aws-crt 0.1.4 → 0.1.5

data/aws-crt-ffi/crt/s2n/bindings/rust/s2n-tls/src/testing/s2n_tls.rs

@@ -198,6 +198,7 @@ impl<'a, T: 'a + Context> Callback<'a, T> {
 #[cfg(test)]
 mod tests {
     use crate::testing::*;
+    use futures_test::task::new_count_waker;
 
     #[test]
     fn handshake_default() {
@@ -210,4 +211,123 @@ mod tests {
         let config = build_config(&security::DEFAULT_TLS13).unwrap();
         s2n_tls_pair(config)
     }
+
+    #[test]
+    fn static_config_and_clone_interaction() {
+        let config = build_config(&security::DEFAULT_TLS13).unwrap();
+        assert_eq!(config.test_get_refcount().unwrap(), 1);
+        {
+            let mut server = crate::raw::connection::Connection::new_server();
+            // default config is not returned on the connection
+            assert!(server.test_config_exists().is_err());
+            assert_eq!(config.test_get_refcount().unwrap(), 1);
+            server.set_config(config.clone()).unwrap();
+            assert_eq!(config.test_get_refcount().unwrap(), 2);
+            assert!(server.test_config_exists().is_ok());
+
+            let mut client = crate::raw::connection::Connection::new_client();
+            // default config is not returned on the connection
+            assert!(client.test_config_exists().is_err());
+            assert_eq!(config.test_get_refcount().unwrap(), 2);
+            client.set_config(config.clone()).unwrap();
+            assert_eq!(config.test_get_refcount().unwrap(), 3);
+            assert!(client.test_config_exists().is_ok());
+
+            let mut third = crate::raw::connection::Connection::new_server();
+            // default config is not returned on the connection
+            assert!(third.test_config_exists().is_err());
+            assert_eq!(config.test_get_refcount().unwrap(), 3);
+            third.set_config(config.clone()).unwrap();
+            assert_eq!(config.test_get_refcount().unwrap(), 4);
+            assert!(third.test_config_exists().is_ok());
+
+            // drop all the clones
+        }
+        assert_eq!(config.test_get_refcount().unwrap(), 1);
+    }
+
+    #[test]
+    fn set_config_multiple_times() {
+        let config = build_config(&security::DEFAULT_TLS13).unwrap();
+        assert_eq!(config.test_get_refcount().unwrap(), 1);
+
+        let mut server = crate::raw::connection::Connection::new_server();
+        // default config is not returned on the connection
+        assert!(server.test_config_exists().is_err());
+        assert_eq!(config.test_get_refcount().unwrap(), 1);
+
+        // call set_config once
+        server.set_config(config.clone()).unwrap();
+        assert_eq!(config.test_get_refcount().unwrap(), 2);
+        assert!(server.test_config_exists().is_ok());
+
+        // calling set_config multiple times works since we drop the previous config
+        server.set_config(config.clone()).unwrap();
+        assert_eq!(config.test_get_refcount().unwrap(), 2);
+        assert!(server.test_config_exists().is_ok());
+    }
+
+    #[test]
+    fn connnection_waker() {
+        let config = build_config(&security::DEFAULT_TLS13).unwrap();
+        assert_eq!(config.test_get_refcount().unwrap(), 1);
+
+        let mut server = crate::raw::connection::Connection::new_server();
+        server.set_config(config).unwrap();
+
+        assert!(server.waker().is_none());
+
+        let (waker, wake_count) = new_count_waker();
+        server.set_waker(Some(&waker)).unwrap();
+        assert!(server.waker().is_some());
+
+        server.set_waker(None).unwrap();
+        assert!(server.waker().is_none());
+
+        assert_eq!(wake_count, 0);
+    }
+
+    #[test]
+    fn client_hello_callback() {
+        let (waker, wake_count) = new_count_waker();
+        let require_pending_count = 10;
+        let handle = MockClientHelloHandler::new(require_pending_count);
+        let config = {
+            let mut config = config_builder(&security::DEFAULT_TLS13).unwrap();
+            config.set_client_hello_handler(handle.clone()).unwrap();
+            // multiple calls to set_client_hello_handler should succeed
+            config.set_client_hello_handler(handle.clone()).unwrap();
+            config.build().unwrap()
+        };
+
+        let server = {
+            // create and configure a server connection
+            let mut server = crate::raw::connection::Connection::new_server();
+            server
+                .set_config(config.clone())
+                .expect("Failed to bind config to server connection");
+            server.set_waker(Some(&waker)).unwrap();
+            Harness::new(server)
+        };
+
+        let client = {
+            // create a client connection
+            let mut client = crate::raw::connection::Connection::new_client();
+            client
+                .set_config(config)
+                .expect("Unable to set client config");
+            Harness::new(client)
+        };
+
+        let pair = Pair::new(server, client, SAMPLES);
+
+        poll_tls_pair(pair);
+        // confirm that the callback returned Pending `require_pending_count` times
+        assert_eq!(wake_count, require_pending_count);
+        // confirm that the final invoked count is +1 more than `require_pending_count`
+        assert_eq!(
+            handle.invoked.load(Ordering::SeqCst),
+            require_pending_count + 1
+        );
+    }
 }

data/aws-crt-ffi/crt/s2n/bindings/rust/s2n-tls/src/testing.rs

@@ -5,9 +5,10 @@ use crate::{
     raw::{config::*, security},
     testing::s2n_tls::Harness,
 };
+use alloc::{collections::VecDeque, sync::Arc};
 use bytes::Bytes;
-use core::task::Poll;
-use std::collections::VecDeque;
+use core::{sync::atomic::Ordering, task::Poll};
+use std::sync::atomic::AtomicUsize;
 
 pub mod s2n_tls;
 
@@ -133,7 +134,22 @@ impl CertKeyPair {
     }
 }
 
+#[derive(Default)]
+pub struct UnsecureAcceptAllClientCertificatesHandler {}
+impl VerifyClientCertificateHandler for UnsecureAcceptAllClientCertificatesHandler {
+    fn verify_host_name(&self, _host_name: &str) -> bool {
+        true
+    }
+}
+
 pub fn build_config(cipher_prefs: &security::Policy) -> Result<crate::raw::config::Config, Error> {
+    let builder = config_builder(cipher_prefs)?;
+    Ok(builder.build().expect("Unable to build server config"))
+}
+
+pub fn config_builder(
+    cipher_prefs: &security::Policy,
+) -> Result<crate::raw::config::Builder, Error> {
     let mut builder = Builder::new();
     let mut keypair = CertKeyPair::default();
     // Build a config
@@ -144,32 +160,14 @@ pub fn build_config(cipher_prefs: &security::Policy) -> Result<crate::raw::confi
         .load_pem(keypair.cert(), keypair.key())
         .expect("Unable to load cert/pem");
     unsafe {
-        let ctx: *mut core::ffi::c_void = std::ptr::null_mut();
         builder
-            .set_verify_host_callback(Some(verify_host_cb), ctx)
+            .set_verify_host_handler(UnsecureAcceptAllClientCertificatesHandler::default())
             .expect("Unable to set a host verify callback.");
         builder
             .disable_x509_verification()
             .expect("Unable to disable x509 verification");
     };
-    Ok(builder.build().expect("Unable to build server config"))
-}
-
-// host verify callback for x509
-// see: https://github.com/aws/s2n-tls/blob/main/docs/USAGE-GUIDE.md#s2n_verify_host_fn
-unsafe extern "C" fn verify_host_cb(
-    hostname: *const i8,
-    hostname_len: usize,
-    _context: *mut core::ffi::c_void,
-) -> u8 {
-    let host_str = ::std::str::from_utf8(::std::slice::from_raw_parts(
-        hostname as *const u8,
-        hostname_len,
-    ));
-    match host_str {
-        Err(_) => 0,
-        Ok(_host) => 1,
-    }
+    Ok(builder)
 }
 
 pub fn s2n_tls_pair(config: crate::raw::config::Config) {
@@ -190,7 +188,11 @@ pub fn s2n_tls_pair(config: crate::raw::config::Config) {
         .expect("Unabel to set client config");
     let client = Harness::new(client);
 
-    let mut pair = Pair::new(server, client, SAMPLES);
+    let pair = Pair::new(server, client, SAMPLES);
+    poll_tls_pair(pair);
+}
+
+pub fn poll_tls_pair(mut pair: Pair<Harness, Harness>) {
     loop {
         match pair.poll() {
             Poll::Ready(result) => {
@@ -203,3 +205,36 @@ pub fn s2n_tls_pair(config: crate::raw::config::Config) {
 
     // TODO add assertions to make sure the handshake actually succeeded
 }
+
+#[derive(Clone)]
+pub struct MockClientHelloHandler {
+    require_pending_count: usize,
+    invoked: Arc<AtomicUsize>,
+}
+
+impl MockClientHelloHandler {
+    pub fn new(require_pending_count: usize) -> Self {
+        Self {
+            require_pending_count,
+            invoked: Arc::new(AtomicUsize::new(0)),
+        }
+    }
+}
+
+impl ClientHelloHandler for MockClientHelloHandler {
+    fn poll_client_hello(
+        &self,
+        connection: &mut crate::raw::connection::Connection,
+    ) -> core::task::Poll<Result<(), ()>> {
+        if self.invoked.fetch_add(1, Ordering::SeqCst) < self.require_pending_count {
+            // confirm the callback can access the waker
+            connection.waker().unwrap().wake_by_ref();
+            return Poll::Pending;
+        }
+
+        // Test that server_name_extension_used can be invoked
+        connection.server_name_extension_used();
+
+        Poll::Ready(Ok(()))
+    }
+}

data/aws-crt-ffi/crt/s2n/bindings/rust/s2n-tls-sys/Cargo.toml

@@ -1,7 +1,7 @@
 [package]
 name = "s2n-tls-sys"
 description = "A C99 implementation of the TLS/SSL protocols"
-version = "0.0.2"
+version = "0.0.4"
 authors = ["AWS s2n"]
 edition = "2018"
 links = "s2n-tls"

data/aws-crt-ffi/crt/s2n/bindings/rust/s2n-tls-sys/src/internal.rs

@@ -18,3 +18,6 @@ extern "C" {
         config: *mut *mut s2n_config,
     ) -> ::libc::c_int;
 }
+extern "C" {
+    pub fn s2n_config_client_hello_cb_enable_poll(config: *mut s2n_config) -> ::libc::c_int;
+}

data/aws-crt-ffi/crt/s2n/crypto/s2n_composite_cipher_aes_sha.c

@@ -150,7 +150,7 @@ static int s2n_composite_cipher_aes_sha_initial_hmac(struct s2n_session_key *key
      */
     int ctrl_ret = EVP_CIPHER_CTX_ctrl(key->evp_cipher_ctx, EVP_CTRL_AEAD_TLS1_AAD, S2N_TLS12_AAD_LEN, ctrl_buf);
 
-    S2N_ERROR_IF(ctrl_ret < 0, S2N_ERR_INITIAL_HMAC);
+    S2N_ERROR_IF(ctrl_ret <= 0, S2N_ERR_INITIAL_HMAC);
 
     *extra = ctrl_ret;
     return 0;

data/aws-crt-ffi/crt/s2n/crypto/s2n_drbg.c

@@ -197,9 +197,14 @@ int s2n_drbg_generate(struct s2n_drbg *drbg, struct s2n_blob *blob)
 
     S2N_ERROR_IF(blob->size > S2N_DRBG_GENERATE_LIMIT, S2N_ERR_DRBG_REQUEST_SIZE);
 
-    /* Always mix in additional entropy, for prediction resistance.
-        If s2n_drbg_mix is removed: must implement reseeding according to limit
-        specified in NIST SP800-90A 10.2.1 Table 3. */
+    /* Mix in additional entropy for every randomness generation call. This
+     * defense mechanism is referred to as "prediction resistance".
+     * If we ever relax this defense, we must:
+     *  1. Implement reseeding according to limit specified in
+     *     NIST SP800-90A 10.2.1 Table 3.
+     *  2. Re-consider whether the current fork detection strategy is still
+     *     sufficient.
+     */
     POSIX_GUARD(s2n_drbg_mix(drbg, &zeros));
     POSIX_GUARD(s2n_drbg_bits(drbg, blob));
     POSIX_GUARD(s2n_drbg_update(drbg, &zeros));

data/aws-crt-ffi/crt/s2n/error/s2n_errno.c

@@ -265,6 +265,9 @@ static const char *no_such_error = "Internal s2n error";
     ERR_ENTRY(S2N_ERR_KEYING_MATERIAL_EXPIRED, "The lifetime of the connection keying material has exceeded the limit. Perform a new full handshake.") \
     ERR_ENTRY(S2N_ERR_EARLY_DATA_TRIAL_DECRYPT, "Unable to decrypt rejected early data") \
     ERR_ENTRY(S2N_ERR_PKEY_CTX_INIT, "Unable to initialize the libcrypto pkey context") \
+    ERR_ENTRY(S2N_ERR_FORK_DETECTION_INIT, "Fork detection initialization failed") \
+    ERR_ENTRY(S2N_ERR_RETRIEVE_FORK_GENERATION_NUMBER, "Retrieving fork generation number failed") \
+
 /* clang-format on */
 
 #define ERR_STR_CASE(ERR, str) case ERR: return str;

data/aws-crt-ffi/crt/s2n/error/s2n_errno.h

@@ -207,6 +207,8 @@ typedef enum {
     S2N_ERR_INVALID_CERT_STATE,
     S2N_ERR_INVALID_EARLY_DATA_STATE,
     S2N_ERR_PKEY_CTX_INIT,
+    S2N_ERR_FORK_DETECTION_INIT,
+    S2N_ERR_RETRIEVE_FORK_GENERATION_NUMBER,
     S2N_ERR_T_INTERNAL_END,
 
     /* S2N_ERR_T_USAGE */

data/aws-crt-ffi/crt/s2n/lib/Makefile

@@ -33,3 +33,14 @@ libs2n.so: ${OBJS}
 
 libs2n.dylib: ${OBJS}
 	test ! -f /usr/lib/libSystem.dylib || libtool -dynamic  ${LIBS} -L${LIBCRYPTO_ROOT}/lib ${CRYPTO_LIBS} -o libs2n.dylib ${OBJS}
+
+$(libdir):
+	@mkdir -p $(libdir)
+
+install: libs2n.a libs2n.so $(libdir)
+	@cp libs2n.*  $(libdir)
+	@cp ../api/s2n.h  $(includedir)
+
+uninstall:
+	@rm $(libdir)/libs2n.*
+	@rm $(includedir)/s2n.h

data/aws-crt-ffi/crt/s2n/pq-crypto/kyber_90s_r2/ntt.h

@@ -6,8 +6,8 @@
 extern const int16_t PQCLEAN_KYBER51290S_CLEAN_zetas[128];
 extern const int16_t PQCLEAN_KYBER51290S_CLEAN_zetasinv[128];
 
-void PQCLEAN_KYBER51290S_CLEAN_ntt(int16_t *poly);
-void PQCLEAN_KYBER51290S_CLEAN_invntt(int16_t *poly);
+void PQCLEAN_KYBER51290S_CLEAN_ntt(int16_t poly[256]);
+void PQCLEAN_KYBER51290S_CLEAN_invntt(int16_t poly[256]);
 void PQCLEAN_KYBER51290S_CLEAN_basemul(int16_t r[2], const int16_t a[2], const int16_t b[2], int16_t zeta);
 
 #endif

data/aws-crt-ffi/crt/s2n/pq-crypto/kyber_r2/ntt.h

@@ -6,8 +6,8 @@
 extern const int16_t PQCLEAN_KYBER512_CLEAN_zetas[128];
 extern const int16_t PQCLEAN_KYBER512_CLEAN_zetasinv[128];
 
-void PQCLEAN_KYBER512_CLEAN_ntt(int16_t *poly);
-void PQCLEAN_KYBER512_CLEAN_invntt(int16_t *poly);
+void PQCLEAN_KYBER512_CLEAN_ntt(int16_t poly[256]);
+void PQCLEAN_KYBER512_CLEAN_invntt(int16_t poly[256]);
 void PQCLEAN_KYBER512_CLEAN_basemul(int16_t r[2], const int16_t a[2], const int16_t b[2], int16_t zeta);
 
 #endif

data/aws-crt-ffi/crt/s2n/pq-crypto/kyber_r3/kyber512r3_poly_avx2.h

@@ -37,7 +37,7 @@ void poly_getnoise_eta1_4x(poly *r0,
                            poly *r1,
                            poly *r2,
                            poly *r3,
-                           const uint8_t *seed,
+                           const uint8_t seed[32],
                            uint8_t nonce0,
                            uint8_t nonce1,
                            uint8_t nonce2,
@@ -48,7 +48,7 @@ void poly_getnoise_eta1122_4x(poly *r0,
                               poly *r1,
                               poly *r2,
                               poly *r3,
-                              const uint8_t *seed,
+                              const uint8_t seed[32],
                               uint8_t nonce0,
                               uint8_t nonce1,
                               uint8_t nonce2,

data/aws-crt-ffi/crt/s2n/pq-crypto/kyber_r3/kyber512r3_polyvec_avx2.h

@@ -11,10 +11,10 @@ typedef struct{
 } polyvec;
 
 #define polyvec_compress_avx2 S2N_KYBER_512_R3_NAMESPACE(polyvec_compress_avx2)
-void polyvec_compress_avx2(uint8_t r[S2N_KYBER_512_R3_POLYCOMPRESSEDBYTES+2], const polyvec *a);
+void polyvec_compress_avx2(uint8_t r[S2N_KYBER_512_R3_POLYVECCOMPRESSEDBYTES+2], const polyvec *a);
 
 #define polyvec_decompress_avx2 S2N_KYBER_512_R3_NAMESPACE(polyvec_decompress_avx2)
-void polyvec_decompress_avx2(polyvec *r, const uint8_t a[S2N_KYBER_512_R3_POLYCOMPRESSEDBYTES+12]);
+void polyvec_decompress_avx2(polyvec *r, const uint8_t a[S2N_KYBER_512_R3_POLYVECCOMPRESSEDBYTES+12]);
 
 #define polyvec_tobytes_avx2 S2N_KYBER_512_R3_NAMESPACE(polyvec_tobytes_avx2)
 void polyvec_tobytes_avx2(uint8_t r[S2N_KYBER_512_R3_POLYVECBYTES], const polyvec *a);

data/aws-crt-ffi/crt/s2n/pq-crypto/sike_r1/P503_internal_r1.h

@@ -150,7 +150,7 @@ void fpdiv2_503(const digit_t* a, digit_t* c);
 void fpcorrection503(digit_t* a);
 
 // 503-bit Montgomery reduction, c = a mod p
-void rdc_mont(const digit_t* a, digit_t* c);
+void rdc_mont(const dfelm_t ma, felm_t mc);
 
 // Field multiplication using Montgomery arithmetic, c = a*b*R^-1 mod p503, where R=2^768
 void fpmul503_mont(const felm_t a, const felm_t b, felm_t c);

data/aws-crt-ffi/crt/s2n/pq-crypto/sike_r1/fips202_r1.h

@@ -7,7 +7,7 @@
 #define SHAKE128_RATE 168
 #define SHAKE256_RATE 136
 
-void cshake256_simple_absorb(uint64_t *s, uint16_t cstm, const unsigned char *in, unsigned long long inlen);
+void cshake256_simple_absorb(uint64_t s[25], uint16_t cstm, const unsigned char *in, unsigned long long inlen);
 void cshake256_simple(unsigned char *output, unsigned long long outlen, uint16_t cstm, const unsigned char *in, unsigned long long inlen);
 
 #endif // FIPS202_R1_H

data/aws-crt-ffi/crt/s2n/pq-crypto/sike_r3/sikep434r3_fp_x64_asm.S

@@ -31,6 +31,10 @@
 
 #endif
 
+#if defined(__linux__) && defined(__ELF__)
+.section .note.GNU-stack,"",%progbits
+#endif
+
 .text
 
 #define asm_p434 S2N_SIKE_P434_R3_NAMESPACE(asm_p434)

data/aws-crt-ffi/crt/s2n/s2n.mk

@@ -167,6 +167,13 @@ ifndef COV_TOOL
 	endif
 endif
 
+# Used for testing.
+prefix ?= /usr/local
+exec_prefix ?= $(prefix)
+bindir ?= $(exec_prefix)/bin
+libdir ?= $(exec_prefix)/lib64
+includedir ?= $(exec_prefix)/include
+
 try_compile = $(shell $(CC) $(CFLAGS) -c -o tmp.o $(1) > /dev/null 2>&1; echo $$?; rm tmp.o > /dev/null 2>&1)
 
 # Determine if execinfo.h is available
@@ -211,6 +218,24 @@ ifeq ($(TRY_EVP_MD_CTX_SET_PKEY_CTX), 0)
 	DEFAULT_CFLAGS += -DS2N_LIBCRYPTO_SUPPORTS_EVP_MD_CTX_SET_PKEY_CTX
 endif
 
+# Determine if madvise() is available
+TRY_COMPILE_MADVISE := $(call try_compile,$(S2N_ROOT)/tests/features/madvise.c)
+ifeq ($(TRY_COMPILE_MADVISE), 0)
+	DEFAULT_CFLAGS += -DS2N_MADVISE_SUPPORTED
+endif
+
+# Determine if minherit() is available
+TRY_COMPILE_MINHERIT:= $(call try_compile,$(S2N_ROOT)/tests/features/minherit.c)
+ifeq ($(TRY_COMPILE_MINHERIT), 0)
+	DEFAULT_CFLAGS += -DS2N_MINHERIT_SUPPORTED
+endif
+
+# Determine if clone() is available
+TRY_COMPILE_CLONE := $(call try_compile,$(S2N_ROOT)/tests/features/clone.c)
+ifeq ($(TRY_COMPILE_CLONE), 0)
+	DEFAULT_CFLAGS += -DS2N_CLONE_SUPPORTED
+endif
+
 CFLAGS_LLVM = ${DEFAULT_CFLAGS} -emit-llvm -c -g -O1
 
 $(BITCODE_DIR)%.bc: %.c

data/aws-crt-ffi/crt/s2n/scripts/s2n_safety_macros.py

@@ -706,6 +706,11 @@ for context in CONTEXTS:
             doc = 'Ensures `{is_ok}`, otherwise the function will return `{error}`'
             if other == PTR:
                 doc += '\n\nDoes not set s2n_errno to S2N_ERR_NULL, so is NOT a direct replacement for {prefix}ENSURE_REF.'
+            if context['ret'] != DEFAULT['ret']:
+                doc = (deprecation_message + "\n\n" + doc)
+
+            if other == context:
+                continue;
 
             impl = '__S2N_ENSURE({is_ok}, return {error})'
             args = {
@@ -722,7 +727,16 @@ for context in CONTEXTS:
             docs += push_doc(args)
             header += push_macro(args)
 
+def cleanup(contents):
+    # Remove any unnecessary generated "X_GUARD_X"s, like "RESULT_GUARD_RESULT"
+    for context in CONTEXTS:
+        x_guard = "{name}_GUARD".format_map(context)
+        x_guard_x = "{name}_GUARD_{name}".format_map(context)
+        contents = contents.replace(x_guard_x, x_guard)
+    return contents
+
 def write(f, contents):
+    contents = cleanup(contents)
     header_file = open(f, "w")
     header_file.write(contents)
     header_file.close()

data/aws-crt-ffi/crt/s2n/tests/benchmark/Readme.md

@@ -3,24 +3,38 @@ This README covers the basics on how to build the s2n-tls library to be able to
 ##Install Google Benchmark
 Follow instructions on the Google Benchmark repository to build and install [Google Benchmark](https://github.com/google/benchmark)
 
-##Building the s2n-tls library
+## Building the s2n-tls library
 #### In order to enable the s2n library to build the benchmarks the following parameters must be set:
 1. `-DBUILD_TESTING=1`
 2. `-DBENCHMARK=1`
 3. `-DCMAKE_PREFIX_PATH="File/path/to/Google/Benchmark/"`
 
-####Example:
-`cmake . -Bbuild -GNinja -DCMAKE_EXE_LINKER_FLAGS="-lcrypto -lz" -DCMAKE_EXPORT_COMPILE_COMMANDS=ON -DCMAKE_BUILD_TYPE=Release -DBUILD_TESTING=1 -DBENCHMARK=1 -DCMAKE_PREFIX_PATH="~/benchmark/install"`
+#### Example:
+
+```
+# Starting from the top level "s2n-tls" directory, remove previous CMake build files, if any
+rm -rf build
+
+# Initialize CMake build directory with Nina build system
+cmake . -Bbuild -GNinja -DCMAKE_EXE_LINKER_FLAGS="-lcrypto -lz" -DCMAKE_EXPORT_COMPILE_COMMANDS=ON -DCMAKE_BUILD_TYPE=Release -DBUILD_TESTING=1 -DBENCHMARK=1 -DCMAKE_PREFIX_PATH="~/benchmark/install"
+
+# Actually build the executable binaries
+cd build
+ninja
+
+# Run a benchmark
+./bin/s2n_negotiate_benchmark -r 1 -i 5 -p ../tests/pems/ -o negotiate_data -t console localhost 8000 
+```
 
 **If you would like to build with a different libcrypto, include the file path in -DCMAKE_PREFIX_PATH**:
 
 `-DCMAKE_PREFIX_PATH="~/aws-lc/install;~/benchmark/install"`
 
-##Running benchmarks
+## Running benchmarks
 Once the s2n-tls library has completed building, the benchmarks can be located in the `build/bin` folder.
 The two benchmarks that are currently available are `s2n_negotiate_benchmark` and `s2n_send_recv_benchmark`
 
-###Benchmark Options:
+### Benchmark Options:
 Each benchmark has the ability to accept different options:
 
 usage: 
@@ -29,7 +43,7 @@ usage:
 
     host: hostname or IP address to connect to
     port: port to connect to
-######Options:
+###### Options:
     -i [# of iterations]
     sets the number of iterations to run each repetition
 
@@ -64,14 +78,14 @@ usage:
     print debug output to terminal
     
 
-###s2n_negotiate_benchmark
+### s2n_negotiate_benchmark
 Example: 
 
-`./s2n_negotitate_benchmark -r 1 -i 5 -p /Users/sidhusn/s2n-tls/tests/pems/ -o negotiate_data -t console localhost 8000`
+`./bin/s2n_negotiate_benchmark -r 1 -i 5 -p ../tests/pems/ -o negotiate_data -t console localhost 8000`
 
 or
 
-`./s2n_negotitate_benchmark -r 5 -i 5 -w 10 -p /Users/sidhusn/s2n-tls/tests/pems/ -o negotiate_data -t console localhost 8000`
+`./bin/s2n_negotiate_benchmark -r 5 -i 5 -w 10 -p ../tests/pems/ -o negotiate_data -t console localhost 8000`
 
 
 

data/aws-crt-ffi/crt/s2n/tests/features/clone.c

@@ -0,0 +1,24 @@
+/*
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License").
+ * You may not use this file except in compliance with the License.
+ * A copy of the License is located at
+ *
+ *  http://aws.amazon.com/apache2.0
+ *
+ * or in the "license" file accompanying this file. This file is distributed
+ * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
+ * express or implied. See the License for the specific language governing
+ * permissions and limitations under the License.
+ */
+
+#define _GNU_SOURCE
+
+#include <sched.h>
+#include <stddef.h>
+
+int main() {
+    clone(NULL, NULL, 0, NULL);
+    return 0;
+}

data/aws-crt-ffi/crt/s2n/tests/features/madvise.c

@@ -0,0 +1,27 @@
+/*
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License").
+ * You may not use this file except in compliance with the License.
+ * A copy of the License is located at
+ *
+ *  http://aws.amazon.com/apache2.0
+ *
+ * or in the "license" file accompanying this file. This file is distributed
+ * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
+ * express or implied. See the License for the specific language governing
+ * permissions and limitations under the License.
+ */
+
+/* Keep in sync with utils/s2n_fork_detection.c */
+#if !defined(__APPLE__) && !defined(_GNU_SOURCE)
+    #define _GNU_SOURCE
+#endif
+
+#include <stddef.h>
+#include <sys/mman.h>
+
+int main() {
+    madvise(NULL, 0, 0);
+    return 0;
+}

data/aws-crt-ffi/crt/s2n/tests/features/minherit.c

@@ -0,0 +1,22 @@
+/*
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License").
+ * You may not use this file except in compliance with the License.
+ * A copy of the License is located at
+ *
+ *  http://aws.amazon.com/apache2.0
+ *
+ * or in the "license" file accompanying this file. This file is distributed
+ * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
+ * express or implied. See the License for the specific language governing
+ * permissions and limitations under the License.
+ */
+
+#include <stddef.h>
+#include <sys/mman.h>
+
+int main() {
+    minherit(NULL, 0, 0);
+    return 0;
+}

data/aws-crt-ffi/crt/s2n/tests/integrationv2/conftest.py

@@ -19,9 +19,9 @@ def pytest_configure(config):
 
     no_pq = config.getoption('no-pq', 0)
     fips_mode = config.getoption('fips-mode', 0)
-    if no_pq is 1:
+    if no_pq == 1:
         set_flag(S2N_NO_PQ, True)
-    if fips_mode is 1:
+    if fips_mode == 1:
         set_flag(S2N_FIPS_MODE, True)
 
     set_flag(S2N_PROVIDER_VERSION, config.getoption('provider-version', None))

data/aws-crt-ffi/crt/s2n/tests/unit/s2n_connection_test.c

@@ -126,7 +126,7 @@ int main(int argc, char **argv)
      */
     {
         /* Carefully consider any increases to this number. */
-        const uint16_t max_connection_size = 9000;
+        const uint16_t max_connection_size = 9100;
         const uint16_t min_connection_size = max_connection_size * 0.75;
 
         size_t connection_size = sizeof(struct s2n_connection);