Update CRT submodules to latest releases

[unexge]

Description of change

Notably, includes awslabs/aws-c-auth#263 for #1203.

Size:

$ cargo package -p mountpoint-s3-crt-sys --no-verify --allow-dirty
   Packaging mountpoint-s3-crt-sys v0.12.1 (~/Code/mountpoint-s3/mountpoint-s3-crt-sys)
    Updating crates.io index
    Packaged 2171 files, 39.4MiB (7.0MiB compressed)

CRT changelog:

Submodule mountpoint-s3-crt-sys/crt/aws-c-auth b513db4b..01dd06ac:
  > Support Endpoint Override for CredentialsProviders (#263)
  > aws_hex_encode() no longer adds null-terminator (#264)
  > Account ID support for Crendentials Providers (#262)
Submodule mountpoint-s3-crt-sys/crt/aws-c-cal 7299c6ab..298122a0:
  > do not include crypto when doing byo_crypto (#207)
  > Ed25519 support. (#206)
Submodule mountpoint-s3-crt-sys/crt/aws-c-common 0e7637fa..568f46b1:
  > New Get_ENV Functions (#1141)
  > aws_base64_compute_encoded_len() is now exact, doesn't add 1 extra for null-terminator (#1188)
  > Make aws_byte_cursor_from_string NULL tolerant (#1187)
  > Integration test for CPU feature detection (#1186)
Submodule mountpoint-s3-crt-sys/crt/aws-c-io 3041dabf..318f7e57:
  > Revert win TLS 1.3 (#712)
  > Fix Windows server-side for TLS 1.3 (#710)
  > Tls1.3 win update (#676)
  > Add PQ_DEFAULT enum to aws_tls_cipher_pref (#707)
Submodule mountpoint-s3-crt-sys/crt/aws-c-s3 6eb8be53..1d0091c7:
  > Adapt to aws_base64_compute_encoded_len() no longer adding 1 extra for null terminator (#497)
  > Make public bucket optional (#495)
  > add life cycle to s3 express to test helper (#494)
  > Auto - Update S3 Ruleset & Partition (#493)
Submodule mountpoint-s3-crt-sys/crt/aws-lc 138a6ad3..7bca7e96:
  > Add IbmTpm to our CI (#2231)
  > Revert BIO_get_mem_data back to macro (#2261)
  > Update patch for Postgres (#2232)
  > Add missing algorithms to benchmark (#2056)
  > Update internal IANA values of PQ SupportedGroups (#2235)
  > Add CMAC benchmark for AWS-LC (#2218)
  > Added ML-DSA to break-kat framework (#2253)
  > Update EVP_PKEY ED keygen to use an internal function that can return the result of the PWCT (#2256)
  > Remove unused CMake options for break tests (#2249)
  > Adding no-op X509_TRUST_cleanup for select application compatibility (#2257)
  > Add LibRdKafka to our CI (#2225)
  > Add public wrapper to internal bn_minimal_width function (#2245)
  > Prepare v1.48.1 (#2252)
  > Make BIO_get_mem_data a function again (#2246)
  > Move OCSP ASN1 type functions to public header (#2239)
  > Prepare for release v.1.48.0 (#2248)
  > Migrate last batch of jobs (#2214)
  > Enforce FIPS callback is only enabled for static builds (#2241)
  > Update to using Clang 18 on Windows (#2240)
  > Don't 'dllexport' Windows symbols on static build (#2238)
  > Check pagesize is non-negative in AES-XTS test (#2237)
  > Coverity Fix (#2236)
  > Increase required CMake version to 3.5 (#2219)
  > Remove BORINGSSL_FIPS_BREAK_FFC_DH (#2216)
  > Bump version, preparing for release v1.47.0 (#2229)
  > Add support to export ML-DSA key-pairs in seed format (#2194)
  > Integration test for libgit2 (#2215)
  > Fix out-of-bound (OOB) input read in AES-XTS Decrypt in AVX-512 implementation (#2227)
  > Integration test for libssh2 (#2222)
  > Reset DTLS1_BITMAP without resorting to memset (#2223)
  > Use AWSLC_SOURCE_DIR and AWSLC_BINARY_DIR (#2208)
  > Update ABI Diff Action to work correctly on push events (#2188)
  > Add SSL_CTX_use_cert_and_key   (#2163)
  > Add support to define a callback for FIPS test failures instead of aborting the process (#2162)
  > Move Ed25519ph into module boundary (#2186)
  > Add utility for querying and comparing the BORINGSSL_bcm_text_hash (#2217)
  > Add guidance around certificate auto-chaining in TLS (#2205)
  > SHAKE Incremental Byte Squeezes && EVP_ Tests (#2155)
  > Migrate 3rd batch of CI jobs (#2183)
  > Avoid duplicated definition of standalone test executable variables (#2212)
  > Modify SSL to inherit ciphersuites from SSL_CTX at initialization (#2198)
  > Prepare release v1.46.1 (#2210)
  > Remove access() call from Snapsafe detection (#2197)
  > Simplify IsFlag check logic (#2209)
  > Update pairwise consistency test failures to support gracefully continiung (#2201)
  > Enable RSA keygen becnhmarks by default (#2206)
  > Fix C++98 compatibility in our header files (#2193)
  > Add pq-tls interop test with BoringSSL (#2199)
  > Refactor AWS_LC_FIPS_failure to always exist (#2200)
  > Improve tool-openssl compatability for x509 and verify subcommands (#2196)
  > Prepare release v1.46.0 (#2204)
  > Add SPARCV9 target (#2202)
  > Simplify OpenSSH mainline build (#2158)
  > ML-KEM: Move FIPS-abort upon PCT failure to top-level ML-KEM API (#2195)
  > Add runtime options to break the pairwise consistency test for Ed, ML-KEM, and ML-DSA (#2192)
  > Update pkcs8_corpus files to include ML-DSA (#2191)
  > Refactor TLS 1.3 cipher selection and fix SSL_get_ciphers (#2092)
  > Add suport for asl and rol to match existing support for asr and ror (#2185)
  > SCRUTINICE fixes (#2180)
  > Make install_shared_and_static test more robust (#2179)
  > MacOS-12 GH runner no longer supported (#2190)
  > Add integration patches/CI for Ruby main and 3.3 (#2071)
  > Move ML-DSA to fipsmodule (#2175)
  > Expand spki fuzz corpus (#2187)
  > Update PQREADME.md (#2151)
  > Setup X509 CodeBuild Project for Limbo Report Generation (#2171)
  > Add msl to ARMConstantTweak and recognise ldrsw to prevent delocator errors (#2177)
  > Remove DEPENDS from add_custom_command as CMake made the behavior clear (#2178)
  > Update BORINGSSL_FIPS_abort to AWS_LC_FIPS_failure which takes a message (#2182)
  > Fix Nginx build (#2181)
  > Add EVP API Support for ED25519ph (#2144)
  > Update benchmark to skip chunk sizes that doesn't work with the algorithm (#2146)
  > Add new CAST tests to break-kat.go (#2173)
  > Migrate 2nd batch of CI jobs (#2091)
  > Ensure enabling local symbols doesn't change the module hash (#2169)
  > Move PQDSA to FIPSMODULE (#2166)
  > Ensure service indicator is incremented only once, update RSA and ED25519 to ensure the state is locked (#2112)
  > CAST and PCT for ML-DSA (#2148)
  > Validate or define ARM HWCAP2_XXX macros (#2164)
  > Prepare AWS-LC v1.45.0 (#2172)
  > Wrap pointers to s2n-bignum functions - delocator fix (#2165)
  > ML-DSA private keys from seeds (#2157)
  > SHA3 and SHAKE - New API Design (#2098)
  > Add support for PKCS12_set_mac (#2128)
  > Fix policy grant on ECR resource policy (#2159)
  > Cross library PQ interop test with s2n-tls (#2138)
Submodule mountpoint-s3-crt-sys/crt/s2n-tls 6cc9f53d..4ed4f1a6:
  > tests: try to make s2n_mem_usage_test more useful (#5139)
  > chore: git-blame-ignore ruff formatting (#5151)
  > chore(bindings): change in rustup behavior (#5160)
  > refactor: remove unused prf hmac impls (#5148)
  > chore(ci): make the awslc fips install script version aware (#5100)
  > fix: memory leak during STEK rotation (#5146)
  > refactor: add alternative EVP signing method (#5141)
  > refactor: cleanup prf header (#5144)
  > feat(bindings): expose context on cert chain (#5132)
  > Ruff Formatting and add to CI (#5138)
  > chore(nix): Add aws-lc-fips 2022/4 (#5109)
  > test(integv2): fixes to allow test_record_padding to partially run (#5099)
  > build(deps): update rtshark requirement from 2.9.0 to 3.1.0 in /tests/pcap in the all-cargo-updates group across 1 directory (#5087)
  > tests: use sig schemes as source of truth for valid hash+sig algs (#5129)
  > ci: always set values for command line defines (#5126)
  > fix: update callback return value (#5136)
  > refactor: always use EVP hashing (#5121)
  > ci: add check for third-party-src in disable rand override buildspec (#5137)
  > feat: add async cert validation support (#5110)
  > chore: remove unused well-known-endpoints.py (#5127)
  > fix(bindings): remove mutation behind Arc (#5124)
  > chore: binding release 0.3.12 (#5128)
  > refactor: use EVP_MD_fetch() if available (#5116)
  > feat: Option to disable RAND engine override (#5108)
  > fix(bindings): make Context borrow immutable (#5071)
  > build(deps): update rand requirement (#5125)
  > chore: fix a typo in API comments (#5123)
  > bindings: unpin openssl crate from a specific patch version (#5120)
  > refactor: move "s2n_libcrypto_is" methods into s2n_libcrypto.h (#5117)
  > Add new security policy (20250211) (#5111)
  > Revert "refactor: remove unused evp support for md5+sha1 (#5106)" (#5118)
  > ci: add default provider to openssl-3.0-fips (#5114)
  > fix: don't enable custom random for openssl fips (#5093)
  > fix: allow b64 decoding using libcrypto for sidechannel resistance (#5103)
  > refactor: remove unused evp support for md5+sha1 (#5106)
  > refactor: remove s2n_hmac_is_available (#5104)
  > build(deps): bump aws-actions/configure-aws-credentials from 4.0.2 to 4.1.0 in /.github/workflows in the all-gha-updates group across 1 directory (#5107)
  > fix(integrationv2): Skip unsupported client auth tests (#5096)
  > chore: bindings release 0.3.11 (#5098)
  > chore: ktls buildspec (#5083)
  > Fixed formatting for debugging statements (#5094)
  > feat(bindings): add external psk apis (#5061)
  > test: add minimal openssl-3.0-fips test (#5081)
  > fix(ci): Allow validate_start_codebuild to run on pushes to main (#5080)
  > fix: don't use DEPENDS with add_custom_command(TARGET) (#5074)
  > fix: error for uninit psk, check for all-zero psk (#5084)
  > fix: calculation of session ticket age (#5001)
  > fix: add support for `S2N_INTERN_LIBCRYPTO` with FetchContent (#5076)
  > fix(integration): Update PQ integration test expectations (#5082)
  > ci: fix dependabot, commit & check Cargo.toml (#5065)
  > docs(s2n-tls-hyper): Add hyper client/server example (#5069)
  > docs(integv2): add architecture diagram (#5072)
  > fix(bindings): prevent temp connection free after panic (#5067)
  > ci: Emit benchmark metrics from scheduled runs (#5064)
  > ci: change rust-toolchain format to toml (#5070)
  > Revert "ci: remove openssl-1.0.2-fips builds (#4995)" (#5060)
  > feat(bench): impl into for base config type (#5056)
  > refactor: cleanup CBMC proofs after #5048 (#5058)
  > ci: Adding integ tests back to integv2 (#5054)
  > refactor: remove openssl-1.0.2-fips 'allow md5' logic (#5048)
  > ci: pin duvet version (#5057)
  > build(deps): bump cross-platform-actions/action from 0.26.0 to 0.27.0 in /.github/workflows in the all-gha-updates group (#5053)
  > chore: fix typos (#5052)
  > chore: bump osx Openssl to latest (#5041)
  > chore: bindings release for 0.3.10 (#5046)
  > fix: initial config should not influence sslv2 (#4987)
  > ci: add openssl-3.0-fips builds (#5037)
  > Add Security Policy Deprecation API (#5034)
  > docs: add C / s2n-tls-sys doc references to s2n-tls docs (#5012)
  > test: add sslv2 client hello test w/ jvm (#5019)
  > ci: add timeout for cbmc proof (#5038)
  > fix(bindings): Specify correct minimum versions (#5028)

Does this change impact existing behavior?

Nothing expected.

Does this change need a changelog entry in any of the crates?

Updated

---

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and I agree to the terms of the Developer Certificate of Origin (DCO).

[unexge]

To accomodate changes on aws/aws-lc@fa44dbf