aws-crt 0.1.4 → 0.1.5

data/aws-crt-ffi/crt/s2n/tls/s2n_tls13_key_schedule.c

@@ -77,7 +77,7 @@ static S2N_RESULT s2n_set_key(struct s2n_connection *conn, s2n_extract_secret_ty
     struct s2n_blob secret = { 0 };
     uint8_t secret_bytes[S2N_TLS13_SECRET_MAX_LEN] = { 0 };
     RESULT_GUARD_POSIX(s2n_blob_init(&secret, secret_bytes, S2N_TLS13_SECRET_MAX_LEN));
-    RESULT_GUARD(s2n_tls13_derive_secret(conn, secret_type, mode, &secret));
+    RESULT_GUARD(s2n_tls13_secrets_get(conn, secret_type, mode, &secret));
 
     /**
      *= https://tools.ietf.org/rfc/rfc8446#section-7.3
@@ -246,22 +246,21 @@ static S2N_RESULT s2n_server_key_schedule(struct s2n_connection *conn)
      *# Can send                       | [Send Certificate + CertificateVerify]
      *# app data                       | Send Finished
      *# after   -->                    | K_send = application
+     */
+    if (message_type == SERVER_FINISHED) {
+        K_send(conn, S2N_APPLICATION_SECRET);
+    /**
+     *= https://tools.ietf.org/rfc/rfc8446#appendix-A.2
      *# here                  +--------+--------+
      *#              No 0-RTT |                 | 0-RTT
      *#                       |                 |
      *#   K_recv = handshake  |                 | K_recv = early data
      */
-    if (message_type == SERVER_FINISHED) {
-        /* Warning: s2n-quic currently requires that we emit secrets in pairs.
-         * Therefore, we must handle the handshake secret before we handle
-         * the application secret here.
-         */
         if (WITH_EARLY_DATA(conn)) {
             K_recv(conn, S2N_EARLY_SECRET);
         } else {
             K_recv(conn, S2N_HANDSHAKE_SECRET);
         }
-        K_send(conn, S2N_APPLICATION_SECRET);
     }
     /**
      *= https://tools.ietf.org/rfc/rfc8446#appendix-A.2
@@ -314,6 +313,7 @@ S2N_RESULT s2n_tls13_key_schedule_update(struct s2n_connection *conn)
     if (s2n_connection_get_protocol_version(conn) < S2N_TLS13) {
         return S2N_RESULT_OK;
     }
+    RESULT_GUARD(s2n_tls13_secrets_update(conn));
     RESULT_ENSURE_REF(key_schedules[conn->mode]);
     RESULT_GUARD(key_schedules[conn->mode](conn));
     return S2N_RESULT_OK;

data/aws-crt-ffi/crt/s2n/tls/s2n_tls13_secrets.c

@@ -504,20 +504,13 @@ S2N_RESULT s2n_tls13_derive_secret(struct s2n_connection *conn, s2n_extract_secr
     return S2N_RESULT_OK;
 }
 
-S2N_RESULT s2n_tls13_secrets_finish(struct s2n_connection *conn)
+S2N_RESULT s2n_tls13_secrets_clean(struct s2n_connection *conn)
 {
     RESULT_ENSURE_REF(conn);
     if (conn->actual_protocol_version < S2N_TLS13) {
         return S2N_RESULT_OK;
     }
 
-    /*
-     * Prepare TLS1.3 resumption secret.
-     * A ticket can be requested any time after the handshake ends,
-     * so we need to calculate this before the handshake ends.
-     */
-    RESULT_GUARD(s2n_derive_resumption_master_secret(conn));
-
     /*
      * Wipe base secrets.
      * Not strictly necessary, but probably safer than leaving them.
@@ -529,5 +522,65 @@ S2N_RESULT s2n_tls13_secrets_finish(struct s2n_connection *conn)
     RESULT_GUARD_POSIX(s2n_blob_zero(&CONN_SECRET(conn, master_secret)));
     conn->secrets.tls13.secrets_state = S2N_NONE_SECRET;
 
+    /* Wipe other secrets no longer needed */
+    RESULT_GUARD_POSIX(s2n_blob_zero(&CONN_SECRET(conn, client_handshake_secret)));
+    RESULT_GUARD_POSIX(s2n_blob_zero(&CONN_SECRET(conn, server_handshake_secret)));
+
+    return S2N_RESULT_OK;
+}
+
+S2N_RESULT s2n_tls13_secrets_update(struct s2n_connection *conn)
+{
+    RESULT_ENSURE_REF(conn);
+    RESULT_ENSURE_REF(conn->secure.cipher_suite);
+
+    message_type_t message_type = s2n_conn_get_current_message_type(conn);
+    switch(message_type) {
+        case SERVER_HELLO:
+            RESULT_GUARD(s2n_tls13_derive_secret(conn, S2N_HANDSHAKE_SECRET,
+                    S2N_CLIENT, &CONN_SECRET(conn, client_handshake_secret)));
+            RESULT_GUARD(s2n_tls13_derive_secret(conn, S2N_HANDSHAKE_SECRET,
+                    S2N_SERVER, &CONN_SECRET(conn, server_handshake_secret)));
+            RESULT_ENSURE_EQ(CONN_SECRETS(conn).secrets_state, S2N_HANDSHAKE_SECRET);
+            break;
+        case SERVER_FINISHED:
+            RESULT_GUARD(s2n_tls13_derive_secret(conn, S2N_MASTER_SECRET,
+                    S2N_CLIENT, &CONN_SECRET(conn, client_app_secret)));
+            RESULT_GUARD(s2n_tls13_derive_secret(conn, S2N_MASTER_SECRET,
+                    S2N_SERVER, &CONN_SECRET(conn, server_app_secret)));
+            RESULT_ENSURE_EQ(CONN_SECRETS(conn).secrets_state, S2N_MASTER_SECRET);
+            break;
+        case CLIENT_FINISHED:
+            RESULT_GUARD(s2n_derive_resumption_master_secret(conn));
+            break;
+        default:
+            break;
+    }
+    return S2N_RESULT_OK;
+}
+
+S2N_RESULT s2n_tls13_secrets_get(struct s2n_connection *conn, s2n_extract_secret_type_t secret_type,
+        s2n_mode mode, struct s2n_blob *secret)
+{
+    RESULT_ENSURE_REF(conn);
+    RESULT_ENSURE_REF(secret);
+
+    uint8_t *secrets[][2] = {
+        [S2N_HANDSHAKE_SECRET] = { CONN_SECRETS(conn).server_handshake_secret, CONN_SECRETS(conn).client_handshake_secret },
+        [S2N_MASTER_SECRET]    = { CONN_SECRETS(conn).server_app_secret, CONN_SECRETS(conn).client_app_secret },
+    };
+    RESULT_ENSURE_GT(secret_type, S2N_NONE_SECRET);
+    RESULT_ENSURE_LT(secret_type, s2n_array_len(secrets));
+
+    if (secrets[secret_type][mode] == NULL) {
+        RESULT_GUARD(s2n_tls13_derive_secret(conn, secret_type, mode, secret));
+        return S2N_RESULT_OK;
+    }
+
+    RESULT_ENSURE_GTE(CONN_SECRETS(conn).secrets_state, secret_type);
+
+    secret->size = s2n_get_hash_len(CONN_HMAC_ALG(conn));
+    RESULT_CHECKED_MEMCPY(secret->data, secrets[secret_type][mode], secret->size);
+    RESULT_ENSURE_GT(secret->size, 0);
     return S2N_RESULT_OK;
 }

data/aws-crt-ffi/crt/s2n/tls/s2n_tls13_secrets.h

@@ -31,25 +31,31 @@ typedef enum {
 } s2n_extract_secret_type_t;
 
 struct s2n_tls13_secrets {
-    /* Secrets only used during the handshake */
     uint8_t early_secret[S2N_TLS13_SECRET_MAX_LEN];
+
     uint8_t handshake_secret[S2N_TLS13_SECRET_MAX_LEN];
-    uint8_t master_secret[S2N_TLS13_SECRET_MAX_LEN];
-    s2n_extract_secret_type_t secrets_state;
+    uint8_t client_handshake_secret[S2N_TLS13_SECRET_MAX_LEN];
+    uint8_t server_handshake_secret[S2N_TLS13_SECRET_MAX_LEN];
 
-    /* Secrets used after the handshake */
+    uint8_t master_secret[S2N_TLS13_SECRET_MAX_LEN];
     uint8_t client_app_secret[S2N_TLS13_SECRET_MAX_LEN];
     uint8_t server_app_secret[S2N_TLS13_SECRET_MAX_LEN];
     uint8_t resumption_master_secret[S2N_TLS13_SECRET_MAX_LEN];
+
+    s2n_extract_secret_type_t secrets_state;
 };
 
 S2N_RESULT s2n_tls13_empty_transcripts_init();
-S2N_RESULT s2n_tls13_secrets_finish(struct s2n_connection *conn);
 
 S2N_RESULT s2n_tls13_extract_secret(struct s2n_connection *conn, s2n_extract_secret_type_t secret_type);
 S2N_RESULT s2n_tls13_derive_secret(struct s2n_connection *conn, s2n_extract_secret_type_t secret_type,
         s2n_mode mode, struct s2n_blob *secret);
 
+S2N_RESULT s2n_tls13_secrets_update(struct s2n_connection *conn);
+S2N_RESULT s2n_tls13_secrets_get(struct s2n_connection *conn, s2n_extract_secret_type_t secret_type,
+        s2n_mode mode, struct s2n_blob *secret);
+S2N_RESULT s2n_tls13_secrets_clean(struct s2n_connection *conn);
+
 S2N_RESULT s2n_derive_binder_key(struct s2n_psk *psk, struct s2n_blob *output);
 S2N_RESULT s2n_derive_resumption_master_secret(struct s2n_connection *conn);
 

data/aws-crt-ffi/crt/s2n/utils/s2n_fork_detection.c

@@ -0,0 +1,367 @@
+/*
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License").
+ * You may not use this file except in compliance with the License.
+ * A copy of the License is located at
+ *
+ *  http://aws.amazon.com/apache2.0
+ *
+ * or in the "license" file accompanying this file. This file is distributed
+ * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
+ * express or implied. See the License for the specific language governing
+ * permissions and limitations under the License.
+ */
+
+/* This captures Darwin specialities. This is the only APPLE flavor we care about.
+ * Here we also capture varius required feature test macros.
+ */
+#if defined(__APPLE__)
+    typedef struct _opaque_pthread_once_t  __darwin_pthread_once_t;
+    typedef __darwin_pthread_once_t pthread_once_t;
+    #define _DARWIN_C_SOURCE
+#elif !defined(_GNU_SOURCE)
+    /* Keep in sync with feature probe tests/features/madvise.c */
+    #define _GNU_SOURCE
+#endif
+
+#include <sys/mman.h>
+
+/* Not always defined for Darwin */
+#if !defined(MAP_ANONYMOUS)
+    #define MAP_ANONYMOUS MAP_ANON
+#endif
+
+#include "error/s2n_errno.h"
+#include "utils/s2n_fork_detection.h"
+#include "utils/s2n_safety.h"
+
+#include <pthread.h>
+#include <stdlib.h>
+#include <sys/types.h>
+#include <unistd.h>
+
+
+#if defined(S2N_MINHERIT_SUPPORTED) && defined(S2N_MADVISE_SUPPORTED)
+#error "Both S2N_MINHERIT_SUPPORTED and S2N_MADVISE_SUPPORTED are defined. This should not be possible."
+#endif
+
+#if defined(S2N_MADVISE_SUPPORTED) && defined(MADV_WIPEONFORK)
+#if (MADV_WIPEONFORK != 18)
+#error "MADV_WIPEONFORK is not 18"
+#endif
+#else /* defined(S2N_MADVISE_SUPPORTED) && defined(MADV_WIPEONFORK) */
+#define MADV_WIPEONFORK 18
+#endif
+
+/* These variables are used to disable all fork detection mechanisms or at the
+ * individual level during testing.
+ */
+static bool ignore_wipeonfork_or_inherit_zero_method_for_testing = false;
+static bool ignore_pthread_atfork_method_for_testing = false;
+static bool ignore_fork_detection_for_testing = false;
+
+#define S2N_FORK_EVENT 0
+#define S2N_NO_FORK_EVENT 1
+
+struct FGN_STATE {
+    /* The current cached fork generation number for this process */
+    uint64_t current_fork_generation_number;
+
+    /* Semaphore controlling access to the shared sentinel and signaling whether
+     * fork detection is enabled or not. We could use zero_on_fork_addr, but
+     * avoid overloading by using an explicit variable.
+     */
+    bool is_fork_detection_enabled;
+
+    /* Sentinel that signals a fork event has occurred */
+    volatile char *zero_on_fork_addr;
+
+    pthread_once_t fork_detection_once;
+    pthread_rwlock_t fork_detection_rw_lock;
+};
+
+/* We only need a single statically initialised state. Note, the state is
+ * inherited by child processes.
+ */
+static struct FGN_STATE fgn_state = {
+    .current_fork_generation_number = 0,
+    .is_fork_detection_enabled = false,
+    .zero_on_fork_addr = NULL,
+    .fork_detection_once = PTHREAD_ONCE_INIT,
+    .fork_detection_rw_lock = PTHREAD_RWLOCK_INITIALIZER,
+};
+
+
+/* Can currently never fail. See initialise_fork_detection_methods() for
+ * motivation.
+ */
+static inline S2N_RESULT s2n_initialise_wipeonfork_best_effort(void *addr, long page_size)
+{
+#if defined(S2N_MADVISE_SUPPORTED)
+    /* Return value ignored on purpose */
+    madvise(addr, (size_t) page_size, MADV_WIPEONFORK);
+#endif
+
+    return S2N_RESULT_OK;
+}
+
+static inline S2N_RESULT s2n_initialise_inherit_zero(void *addr, long page_size)
+{
+#if defined(S2N_MINHERIT_SUPPORTED) && defined(MAP_INHERIT_ZERO)
+    RESULT_ENSURE(minherit(addr, pagesize, MAP_INHERIT_ZERO) == 0, S2N_ERR_FORK_DETECTION_INIT);
+#endif
+
+    return S2N_RESULT_OK;
+}
+
+static void s2n_pthread_atfork_on_fork(void)
+{
+    /* This zeroises the first byte of the memory page pointed to by
+     * *zero_on_fork_addr. This is the same byte used as fork event detection
+     * sentinel in s2n_get_fork_generation_number(). The same memory page, and in
+     * turn, the byte, is also the memory zeroised by the MADV_WIPEONFORK fork
+     * detection mechanism.
+     *
+     * Aquire locks to be on the safe side. We want to avoid the checks in
+     * s2n_get_fork_generation_number() getting executed before setting the sentinel
+     * flag. The write lock prevents any other thread from owning any other type
+     * of lock.
+     *
+     * pthread_atfork_on_fork() cannot return errors. Hence, there is no way to
+     * gracefully recover if [un]locking fails.
+     */
+    if (pthread_rwlock_wrlock(&fgn_state.fork_detection_rw_lock) != 0) {
+        printf("pthread_rwlock_wrlock() failed. Aborting.\n");
+        abort();
+    }
+
+    if (fgn_state.zero_on_fork_addr == NULL) {
+        printf("fgn_state.zero_on_fork_addr is NULL. Aborting.\n");
+        abort();
+    }
+    *fgn_state.zero_on_fork_addr = 0;
+
+    if (pthread_rwlock_unlock(&fgn_state.fork_detection_rw_lock) != 0) {
+        printf("pthread_rwlock_unlock() failed. Aborting.\n");
+        abort();
+    }
+}
+
+static S2N_RESULT s2n_inititalise_pthread_atfork(void)
+{
+    /* Register the fork handler pthread_atfork_on_fork that is excuted in the
+     * child process after a fork.
+     */
+    RESULT_ENSURE(pthread_atfork(NULL, NULL, s2n_pthread_atfork_on_fork) == 0, S2N_ERR_FORK_DETECTION_INIT);
+
+    return S2N_RESULT_OK;
+}
+
+static S2N_RESULT s2n_initialise_fork_detection_methods_try(void *addr, long page_size)
+{
+    RESULT_GUARD_PTR(addr);
+
+    /* Some systems don't define MADV_WIPEONFORK in sys/mman.h but the kernel
+     * still supports the mechanism (AL2 being a prime example). Likely because
+     * glibc on the system is old. We might be able to include kernel header
+     * files directly, that define MADV_WIPEONFORK, conditioning on specific
+     * OS's. But it is a mess. A more reliable method is to probe the system, at
+     * run-time, whether madvise supports the MADV_WIPEONFORK advice. However,
+     * the method to probe for this feature is equivalent to actually attempting
+     * to initialise the MADV_WIPEONFORK fork detection. Compare with
+     * probe_madv_wipeonfork_support() (used for testing).
+     *
+     * Instead, we apply best-effort to initialise the MADV_WIPEONFORK fork
+     * detection and otherwise always require pthread_atfork to be initialised.
+     * We also currently always apply prediction resistance. So, this should be
+     * a safe default.
+     */
+    if (ignore_wipeonfork_or_inherit_zero_method_for_testing == false) {
+        RESULT_GUARD(s2n_initialise_wipeonfork_best_effort(addr, page_size));
+    }
+
+    if (ignore_wipeonfork_or_inherit_zero_method_for_testing == false) {
+        RESULT_GUARD(s2n_initialise_inherit_zero(addr, page_size));
+    }
+
+    if (ignore_pthread_atfork_method_for_testing == false) {
+        RESULT_GUARD(s2n_inititalise_pthread_atfork());
+    }
+
+    fgn_state.zero_on_fork_addr = addr;
+    *fgn_state.zero_on_fork_addr = S2N_NO_FORK_EVENT;
+    fgn_state.is_fork_detection_enabled = true;
+
+    return S2N_RESULT_OK;
+}
+
+static S2N_RESULT s2n_setup_mapping(void **addr, long *page_size) {
+
+    *page_size = sysconf(_SC_PAGESIZE);
+    RESULT_ENSURE_GT(*page_size, 0);
+
+    *addr = mmap(NULL, (size_t) *page_size, PROT_READ | PROT_WRITE,
+                MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
+    RESULT_ENSURE_NE(*addr, MAP_FAILED);
+
+    return S2N_RESULT_OK;
+}
+
+static void s2n_initialise_fork_detection_methods(void)
+{
+    void *addr = MAP_FAILED;
+    long page_size = 0;
+
+    /* Only used to disable fork detection mechanisms during testing. */
+    if (ignore_wipeonfork_or_inherit_zero_method_for_testing == true &&
+        ignore_pthread_atfork_method_for_testing == true) {
+
+        ignore_fork_detection_for_testing = true;
+        return;
+    }
+
+    if (s2n_result_is_error(s2n_setup_mapping(&addr, &page_size)) == true) {
+        return;
+    }
+
+    /* Now we know that we have some memory mapped. Try to initialise fork
+     * detection methods. Unmap the memory if we fail for some reason.
+     */
+    if (s2n_result_is_error(s2n_initialise_fork_detection_methods_try(addr, page_size)) == true) {
+        /* No reason to verify return value of munmap() since we can't use that
+         * information for anything anyway. */
+        munmap(addr, (size_t) page_size);
+        addr = NULL;
+        fgn_state.zero_on_fork_addr = NULL;
+        fgn_state.is_fork_detection_enabled = false;
+    }
+}
+
+/* s2n_get_fork_generation_number returns S2N_RESULT_OK on success and
+ * S2N_RESULT_ERROR otherwise.
+ *
+ * On success, returns the current fork generation number in
+ * return_fork_generation_number. Caller must synchronise access to
+ * return_fork_generation_number.
+ */
+S2N_RESULT s2n_get_fork_generation_number(uint64_t *return_fork_generation_number)
+{
+    RESULT_ENSURE(pthread_once(&fgn_state.fork_detection_once, s2n_initialise_fork_detection_methods) == 0, S2N_ERR_FORK_DETECTION_INIT);
+
+    if (ignore_fork_detection_for_testing == true) {
+        /* Fork detection is meant to be disabled. Hence, return success.
+         * This should only happen during testing.
+         */
+        RESULT_ENSURE(s2n_in_unit_test(), S2N_ERR_NOT_IN_UNIT_TEST);
+        return S2N_RESULT_OK;
+    }
+
+    RESULT_ENSURE(fgn_state.is_fork_detection_enabled == true, S2N_ERR_FORK_DETECTION_INIT);
+
+    /* In most cases, we would not need to increment the fork generation number.
+     * So, it is cheaper, in the expected case, to take an optimistic read lock
+     * and later aquire a write lock if needed.
+     * Note that we set the returned fgn before checking for a fork event. We
+     * need to do this because thread execution might change between releasing
+     * the read lock and taking the write lock. In that time span, another
+     * thread can reset the fork event detection sentinel and we return from
+     * s2n_get_fork_generation_number() without setting the returned fgn
+     * appropriately.
+     */
+    RESULT_ENSURE(pthread_rwlock_rdlock(&fgn_state.fork_detection_rw_lock) == 0, S2N_ERR_RETRIEVE_FORK_GENERATION_NUMBER);
+    *return_fork_generation_number = fgn_state.current_fork_generation_number;
+    if (*fgn_state.zero_on_fork_addr != S2N_FORK_EVENT) {
+        /* No fork event detected. */
+        RESULT_ENSURE(pthread_rwlock_unlock(&fgn_state.fork_detection_rw_lock) == 0, S2N_ERR_RETRIEVE_FORK_GENERATION_NUMBER);
+        return S2N_RESULT_OK;
+    }
+    RESULT_ENSURE(pthread_rwlock_unlock(&fgn_state.fork_detection_rw_lock) == 0, S2N_ERR_RETRIEVE_FORK_GENERATION_NUMBER);
+
+    /* We are mutating the process-global, cached fork generation number. Need
+     * to acquire the write lock for that. Set returned fgn before checking the
+     * if condition with the same reasons as above.
+     */
+    RESULT_ENSURE(pthread_rwlock_wrlock(&fgn_state.fork_detection_rw_lock) == 0, S2N_ERR_RETRIEVE_FORK_GENERATION_NUMBER);
+    *return_fork_generation_number = fgn_state.current_fork_generation_number;
+    if (*fgn_state.zero_on_fork_addr == S2N_FORK_EVENT) {
+        /* Fork event has been detected; reset sentinel, increment cached fork
+         * generation number (which is now "current" in this child process), and
+         * write incremented fork generation number to the output parameter.
+         */
+        *fgn_state.zero_on_fork_addr = S2N_NO_FORK_EVENT;
+        fgn_state.current_fork_generation_number = fgn_state.current_fork_generation_number + 1;
+        *return_fork_generation_number = fgn_state.current_fork_generation_number;
+    }
+    RESULT_ENSURE(pthread_rwlock_unlock(&fgn_state.fork_detection_rw_lock) == 0, S2N_ERR_RETRIEVE_FORK_GENERATION_NUMBER);
+
+    return S2N_RESULT_OK;
+}
+
+static void s2n_cleanup_cb_munmap(void *probe_addr)
+{
+    munmap(probe_addr, (size_t) sysconf(_SC_PAGESIZE));
+}
+
+/* Run-time probe checking whether the system supports the MADV_WIPEONFORK fork
+ * detection mechanism.
+ */
+static S2N_RESULT s2n_probe_madv_wipeonfork_support(void) {
+
+    bool result = false;
+
+    /* It is not an error to call munmap on a range that does not contain any
+     * mapped pages.
+     */
+    DEFER_CLEANUP(void *probe_addr = MAP_FAILED, s2n_cleanup_cb_munmap);
+    long page_size = 0;
+
+    RESULT_GUARD(s2n_setup_mapping(&probe_addr, &page_size));
+
+#if defined(S2N_MADVISE_SUPPORTED)
+    /* Some versions of qemu (up to at least 5.0.0-rc4, see
+     * linux-user/syscall.c) ignore invalid advice arguments. Hence, we first
+     * verify that madvise() rejects advice arguments it doesn't know about.
+     */
+    RESULT_ENSURE_NE(madvise(probe_addr, (size_t) page_size, -1), 0);
+    RESULT_ENSURE_EQ(madvise(probe_addr, (size_t) page_size, MADV_WIPEONFORK), 0);
+
+    result = true;
+#endif
+
+    RESULT_ENSURE_EQ(result, true);
+
+    return S2N_RESULT_OK;
+}
+
+bool s2n_is_madv_wipeonfork_supported(void)
+{
+    return s2n_result_is_ok(s2n_probe_madv_wipeonfork_support());
+}
+
+bool s2n_is_map_inherit_zero_supported(void)
+{
+#if defined(S2N_MINHERIT_SUPPORTED) && defined(MAP_INHERIT_ZERO)
+    return true
+#else
+    return false;
+#endif
+}
+
+/* Use for testing only */
+S2N_RESULT s2n_ignore_wipeonfork_and_inherit_zero_for_testing(void) {
+    RESULT_ENSURE(s2n_in_unit_test(), S2N_ERR_NOT_IN_UNIT_TEST);
+
+    ignore_wipeonfork_or_inherit_zero_method_for_testing = true;
+
+    return S2N_RESULT_OK;
+}
+
+S2N_RESULT s2n_ignore_pthread_atfork_for_testing(void) {
+    RESULT_ENSURE(s2n_in_unit_test(), S2N_ERR_NOT_IN_UNIT_TEST);
+
+    ignore_pthread_atfork_method_for_testing = true;
+
+    return S2N_RESULT_OK;
+}
+

data/aws-crt-ffi/crt/s2n/utils/s2n_fork_detection.h

@@ -0,0 +1,28 @@
+/*
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License").
+ * You may not use this file except in compliance with the License.
+ * A copy of the License is located at
+ *
+ *  http://aws.amazon.com/apache2.0
+ *
+ * or in the "license" file accompanying this file. This file is distributed
+ * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
+ * express or implied. See the License for the specific language governing
+ * permissions and limitations under the License.
+ */
+
+#pragma once
+
+#include <stdint.h>
+
+#include "utils/s2n_result.h"
+
+S2N_RESULT s2n_get_fork_generation_number(uint64_t *return_fork_generation_number);
+bool s2n_is_madv_wipeonfork_supported(void);
+bool s2n_is_map_inherit_zero_supported(void);
+
+/* Use for testing only */
+S2N_RESULT s2n_ignore_wipeonfork_and_inherit_zero_for_testing(void);
+S2N_RESULT s2n_ignore_pthread_atfork_for_testing(void);

data/aws-crt-ffi/crt/s2n/utils/s2n_safety_macros.h

@@ -128,10 +128,10 @@
  * Ensures the `result` is `S2N_RESULT_OK`, otherwise the function will return an error signal
  *
  * `RESULT_PRECONDITION` should be used at the beginning of a function to make assertions about
- * the provided arguments. By default, it is functionally equivalent to `RESULT_GUARD_RESULT(result)`
+ * the provided arguments. By default, it is functionally equivalent to `RESULT_GUARD(result)`
  * but can be altered by a testing environment to provide additional guarantees.
  */
-#define RESULT_PRECONDITION(result)                            RESULT_GUARD_RESULT(__S2N_ENSURE_PRECONDITION((result)))
+#define RESULT_PRECONDITION(result)                            RESULT_GUARD(__S2N_ENSURE_PRECONDITION((result)))
 
 /**
  * Ensures the `result` is `S2N_RESULT_OK`, otherwise the function will return an error signal
@@ -140,11 +140,11 @@
  *       In release mode, the check is removed.
  *
  * `RESULT_POSTCONDITION` should be used at the end of a function to make assertions about
- * the resulting state. In debug mode, it is functionally equivalent to `RESULT_GUARD_RESULT(result)`.
+ * the resulting state. In debug mode, it is functionally equivalent to `RESULT_GUARD(result)`.
  * In production builds, it becomes a no-op. This can also be altered by a testing environment
  * to provide additional guarantees.
  */
-#define RESULT_POSTCONDITION(result)                           RESULT_GUARD_RESULT(__S2N_ENSURE_POSTCONDITION((result)))
+#define RESULT_POSTCONDITION(result)                           RESULT_GUARD(__S2N_ENSURE_POSTCONDITION((result)))
 
 /**
  * Performs a safer memcpy.
@@ -185,11 +185,6 @@
  */
 #define RESULT_GUARD_OSSL(result, error)                       __S2N_ENSURE((result) == _OSSL_SUCCESS, RESULT_BAIL(error))
 
-/**
- * Ensures `s2n_result_is_ok(result)`, otherwise the function will return `S2N_RESULT_ERROR`
- */
-#define RESULT_GUARD_RESULT(result)                            __S2N_ENSURE(s2n_result_is_ok(result), return S2N_RESULT_ERROR)
-
 /**
  * Ensures `(result) >= S2N_SUCCESS`, otherwise the function will return `S2N_RESULT_ERROR`
  */
@@ -393,16 +388,15 @@
 #define POSIX_GUARD_OSSL(result, error)                       __S2N_ENSURE((result) == _OSSL_SUCCESS, POSIX_BAIL(error))
 
 /**
+ * DEPRECATED: all methods (except those in s2n.h) should return s2n_result.
+ *
  * Ensures `s2n_result_is_ok(result)`, otherwise the function will return `S2N_FAILURE`
  */
 #define POSIX_GUARD_RESULT(result)                            __S2N_ENSURE(s2n_result_is_ok(result), return S2N_FAILURE)
 
 /**
- * Ensures `(result) >= S2N_SUCCESS`, otherwise the function will return `S2N_FAILURE`
- */
-#define POSIX_GUARD_POSIX(result)                             __S2N_ENSURE((result) >= S2N_SUCCESS, return S2N_FAILURE)
-
-/**
+ * DEPRECATED: all methods (except those in s2n.h) should return s2n_result.
+ *
  * Ensures `(result) != NULL`, otherwise the function will return `S2N_FAILURE`
  *
  * Does not set s2n_errno to S2N_ERR_NULL, so is NOT a direct replacement for POSIX_ENSURE_REF.
@@ -567,7 +561,7 @@
  * * The size of the data pointed to by both the `destination` and `source` parameters,
  *   shall be at least `len` bytes.
  */
-#define PTR_CHECKED_MEMCPY(destination, source, len)          __S2N_ENSURE_SAFE_MEMCPY((destination), (source), (len), PTR_GUARD_PTR)
+#define PTR_CHECKED_MEMCPY(destination, source, len)          __S2N_ENSURE_SAFE_MEMCPY((destination), (source), (len), PTR_GUARD)
 
 /**
  * DEPRECATED: all methods (except those in s2n.h) should return s2n_result.
@@ -600,19 +594,16 @@
 #define PTR_GUARD_OSSL(result, error)                         __S2N_ENSURE((result) == _OSSL_SUCCESS, PTR_BAIL(error))
 
 /**
+ * DEPRECATED: all methods (except those in s2n.h) should return s2n_result.
+ *
  * Ensures `s2n_result_is_ok(result)`, otherwise the function will return `NULL`
  */
 #define PTR_GUARD_RESULT(result)                              __S2N_ENSURE(s2n_result_is_ok(result), return NULL)
 
 /**
+ * DEPRECATED: all methods (except those in s2n.h) should return s2n_result.
+ *
  * Ensures `(result) >= S2N_SUCCESS`, otherwise the function will return `NULL`
  */
 #define PTR_GUARD_POSIX(result)                               __S2N_ENSURE((result) >= S2N_SUCCESS, return NULL)
 
-/**
- * Ensures `(result) != NULL`, otherwise the function will return `NULL`
- *
- * Does not set s2n_errno to S2N_ERR_NULL, so is NOT a direct replacement for PTR_ENSURE_REF.
- */
-#define PTR_GUARD_PTR(result)                                 __S2N_ENSURE((result) != NULL, return NULL)
-