Skip to content

Fix AWS signature verification#57932

Merged
GavinFrazar merged 2 commits intomasterfrom
gavinfrazar/fix-aws-request-signing
Aug 19, 2025
Merged

Fix AWS signature verification#57932
GavinFrazar merged 2 commits intomasterfrom
gavinfrazar/fix-aws-request-signing

Conversation

@GavinFrazar
Copy link
Copy Markdown
Contributor

@GavinFrazar GavinFrazar commented Aug 15, 2025
edited
Loading

Check for an unsigned payload when calculating the payload hash for signature.

Fixes #57698

Changelog: Fixed AWS app access signature verification for AWS requests that use an unsigned payload.

@GavinFrazar
Fix AWS signature verification
bcf256a 
Check for an unsigned payload when calculating the payload hash for
signature.
@GavinFrazar GavinFrazar marked this pull request as ready for review August 15, 2025 02:16
@GavinFrazar
Update test plan for AWS application access
5dab2e8 
Include several example commands that must be tested.
@GavinFrazar GavinFrazar requested a review from greedy52 August 18, 2025 18:02
greedy52
greedy52 reviewed Aug 18, 2025
View reviewed changes
Comment thread .github/ISSUE_TEMPLATE/testplan.md
greedy52
greedy52 approved these changes Aug 18, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

@greedy52 greedy52 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks for fixing this. is this introduced by SDK migration?

Comment thread lib/utils/aws/aws_test.go
@GavinFrazar
Copy link
Copy Markdown
Contributor Author

GavinFrazar commented Aug 18, 2025
edited
Loading

thanks for fixing this. is this introduced by SDK migration?

I think so, because the v1 SDK would grab the x-amz-content-sha256 header value automatically (if present) whereas in v2 SDK we have to provide the payload hash

juliaogris
juliaogris approved these changes Aug 19, 2025
View reviewed changes
Comment thread lib/utils/aws/aws_test.go
@GavinFrazar GavinFrazar enabled auto-merge August 19, 2025 18:58
@GavinFrazar GavinFrazar added this pull request to the merge queue Aug 19, 2025
Merged via the queue into master with commit 14b4b90 Aug 19, 2025
41 of 42 checks passed
@GavinFrazar GavinFrazar deleted the gavinfrazar/fix-aws-request-signing branch August 19, 2025 19:22
@backport-bot-workflows
Copy link
Copy Markdown
Contributor

backport-bot-workflows bot commented Aug 19, 2025

@GavinFrazar See the table below for backport results.

Branch Result
branch/v18 Failed

@GavinFrazar GavinFrazar mentioned this pull request Aug 19, 2025
Merged
mmcallister pushed a commit that referenced this pull request Sep 22, 2025
@GavinFrazar @mmcallister
Fix AWS signature verification (#57932)
c0bdc4d 
* Fix AWS signature verification

Check for an unsigned payload when calculating the payload hash for
signature.

* Update test plan for AWS application access

Include several example commands that must be tested.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@juliaogris juliaogris juliaogris approved these changes

@greedy52 greedy52 greedy52 approved these changes

Assignees

No one assigned

Labels

backport/branch/v18 size/md

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

aws s3 cp command fails

3 participants

@GavinFrazar @juliaogris @greedy52