARED_LIBS ${BUILD_SHARED_LIBS_PREV})
-        endif ()
     else ()
-        include(AwsFindPackage)
+        # This is required in order to append /lib/cmake to each element in CMAKE_PREFIX_PATH
+        set(AWS_MODULE_DIR "/${CMAKE_INSTALL_LIBDIR}/cmake")
+        string(REPLACE ";" "${AWS_MODULE_DIR};" AWS_MODULE_PATH "${CMAKE_PREFIX_PATH}${AWS_MODULE_DIR}")
+        # Append that generated list to the module search path
+        list(APPEND CMAKE_MODULE_PATH ${AWS_MODULE_PATH})
         set(IN_SOURCE_BUILD OFF)
     endif ()
-    set(AWS_COMMON_RUNTIME_LIBS "aws-crt-cpp;aws-c-auth;aws-c-cal;aws-c-common;aws-c-compression;aws-c-event-stream;aws-c-http;aws-c-io;aws-c-mqtt;aws-c-s3;aws-checksums;aws-c-sdkutils")
+    aws_use_package(aws-crt-cpp)
+    aws_use_package(aws-c-http)
+    aws_use_package(aws-c-mqtt)
+    aws_use_package(aws-c-cal)
+    aws_use_package(aws-c-auth)
+    aws_use_package(aws-c-common)
+    aws_use_package(aws-c-io)
+    aws_use_package(aws-checksums)
+    aws_use_package(aws-c-event-stream)
+    aws_use_package(aws-c-s3)
+    set(AWS_COMMON_RUNTIME_LIBS ${DEP_AWS_LIBS})
 
     include(compiler_settings)
     # Instead of calling functions/macros inside included cmake scripts, we should call them in our main CMakeList.txt
@@ -256,14 +256,6 @@ if (LEGACY_BUILD)
 
     include(utilities)
 
-    if (ENABLE_BCRYPT_ENCRYPTION)
-        set(CRYPTO_LIBS Bcrypt)
-        set(CRYPTO_LIBS_ABSTRACT_NAME Bcrypt)
-    elseif (ENABLE_OPENSSL_ENCRYPTION)
-        set(CRYPTO_LIBS ${OPENSSL_LIBRARIES} ${ZLIB_LIBRARIES})
-        set(CRYPTO_LIBS_ABSTRACT_NAME crypto ssl z)
-    endif ()
-
     if (ENABLE_CURL_CLIENT)
         set(CLIENT_LIBS ${CURL_LIBRARIES})
         set(CLIENT_LIBS_ABSTRACT_NAME curl)

diff --git a/cmake/Findcrypto.cmake b/cmake/Findcrypto.cmake
diff --git a/cmake/external_dependencies.cmake b/cmake/external_dependencies.cmake
@@ -19,43 +19,10 @@ endif()
 
 
 # Encryption control
-if(NOT NO_ENCRYPTION)
-    if(PLATFORM_WINDOWS)
-        set(ENABLE_BCRYPT_ENCRYPTION ON)
-    elseif(PLATFORM_LINUX OR PLATFORM_ANDROID)
-        set(ENABLE_OPENSSL_ENCRYPTION ON)
-    elseif(PLATFORM_APPLE)
-        set(ENABLE_COMMONCRYPTO_ENCRYPTION ON)
-    endif()
-else()
+# TODO: BYO Crypto is not implemented for CRT/Was not working in the latest version of the SDK.
+if(NO_ENCRYPTION)
+    message(FATAL_ERROR "BYO_CRYPTO is not currently implemented and has been broken since version 1.9")
     set(ENABLE_INJECTED_ENCRYPTION ON)
-endif()
-
-if(ENABLE_BCRYPT_ENCRYPTION)
-    add_definitions(-DENABLE_BCRYPT_ENCRYPTION)
-    set(CRYPTO_LIBS Bcrypt)
-    set(CRYPTO_LIBS_ABSTRACT_NAME Bcrypt)
-    message(STATUS "Encryption: Bcrypt")
-elseif(ENABLE_OPENSSL_ENCRYPTION)
-    add_definitions(-DENABLE_OPENSSL_ENCRYPTION)
-    message(STATUS "Encryption: LibCrypto")
-
-    set(CRYPTO_TARGET_NAME "AWS::crypto")
-    if(PLATFORM_ANDROID AND ANDROID_BUILD_OPENSSL)
-        set(BUILD_OPENSSL 1)
-        set(CRYPTO_TARGET_NAME "crypto")
-        set(USE_OPENSSL ON)
-        message(STATUS "  Building Openssl as part of AWS SDK")
-    else()
-        find_package(crypto REQUIRED)
-    endif()
-    set(CRYPTO_LIBS ${CRYPTO_TARGET_NAME} ${ZLIB_LIBRARIES})
-    # ssl depends on libcrypto
-    set(CRYPTO_LIBS_ABSTRACT_NAME ${CRYPTO_TARGET_NAME} ssl z)
-elseif(ENABLE_COMMONCRYPTO_ENCRYPTION)
-    add_definitions(-DENABLE_COMMONCRYPTO_ENCRYPTION)
-    message(STATUS "Encryption: CommonCrypto")
-elseif(ENABLE_INJECTED_ENCRYPTION)
     message(STATUS "Encryption: None")
     message(STATUS "You will need to inject an encryption implementation before making any http requests!")
 endif()

diff --git a/src/aws-cpp-sdk-core/.gitignore b/src/aws-cpp-sdk-core/.gitignore
@@ -1,7 +1,5 @@
 # exceptions due to naming conflicts between our external projects (curl/openssl) and implementations that use those libraries
-!source/utils/crypto/openssl
 !source/http/curl
 !source/external
 !include/aws/core/external
 !include/aws/core/http/curl
-!include/aws/core/utils/crypto/openssl
diff --git a/src/aws-cpp-sdk-core/CMakeLists.txt b/src/aws-cpp-sdk-core/CMakeLists.txt
@@ -247,16 +247,10 @@ else()
     file(GLOB NET_SOURCE "${CMAKE_CURRENT_SOURCE_DIR}/source/net/*.cpp")
 endif()
 
-# encryption implementations
-if(ENABLE_BCRYPT_ENCRYPTION)
-    file(GLOB UTILS_CRYPTO_BCRYPT_HEADERS "${CMAKE_CURRENT_SOURCE_DIR}/include/aws/core/utils/crypto/bcrypt/*.h")
-    file(GLOB UTILS_CRYPTO_BCRYPT_SOURCE "${CMAKE_CURRENT_SOURCE_DIR}/source/utils/crypto/bcrypt/*.cpp")
-elseif(ENABLE_OPENSSL_ENCRYPTION)
-    file(GLOB UTILS_CRYPTO_OPENSSL_HEADERS "${CMAKE_CURRENT_SOURCE_DIR}/include/aws/core/utils/crypto/openssl/*.h")
-    file(GLOB UTILS_CRYPTO_OPENSSL_SOURCE "${CMAKE_CURRENT_SOURCE_DIR}/source/utils/crypto/openssl/*.cpp")
-elseif(ENABLE_COMMONCRYPTO_ENCRYPTION)
-    file(GLOB UTILS_CRYPTO_COMMONCRYPTO_HEADERS "${CMAKE_CURRENT_SOURCE_DIR}/include/aws/core/utils/crypto/commoncrypto/*.h")
-    file(GLOB UTILS_CRYPTO_COMMONCRYPTO_SOURCE "${CMAKE_CURRENT_SOURCE_DIR}/source/utils/crypto/commoncrypto/*.cpp")
+# encryption implementation
+if (NOT NO_ENCRYPTION)
+    file(GLOB UTILS_CRYPTO_CRT_HEADERS "${CMAKE_CURRENT_SOURCE_DIR}/include/aws/core/utils/crypto/crt/*.h")
+    file(GLOB UTILS_CRYPTO_CRT_SOURCE "${CMAKE_CURRENT_SOURCE_DIR}/source/utils/crypto/crt/*.cpp")
 endif()
 
 if (BUILD_OPTEL)
@@ -287,8 +281,7 @@ file(GLOB AWS_NATIVE_SDK_COMMON_SRC
     ${UTILS_MEMORY_SOURCE}
     ${UTILS_COMPONENT_REGISTRY_SOURCE}
     ${UTILS_MEMORY_STL_SOURCE}
-    ${UTILS_CRYPTO_OPENSSL_SOURCE}
-    ${UTILS_CRYPTO_COMMONCRYPTO_SOURCE}
+    ${UTILS_CRYPTO_CRT_SOURCE}
     ${SMITHY_SOURCE}
     ${SMITHY_TRACING_SOURCE}
 )
@@ -329,9 +322,6 @@ file(GLOB AWS_NATIVE_SDK_COMMON_HEADERS
   ${TINYXML2_HEADERS}
   ${HTTP_CURL_CLIENT_HEADERS}
   ${HTTP_WINDOWS_CLIENT_HEADERS}
-  ${UTILS_CRYPTO_BCRYPT_HEADERS}
-  ${UTILS_CRYPTO_OPENSSL_HEADERS}
-  ${UTILS_CRYPTO_COMMONCRYPTO_HEADERS}
   ${SMITHY_HEADERS}
   ${SMITHY_TRACING_HEADERS}
   ${OPTEL_HEADERS}
@@ -435,6 +425,7 @@ if(MSVC)
     source_group("Header Files\\aws\\core\\utils" FILES ${UTILS_HEADERS})
     source_group("Header Files\\aws\\core\\utils\\base64" FILES ${UTILS_BASE64_HEADERS})
     source_group("Header Files\\aws\\core\\utils\\crypto" FILES ${UTILS_CRYPTO_HEADERS})
+    source_group("Header Files\\aws\\core\\utils\\crypto\\crt" FILES ${UTILS_CRYPTO_CRT_HEADERS})
     source_group("Header Files\\aws\\core\\utils\\event" FILES ${UTILS_EVENT_HEADERS})
     source_group("Header Files\\aws\\core\\utils\\exceptions" FILES ${UTILS_EXCEPTIONS_HEADERS})
     source_group("Header Files\\aws\\core\\utils\\json" FILES ${UTILS_JSON_HEADERS})
@@ -459,16 +450,6 @@ if(MSVC)
     endif()
         source_group("Header Files\\aws\\core\\http\\crt" FILES ${CRT_HTTP_HEADERS})
 
-
-    # encryption conditional headers
-    if(ENABLE_BCRYPT_ENCRYPTION)
-        source_group("Header Files\\aws\\core\\utils\\crypto\\bcrypt" FILES ${UTILS_CRYPTO_BCRYPT_HEADERS})
-    elseif(ENABLE_OPENSSL_ENCRYPTION)
-        source_group("Header Files\\aws\\core\\utils\\crypto\\openssl" FILES ${UTILS_CRYPTO_OPENSSL_HEADERS})
-    elseif(ENABLE_COMMONCRYPTO_ENCRYPTION)
-        source_group("Header Files\\aws\\core\\utils\\crypto\\commoncrypto" FILES ${UTILS_CRYPTO_COMMONCRYPTO_HEADERS})
-    endif()
-
     if (BUILD_OPTEL)
         source_group("Header Files\\smithy\\tracing\\impl\\opentelemetry" FILES ${OPTEL_HEADERS})
     endif ()
@@ -519,19 +500,13 @@ if(MSVC)
 
 
     # encryption conditional source
-    if(ENABLE_BCRYPT_ENCRYPTION)
-        source_group("Source Files\\utils\\crypto\\bcrypt" FILES ${UTILS_CRYPTO_BCRYPT_SOURCE})
-    elseif(ENABLE_OPENSSL_ENCRYPTION)
-        source_group("Source Files\\utils\\crypto\\openssl" FILES ${UTILS_CRYPTO_OPENSSL_SOURCE})
-    elseif(ENABLE_COMMONCRYPTO_ENCRYPTION)
-            source_group("Source Files\\utils\\crypto\\commoncrypto" FILES ${UTILS_CRYPTO_COMMONCRYPTO_SOURCE})
+    if (NOT NO_ENCRYPTION)
+        source_group("Source Files\\utils\\crypto\\crt" FILES ${UTILS_CRYPTO_CRT_SOURCE})
     endif()
 
     if (BUILD_OPTEL)
         source_group("Source Files\\smithy\\tracing\\impl\\opentelemetry" FILES ${OPTEL_SOURCE})
     endif ()
-
-
 endif(MSVC)
 
 check_cxx_source_compiles("
@@ -568,6 +543,10 @@ if (CURL_HAS_TLS_PROXY)
     target_compile_definitions(${PROJECT_NAME} PRIVATE "CURL_HAS_TLS_PROXY")
 endif()
 
+if (NO_ENCRYPTION)
+    target_compile_definitions(${PROJECT_NAME} PRIVATE "NO_ENCRYPTION")
+endif()
+
 if (AWS_HAS_ALIGNED_ALLOC)
     target_compile_definitions(${PROJECT_NAME} PRIVATE "AWS_HAS_ALIGNED_ALLOC")
 endif()
@@ -594,10 +573,6 @@ if(BUILD_CURL)
     target_include_directories(${PROJECT_NAME} PRIVATE "${CURL_INCLUDE_DIR}")
 endif()
 
-if(BUILD_OPENSSL)
-    target_include_directories(${PROJECT_NAME} PRIVATE "${OPENSSL_INCLUDE_DIR}")
-endif()
-
 if (BUILD_OPTEL)
     target_include_directories(${PROJECT_NAME} PRIVATE ${OPENTELEMETRY_CPP_INCLUDE_DIRS})
 endif ()
@@ -743,13 +718,7 @@ endif()
 
 
 # encryption headers
-if(ENABLE_BCRYPT_ENCRYPTION)
-  install (FILES ${UTILS_CRYPTO_BCRYPT_HEADERS} DESTINATION ${INCLUDE_DIRECTORY}/aws/core/utils/crypto/bcrypt)
-elseif(ENABLE_OPENSSL_ENCRYPTION)
-  install (FILES ${UTILS_CRYPTO_OPENSSL_HEADERS} DESTINATION ${INCLUDE_DIRECTORY}/aws/core/utils/crypto/openssl)
-elseif(ENABLE_COMMONCRYPTO_ENCRYPTION)
-  install (FILES ${UTILS_CRYPTO_COMMONCRYPTO_HEADERS} DESTINATION ${INCLUDE_DIRECTORY}/aws/core/utils/crypto/commoncrypto)
-endif()
+install (FILES ${UTILS_CRYPTO_CRT_HEADERS} DESTINATION ${INCLUDE_DIRECTORY}/aws/core/utils/crypto/crt)
 
 do_packaging()
 
diff --git a/src/aws-cpp-sdk-core/include/aws/core/auth/signer/AWSAuthEventStreamV4Signer.h b/src/aws-cpp-sdk-core/include/aws/core/auth/signer/AWSAuthEventStreamV4Signer.h
@@ -100,8 +100,6 @@ namespace Aws
                     const Aws::String& simpleDate, const Aws::String& region, const Aws::String& serviceName) const;
             const Aws::String m_serviceName;
             const Aws::String m_region;
-            mutable Aws::Utils::Crypto::Sha256 m_hash;
-            mutable Aws::Utils::Crypto::Sha256HMAC m_HMAC;
             mutable Utils::Threading::ReaderWriterLock m_derivedKeyLock;
             mutable Aws::Utils::ByteBuffer m_derivedKey;
             mutable Aws::String m_currentDateStr;

diff --git a/src/aws-cpp-sdk-core/include/aws/core/auth/signer/AWSAuthV4Signer.h b/src/aws-cpp-sdk-core/include/aws/core/auth/signer/AWSAuthV4Signer.h
@@ -197,8 +197,6 @@ namespace Aws
             std::shared_ptr<Auth::AWSCredentialsProvider> m_credentialsProvider;
             const Aws::String m_serviceName;
             const Aws::String m_region;
-            Aws::UniquePtr<Aws::Utils::Crypto::Sha256> m_hash;
-            Aws::UniquePtr<Aws::Utils::Crypto::Sha256HMAC> m_HMAC;
 
             Aws::Set<Aws::String> m_unsignedHeaders;