2
0

http_aws_sigv4.c 19 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645
  1. /***************************************************************************
  2. * _ _ ____ _
  3. * Project ___| | | | _ \| |
  4. * / __| | | | |_) | |
  5. * | (__| |_| | _ <| |___
  6. * \___|\___/|_| \_\_____|
  7. *
  8. * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  9. *
  10. * This software is licensed as described in the file COPYING, which
  11. * you should have received as part of this distribution. The terms
  12. * are also available at https://curl.haxx.se/docs/copyright.html.
  13. *
  14. * You may opt to use, copy, modify, merge, publish, distribute and/or sell
  15. * copies of the Software, and permit persons to whom the Software is
  16. * furnished to do so, under the terms of the COPYING file.
  17. *
  18. * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
  19. * KIND, either express or implied.
  20. *
  21. * SPDX-License-Identifier: curl
  22. *
  23. ***************************************************************************/
  24. #include "curl_setup.h"
  25. #if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_CRYPTO_AUTH)
  26. #include "urldata.h"
  27. #include "strcase.h"
  28. #include "strdup.h"
  29. #include "http_aws_sigv4.h"
  30. #include "curl_sha256.h"
  31. #include "transfer.h"
  32. #include "parsedate.h"
  33. #include "sendf.h"
  34. #include <time.h>
  35. /* The last 3 #include files should be in this order */
  36. #include "curl_printf.h"
  37. #include "curl_memory.h"
  38. #include "memdebug.h"
  39. #include "slist.h"
  40. #define HMAC_SHA256(k, kl, d, dl, o) \
  41. do { \
  42. ret = Curl_hmacit(Curl_HMAC_SHA256, \
  43. (unsigned char *)k, \
  44. kl, \
  45. (unsigned char *)d, \
  46. dl, o); \
  47. if(ret) { \
  48. goto fail; \
  49. } \
  50. } while(0)
  51. #define TIMESTAMP_SIZE 17
  52. /* hex-encoded with trailing null */
  53. #define SHA256_HEX_LENGTH (2 * SHA256_DIGEST_LENGTH + 1)
  54. static void sha256_to_hex(char *dst, unsigned char *sha)
  55. {
  56. int i;
  57. for(i = 0; i < SHA256_DIGEST_LENGTH; ++i) {
  58. msnprintf(dst + (i * 2), SHA256_HEX_LENGTH - (i * 2), "%02x", sha[i]);
  59. }
  60. }
  61. static char *find_date_hdr(struct Curl_easy *data, const char *sig_hdr)
  62. {
  63. char *tmp = Curl_checkheaders(data, sig_hdr, strlen(sig_hdr));
  64. if(tmp)
  65. return tmp;
  66. return Curl_checkheaders(data, STRCONST("Date"));
  67. }
  68. /* remove whitespace, and lowercase all headers */
  69. static void trim_headers(struct curl_slist *head)
  70. {
  71. struct curl_slist *l;
  72. for(l = head; l; l = l->next) {
  73. char *value; /* to read from */
  74. char *store;
  75. size_t colon = strcspn(l->data, ":");
  76. Curl_strntolower(l->data, l->data, colon);
  77. value = &l->data[colon];
  78. if(!*value)
  79. continue;
  80. ++value;
  81. store = value;
  82. /* skip leading whitespace */
  83. while(*value && ISBLANK(*value))
  84. value++;
  85. while(*value) {
  86. int space = 0;
  87. while(*value && ISBLANK(*value)) {
  88. value++;
  89. space++;
  90. }
  91. if(space) {
  92. /* replace any number of consecutive whitespace with a single space,
  93. unless at the end of the string, then nothing */
  94. if(*value)
  95. *store++ = ' ';
  96. }
  97. else
  98. *store++ = *value++;
  99. }
  100. *store = 0; /* null terminate */
  101. }
  102. }
  103. /* maximum length for the aws sivg4 parts */
  104. #define MAX_SIGV4_LEN 64
  105. #define MAX_SIGV4_LEN_TXT "64"
  106. #define DATE_HDR_KEY_LEN (MAX_SIGV4_LEN + sizeof("X--Date"))
  107. #define MAX_HOST_LEN 255
  108. /* FQDN + host: */
  109. #define FULL_HOST_LEN (MAX_HOST_LEN + sizeof("host:"))
  110. /* string been x-PROVIDER-date:TIMESTAMP, I need +1 for ':' */
  111. #define DATE_FULL_HDR_LEN (DATE_HDR_KEY_LEN + TIMESTAMP_SIZE + 1)
  112. /* timestamp should point to a buffer of at last TIMESTAMP_SIZE bytes */
  113. static CURLcode make_headers(struct Curl_easy *data,
  114. const char *hostname,
  115. char *timestamp,
  116. char *provider1,
  117. char **date_header,
  118. char *content_sha256_header,
  119. struct dynbuf *canonical_headers,
  120. struct dynbuf *signed_headers)
  121. {
  122. char date_hdr_key[DATE_HDR_KEY_LEN];
  123. char date_full_hdr[DATE_FULL_HDR_LEN];
  124. struct curl_slist *head = NULL;
  125. struct curl_slist *tmp_head = NULL;
  126. CURLcode ret = CURLE_OUT_OF_MEMORY;
  127. struct curl_slist *l;
  128. int again = 1;
  129. /* provider1 mid */
  130. Curl_strntolower(provider1, provider1, strlen(provider1));
  131. provider1[0] = Curl_raw_toupper(provider1[0]);
  132. msnprintf(date_hdr_key, DATE_HDR_KEY_LEN, "X-%s-Date", provider1);
  133. /* provider1 lowercase */
  134. Curl_strntolower(provider1, provider1, 1); /* first byte only */
  135. msnprintf(date_full_hdr, DATE_FULL_HDR_LEN,
  136. "x-%s-date:%s", provider1, timestamp);
  137. if(Curl_checkheaders(data, STRCONST("Host"))) {
  138. head = NULL;
  139. }
  140. else {
  141. char full_host[FULL_HOST_LEN + 1];
  142. if(data->state.aptr.host) {
  143. size_t pos;
  144. if(strlen(data->state.aptr.host) > FULL_HOST_LEN) {
  145. ret = CURLE_URL_MALFORMAT;
  146. goto fail;
  147. }
  148. strcpy(full_host, data->state.aptr.host);
  149. /* remove /r/n as the separator for canonical request must be '\n' */
  150. pos = strcspn(full_host, "\n\r");
  151. full_host[pos] = 0;
  152. }
  153. else {
  154. if(strlen(hostname) > MAX_HOST_LEN) {
  155. ret = CURLE_URL_MALFORMAT;
  156. goto fail;
  157. }
  158. msnprintf(full_host, FULL_HOST_LEN, "host:%s", hostname);
  159. }
  160. head = curl_slist_append(NULL, full_host);
  161. if(!head)
  162. goto fail;
  163. }
  164. if(*content_sha256_header) {
  165. tmp_head = curl_slist_append(head, content_sha256_header);
  166. if(!tmp_head)
  167. goto fail;
  168. head = tmp_head;
  169. }
  170. for(l = data->set.headers; l; l = l->next) {
  171. tmp_head = curl_slist_append(head, l->data);
  172. if(!tmp_head)
  173. goto fail;
  174. head = tmp_head;
  175. }
  176. trim_headers(head);
  177. *date_header = find_date_hdr(data, date_hdr_key);
  178. if(!*date_header) {
  179. tmp_head = curl_slist_append(head, date_full_hdr);
  180. if(!tmp_head)
  181. goto fail;
  182. head = tmp_head;
  183. *date_header = curl_maprintf("%s: %s", date_hdr_key, timestamp);
  184. }
  185. else {
  186. char *value;
  187. *date_header = strdup(*date_header);
  188. if(!*date_header)
  189. goto fail;
  190. value = strchr(*date_header, ':');
  191. if(!value)
  192. goto fail;
  193. ++value;
  194. while(ISBLANK(*value))
  195. ++value;
  196. strncpy(timestamp, value, TIMESTAMP_SIZE - 1);
  197. timestamp[TIMESTAMP_SIZE - 1] = 0;
  198. }
  199. /* alpha-sort in a case sensitive manner */
  200. do {
  201. again = 0;
  202. for(l = head; l; l = l->next) {
  203. struct curl_slist *next = l->next;
  204. if(next && strcmp(l->data, next->data) > 0) {
  205. char *tmp = l->data;
  206. l->data = next->data;
  207. next->data = tmp;
  208. again = 1;
  209. }
  210. }
  211. } while(again);
  212. for(l = head; l; l = l->next) {
  213. char *tmp;
  214. if(Curl_dyn_add(canonical_headers, l->data))
  215. goto fail;
  216. if(Curl_dyn_add(canonical_headers, "\n"))
  217. goto fail;
  218. tmp = strchr(l->data, ':');
  219. if(tmp)
  220. *tmp = 0;
  221. if(l != head) {
  222. if(Curl_dyn_add(signed_headers, ";"))
  223. goto fail;
  224. }
  225. if(Curl_dyn_add(signed_headers, l->data))
  226. goto fail;
  227. }
  228. ret = CURLE_OK;
  229. fail:
  230. curl_slist_free_all(head);
  231. return ret;
  232. }
  233. #define CONTENT_SHA256_KEY_LEN (MAX_SIGV4_LEN + sizeof("X--Content-Sha256"))
  234. /* add 2 for ": " between header name and value */
  235. #define CONTENT_SHA256_HDR_LEN (CONTENT_SHA256_KEY_LEN + 2 + \
  236. SHA256_HEX_LENGTH)
  237. /* try to parse a payload hash from the content-sha256 header */
  238. static char *parse_content_sha_hdr(struct Curl_easy *data,
  239. const char *provider1,
  240. size_t *value_len)
  241. {
  242. char key[CONTENT_SHA256_KEY_LEN];
  243. size_t key_len;
  244. char *value;
  245. size_t len;
  246. key_len = msnprintf(key, sizeof(key), "x-%s-content-sha256", provider1);
  247. value = Curl_checkheaders(data, key, key_len);
  248. if(!value)
  249. return NULL;
  250. value = strchr(value, ':');
  251. if(!value)
  252. return NULL;
  253. ++value;
  254. while(*value && ISBLANK(*value))
  255. ++value;
  256. len = strlen(value);
  257. while(len > 0 && ISBLANK(value[len-1]))
  258. --len;
  259. *value_len = len;
  260. return value;
  261. }
  262. static CURLcode calc_payload_hash(struct Curl_easy *data,
  263. unsigned char *sha_hash, char *sha_hex)
  264. {
  265. const char *post_data = data->set.postfields;
  266. size_t post_data_len = 0;
  267. CURLcode result;
  268. if(post_data) {
  269. if(data->set.postfieldsize < 0)
  270. post_data_len = strlen(post_data);
  271. else
  272. post_data_len = (size_t)data->set.postfieldsize;
  273. }
  274. result = Curl_sha256it(sha_hash, (const unsigned char *) post_data,
  275. post_data_len);
  276. if(!result)
  277. sha256_to_hex(sha_hex, sha_hash);
  278. return result;
  279. }
  280. #define S3_UNSIGNED_PAYLOAD "UNSIGNED-PAYLOAD"
  281. static CURLcode calc_s3_payload_hash(struct Curl_easy *data,
  282. Curl_HttpReq httpreq, char *provider1,
  283. unsigned char *sha_hash,
  284. char *sha_hex, char *header)
  285. {
  286. bool empty_method = (httpreq == HTTPREQ_GET || httpreq == HTTPREQ_HEAD);
  287. /* The request method or filesize indicate no request payload */
  288. bool empty_payload = (empty_method || data->set.filesize == 0);
  289. /* The POST payload is in memory */
  290. bool post_payload = (httpreq == HTTPREQ_POST && data->set.postfields);
  291. CURLcode ret = CURLE_OUT_OF_MEMORY;
  292. if(empty_payload || post_payload) {
  293. /* Calculate a real hash when we know the request payload */
  294. ret = calc_payload_hash(data, sha_hash, sha_hex);
  295. if(ret)
  296. goto fail;
  297. }
  298. else {
  299. /* Fall back to s3's UNSIGNED-PAYLOAD */
  300. size_t len = sizeof(S3_UNSIGNED_PAYLOAD) - 1;
  301. DEBUGASSERT(len < SHA256_HEX_LENGTH); /* 16 < 65 */
  302. memcpy(sha_hex, S3_UNSIGNED_PAYLOAD, len);
  303. sha_hex[len] = 0;
  304. }
  305. /* format the required content-sha256 header */
  306. msnprintf(header, CONTENT_SHA256_HDR_LEN,
  307. "x-%s-content-sha256: %s", provider1, sha_hex);
  308. ret = CURLE_OK;
  309. fail:
  310. return ret;
  311. }
  312. CURLcode Curl_output_aws_sigv4(struct Curl_easy *data, bool proxy)
  313. {
  314. CURLcode ret = CURLE_OUT_OF_MEMORY;
  315. struct connectdata *conn = data->conn;
  316. size_t len;
  317. const char *arg;
  318. char provider0[MAX_SIGV4_LEN + 1]="";
  319. char provider1[MAX_SIGV4_LEN + 1]="";
  320. char region[MAX_SIGV4_LEN + 1]="";
  321. char service[MAX_SIGV4_LEN + 1]="";
  322. bool sign_as_s3 = false;
  323. const char *hostname = conn->host.name;
  324. time_t clock;
  325. struct tm tm;
  326. char timestamp[TIMESTAMP_SIZE];
  327. char date[9];
  328. struct dynbuf canonical_headers;
  329. struct dynbuf signed_headers;
  330. char *date_header = NULL;
  331. Curl_HttpReq httpreq;
  332. const char *method = NULL;
  333. char *payload_hash = NULL;
  334. size_t payload_hash_len = 0;
  335. unsigned char sha_hash[SHA256_DIGEST_LENGTH];
  336. char sha_hex[SHA256_HEX_LENGTH];
  337. char content_sha256_hdr[CONTENT_SHA256_HDR_LEN + 2] = ""; /* add \r\n */
  338. char *canonical_request = NULL;
  339. char *request_type = NULL;
  340. char *credential_scope = NULL;
  341. char *str_to_sign = NULL;
  342. const char *user = data->state.aptr.user ? data->state.aptr.user : "";
  343. char *secret = NULL;
  344. unsigned char sign0[SHA256_DIGEST_LENGTH] = {0};
  345. unsigned char sign1[SHA256_DIGEST_LENGTH] = {0};
  346. char *auth_headers = NULL;
  347. DEBUGASSERT(!proxy);
  348. (void)proxy;
  349. if(Curl_checkheaders(data, STRCONST("Authorization"))) {
  350. /* Authorization already present, Bailing out */
  351. return CURLE_OK;
  352. }
  353. /* we init those buffers here, so goto fail will free initialized dynbuf */
  354. Curl_dyn_init(&canonical_headers, CURL_MAX_HTTP_HEADER);
  355. Curl_dyn_init(&signed_headers, CURL_MAX_HTTP_HEADER);
  356. /*
  357. * Parameters parsing
  358. * Google and Outscale use the same OSC or GOOG,
  359. * but Amazon uses AWS and AMZ for header arguments.
  360. * AWS is the default because most of non-amazon providers
  361. * are still using aws:amz as a prefix.
  362. */
  363. arg = data->set.str[STRING_AWS_SIGV4] ?
  364. data->set.str[STRING_AWS_SIGV4] : "aws:amz";
  365. /* provider1[:provider2[:region[:service]]]
  366. No string can be longer than N bytes of non-whitespace
  367. */
  368. (void)sscanf(arg, "%" MAX_SIGV4_LEN_TXT "[^:]"
  369. ":%" MAX_SIGV4_LEN_TXT "[^:]"
  370. ":%" MAX_SIGV4_LEN_TXT "[^:]"
  371. ":%" MAX_SIGV4_LEN_TXT "s",
  372. provider0, provider1, region, service);
  373. if(!provider0[0]) {
  374. failf(data, "first provider can't be empty");
  375. ret = CURLE_BAD_FUNCTION_ARGUMENT;
  376. goto fail;
  377. }
  378. else if(!provider1[0])
  379. strcpy(provider1, provider0);
  380. if(!service[0]) {
  381. char *hostdot = strchr(hostname, '.');
  382. if(!hostdot) {
  383. failf(data, "service missing in parameters and hostname");
  384. ret = CURLE_URL_MALFORMAT;
  385. goto fail;
  386. }
  387. len = hostdot - hostname;
  388. if(len > MAX_SIGV4_LEN) {
  389. failf(data, "service too long in hostname");
  390. ret = CURLE_URL_MALFORMAT;
  391. goto fail;
  392. }
  393. strncpy(service, hostname, len);
  394. service[len] = '\0';
  395. if(!region[0]) {
  396. const char *reg = hostdot + 1;
  397. const char *hostreg = strchr(reg, '.');
  398. if(!hostreg) {
  399. failf(data, "region missing in parameters and hostname");
  400. ret = CURLE_URL_MALFORMAT;
  401. goto fail;
  402. }
  403. len = hostreg - reg;
  404. if(len > MAX_SIGV4_LEN) {
  405. failf(data, "region too long in hostname");
  406. ret = CURLE_URL_MALFORMAT;
  407. goto fail;
  408. }
  409. strncpy(region, reg, len);
  410. region[len] = '\0';
  411. }
  412. }
  413. Curl_http_method(data, conn, &method, &httpreq);
  414. /* AWS S3 requires a x-amz-content-sha256 header, and supports special
  415. * values like UNSIGNED-PAYLOAD */
  416. sign_as_s3 = (strcasecompare(provider0, "aws") &&
  417. strcasecompare(service, "s3"));
  418. payload_hash = parse_content_sha_hdr(data, provider1, &payload_hash_len);
  419. if(!payload_hash) {
  420. if(sign_as_s3)
  421. ret = calc_s3_payload_hash(data, httpreq, provider1, sha_hash,
  422. sha_hex, content_sha256_hdr);
  423. else
  424. ret = calc_payload_hash(data, sha_hash, sha_hex);
  425. if(ret)
  426. goto fail;
  427. payload_hash = sha_hex;
  428. /* may be shorter than SHA256_HEX_LENGTH, like S3_UNSIGNED_PAYLOAD */
  429. payload_hash_len = strlen(sha_hex);
  430. }
  431. #ifdef DEBUGBUILD
  432. {
  433. char *force_timestamp = getenv("CURL_FORCETIME");
  434. if(force_timestamp)
  435. clock = 0;
  436. else
  437. time(&clock);
  438. }
  439. #else
  440. time(&clock);
  441. #endif
  442. ret = Curl_gmtime(clock, &tm);
  443. if(ret) {
  444. goto fail;
  445. }
  446. if(!strftime(timestamp, sizeof(timestamp), "%Y%m%dT%H%M%SZ", &tm)) {
  447. ret = CURLE_OUT_OF_MEMORY;
  448. goto fail;
  449. }
  450. ret = make_headers(data, hostname, timestamp, provider1,
  451. &date_header, content_sha256_hdr,
  452. &canonical_headers, &signed_headers);
  453. if(ret)
  454. goto fail;
  455. ret = CURLE_OUT_OF_MEMORY;
  456. if(*content_sha256_hdr) {
  457. /* make_headers() needed this without the \r\n for canonicalization */
  458. size_t hdrlen = strlen(content_sha256_hdr);
  459. DEBUGASSERT(hdrlen + 3 < sizeof(content_sha256_hdr));
  460. memcpy(content_sha256_hdr + hdrlen, "\r\n", 3);
  461. }
  462. memcpy(date, timestamp, sizeof(date));
  463. date[sizeof(date) - 1] = 0;
  464. canonical_request =
  465. curl_maprintf("%s\n" /* HTTPRequestMethod */
  466. "%s\n" /* CanonicalURI */
  467. "%s\n" /* CanonicalQueryString */
  468. "%s\n" /* CanonicalHeaders */
  469. "%s\n" /* SignedHeaders */
  470. "%.*s", /* HashedRequestPayload in hex */
  471. method,
  472. data->state.up.path,
  473. data->state.up.query ? data->state.up.query : "",
  474. Curl_dyn_ptr(&canonical_headers),
  475. Curl_dyn_ptr(&signed_headers),
  476. (int)payload_hash_len, payload_hash);
  477. if(!canonical_request)
  478. goto fail;
  479. /* provider 0 lowercase */
  480. Curl_strntolower(provider0, provider0, strlen(provider0));
  481. request_type = curl_maprintf("%s4_request", provider0);
  482. if(!request_type)
  483. goto fail;
  484. credential_scope = curl_maprintf("%s/%s/%s/%s",
  485. date, region, service, request_type);
  486. if(!credential_scope)
  487. goto fail;
  488. if(Curl_sha256it(sha_hash, (unsigned char *) canonical_request,
  489. strlen(canonical_request)))
  490. goto fail;
  491. sha256_to_hex(sha_hex, sha_hash);
  492. /* provider 0 uppercase */
  493. Curl_strntoupper(provider0, provider0, strlen(provider0));
  494. /*
  495. * Google allows using RSA key instead of HMAC, so this code might change
  496. * in the future. For now we only support HMAC.
  497. */
  498. str_to_sign = curl_maprintf("%s4-HMAC-SHA256\n" /* Algorithm */
  499. "%s\n" /* RequestDateTime */
  500. "%s\n" /* CredentialScope */
  501. "%s", /* HashedCanonicalRequest in hex */
  502. provider0,
  503. timestamp,
  504. credential_scope,
  505. sha_hex);
  506. if(!str_to_sign) {
  507. goto fail;
  508. }
  509. /* provider 0 uppercase */
  510. secret = curl_maprintf("%s4%s", provider0,
  511. data->state.aptr.passwd ?
  512. data->state.aptr.passwd : "");
  513. if(!secret)
  514. goto fail;
  515. HMAC_SHA256(secret, strlen(secret), date, strlen(date), sign0);
  516. HMAC_SHA256(sign0, sizeof(sign0), region, strlen(region), sign1);
  517. HMAC_SHA256(sign1, sizeof(sign1), service, strlen(service), sign0);
  518. HMAC_SHA256(sign0, sizeof(sign0), request_type, strlen(request_type), sign1);
  519. HMAC_SHA256(sign1, sizeof(sign1), str_to_sign, strlen(str_to_sign), sign0);
  520. sha256_to_hex(sha_hex, sign0);
  521. /* provider 0 uppercase */
  522. auth_headers = curl_maprintf("Authorization: %s4-HMAC-SHA256 "
  523. "Credential=%s/%s, "
  524. "SignedHeaders=%s, "
  525. "Signature=%s\r\n"
  526. "%s\r\n"
  527. "%s", /* optional sha256 header includes \r\n */
  528. provider0,
  529. user,
  530. credential_scope,
  531. Curl_dyn_ptr(&signed_headers),
  532. sha_hex,
  533. date_header,
  534. content_sha256_hdr);
  535. if(!auth_headers) {
  536. goto fail;
  537. }
  538. Curl_safefree(data->state.aptr.userpwd);
  539. data->state.aptr.userpwd = auth_headers;
  540. data->state.authhost.done = TRUE;
  541. ret = CURLE_OK;
  542. fail:
  543. Curl_dyn_free(&canonical_headers);
  544. Curl_dyn_free(&signed_headers);
  545. free(canonical_request);
  546. free(request_type);
  547. free(credential_scope);
  548. free(str_to_sign);
  549. free(secret);
  550. free(date_header);
  551. return ret;
  552. }
  553. #endif /* !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_CRYPTO_AUTH) */