aws-crt 0.1.5 → 0.1.6

data/aws-crt-ffi/crt/aws-c-auth/tests/sigv4_signing_tests.c

@@ -6,7 +6,6 @@
 #include <aws/testing/aws_test_harness.h>
 
 #include <aws/auth/credentials.h>
-#include <aws/auth/external/cJSON.h>
 #include <aws/auth/private/aws_signing.h>
 #include <aws/auth/signable.h>
 #include <aws/auth/signing.h>
@@ -15,6 +14,7 @@
 #include <aws/common/condition_variable.h>
 #include <aws/common/encoding.h>
 #include <aws/common/environment.h>
+#include <aws/common/json.h>
 #include <aws/common/string.h>
 #include <aws/http/request_response.h>
 #include <aws/io/file_utils.h>
@@ -270,7 +270,7 @@ AWS_STATIC_STRING_FROM_LITERAL(s_omit_token_name, "omit_session_token");
 
 static int s_v4_test_context_parse_context_file(struct v4_test_context *context) {
     struct aws_byte_buf *document = &context->test_case_data.context;
-    cJSON *document_root = NULL;
+    struct aws_json_value *document_root = NULL;
     int result = AWS_OP_ERR;
 
     struct aws_byte_cursor null_terminator_cursor = aws_byte_cursor_from_string(s_empty_empty_string);
@@ -278,38 +278,42 @@ static int s_v4_test_context_parse_context_file(struct v4_test_context *context)
         goto done;
     }
 
-    document_root = cJSON_Parse((const char *)document->buffer);
+    struct aws_byte_cursor document_buffer_cursor = aws_byte_cursor_from_buf(document);
+    document_root = aws_json_value_new_from_string(aws_default_allocator(), document_buffer_cursor);
     if (document_root == NULL) {
         goto done;
     }
 
-    cJSON *credentials_node = cJSON_GetObjectItemCaseSensitive(document_root, aws_string_c_str(s_credentials_name));
+    struct aws_json_value *credentials_node =
+        aws_json_value_get_from_object(document_root, aws_byte_cursor_from_string(s_credentials_name));
     AWS_FATAL_ASSERT(credentials_node != NULL);
 
     /*
      * Pull out the three credentials components
      */
-    cJSON *access_key_id = cJSON_GetObjectItemCaseSensitive(credentials_node, aws_string_c_str(s_access_key_id_name));
-    cJSON *secret_access_key =
-        cJSON_GetObjectItemCaseSensitive(credentials_node, aws_string_c_str(s_secret_access_key_name));
-    cJSON *session_token = cJSON_GetObjectItemCaseSensitive(credentials_node, aws_string_c_str(s_session_token_name));
-
-    if (!cJSON_IsString(access_key_id) || (access_key_id->valuestring == NULL)) {
+    struct aws_json_value *access_key_id =
+        aws_json_value_get_from_object(credentials_node, aws_byte_cursor_from_string(s_access_key_id_name));
+    struct aws_json_value *secret_access_key =
+        aws_json_value_get_from_object(credentials_node, aws_byte_cursor_from_string(s_secret_access_key_name));
+    struct aws_json_value *session_token =
+        aws_json_value_get_from_object(credentials_node, aws_byte_cursor_from_string(s_session_token_name));
+
+    struct aws_byte_cursor access_key_id_cursor;
+    if (!aws_json_value_is_string(access_key_id) ||
+        aws_json_value_get_string(access_key_id, &access_key_id_cursor) == AWS_OP_ERR) {
         goto done;
     }
 
-    struct aws_byte_cursor access_key_id_cursor = aws_byte_cursor_from_c_str(access_key_id->valuestring);
     struct aws_byte_cursor secret_access_key_cursor;
     AWS_ZERO_STRUCT(secret_access_key_cursor);
     struct aws_byte_cursor session_token_cursor;
     AWS_ZERO_STRUCT(session_token_cursor);
 
-    if (cJSON_IsString(session_token) && session_token->valuestring != NULL) {
-        session_token_cursor = aws_byte_cursor_from_c_str(session_token->valuestring);
+    if (aws_json_value_is_string(session_token)) {
+        aws_json_value_get_string(session_token, &session_token_cursor);
     }
-
-    if (cJSON_IsString(secret_access_key) && secret_access_key->valuestring != NULL) {
-        secret_access_key_cursor = aws_byte_cursor_from_c_str(secret_access_key->valuestring);
+    if (aws_json_value_is_string(secret_access_key)) {
+        aws_json_value_get_string(secret_access_key, &secret_access_key_cursor);
     }
 
     if (context->signing_key == NULL) {
@@ -326,60 +330,75 @@ static int s_v4_test_context_parse_context_file(struct v4_test_context *context)
 
     AWS_FATAL_ASSERT(context->credentials != NULL);
 
-    cJSON *region_node = cJSON_GetObjectItemCaseSensitive(document_root, aws_string_c_str(s_region_name));
-    if (region_node == NULL || !cJSON_IsString(region_node) || (region_node->valuestring == NULL)) {
+    struct aws_json_value *region_node =
+        aws_json_value_get_from_object(document_root, aws_byte_cursor_from_string(s_region_name));
+    struct aws_byte_cursor region_node_cursor;
+    if (region_node == NULL || !aws_json_value_is_string(region_node) ||
+        aws_json_value_get_string(region_node, &region_node_cursor) == AWS_OP_ERR) {
         goto done;
     }
 
-    context->region_config = aws_string_new_from_c_str(context->allocator, region_node->valuestring);
+    context->region_config = aws_string_new_from_cursor(context->allocator, &region_node_cursor);
     if (context->region_config == NULL) {
         goto done;
     }
 
-    cJSON *service_node = cJSON_GetObjectItemCaseSensitive(document_root, aws_string_c_str(s_service_name));
-    if (service_node == NULL || !cJSON_IsString(service_node) || (service_node->valuestring == NULL)) {
+    struct aws_json_value *service_node =
+        aws_json_value_get_from_object(document_root, aws_byte_cursor_from_string(s_service_name));
+    struct aws_byte_cursor service_node_cursor;
+    if (service_node == NULL || !aws_json_value_is_string(service_node) ||
+        aws_json_value_get_string(service_node, &service_node_cursor) == AWS_OP_ERR) {
         goto done;
     }
 
-    context->service = aws_string_new_from_c_str(context->allocator, service_node->valuestring);
+    context->service = aws_string_new_from_cursor(context->allocator, &service_node_cursor);
     if (context->service == NULL) {
         goto done;
     }
 
-    cJSON *timestamp_node = cJSON_GetObjectItemCaseSensitive(document_root, aws_string_c_str(s_timestamp_name));
-    if (timestamp_node == NULL || !cJSON_IsString(timestamp_node) || (timestamp_node->valuestring == NULL)) {
+    struct aws_json_value *timestamp_node =
+        aws_json_value_get_from_object(document_root, aws_byte_cursor_from_string(s_timestamp_name));
+    struct aws_byte_cursor timestamp_node_cursor;
+    if (timestamp_node == NULL || !aws_json_value_is_string(timestamp_node) ||
+        aws_json_value_get_string(timestamp_node, &timestamp_node_cursor) == AWS_OP_ERR) {
         goto done;
     }
 
-    context->timestamp = aws_string_new_from_c_str(context->allocator, timestamp_node->valuestring);
+    context->timestamp = aws_string_new_from_cursor(context->allocator, &timestamp_node_cursor);
     if (context->timestamp == NULL) {
         goto done;
     }
 
-    cJSON *normalize_node = cJSON_GetObjectItemCaseSensitive(document_root, aws_string_c_str(s_normalize_name));
-    if (normalize_node == NULL || !cJSON_IsBool(normalize_node)) {
+    struct aws_json_value *normalize_node =
+        aws_json_value_get_from_object(document_root, aws_byte_cursor_from_string(s_normalize_name));
+    if (normalize_node == NULL || !aws_json_value_is_boolean(normalize_node)) {
         goto done;
     }
 
-    context->should_normalize = cJSON_IsTrue(normalize_node);
+    aws_json_value_get_boolean(normalize_node, &context->should_normalize);
 
-    cJSON *body_node = cJSON_GetObjectItemCaseSensitive(document_root, aws_string_c_str(s_body_name));
-    if (body_node == NULL || !cJSON_IsBool(body_node)) {
+    struct aws_json_value *body_node =
+        aws_json_value_get_from_object(document_root, aws_byte_cursor_from_string(s_body_name));
+    if (body_node == NULL || !aws_json_value_is_boolean(body_node)) {
         goto done;
     }
 
-    context->should_sign_body = cJSON_IsTrue(body_node);
+    aws_json_value_get_boolean(body_node, &context->should_sign_body);
 
-    cJSON *expiration_node = cJSON_GetObjectItemCaseSensitive(document_root, aws_string_c_str(s_expiration_name));
-    if (expiration_node == NULL || !cJSON_IsNumber(expiration_node)) {
+    struct aws_json_value *expiration_node =
+        aws_json_value_get_from_object(document_root, aws_byte_cursor_from_string(s_expiration_name));
+    if (expiration_node == NULL || !aws_json_value_is_number(expiration_node)) {
         goto done;
     }
 
-    context->expiration_in_seconds = expiration_node->valueint;
+    double expiration_in_seconds_double = 0;
+    aws_json_value_get_number(expiration_node, &expiration_in_seconds_double);
+    context->expiration_in_seconds = (uint64_t)expiration_in_seconds_double;
 
-    cJSON *omit_token_node = cJSON_GetObjectItemCaseSensitive(document_root, aws_string_c_str(s_omit_token_name));
-    if (omit_token_node != NULL && cJSON_IsBool(omit_token_node)) {
-        context->omit_session_token = cJSON_IsTrue(omit_token_node);
+    struct aws_json_value *omit_token_node =
+        aws_json_value_get_from_object(document_root, aws_byte_cursor_from_string(s_omit_token_name));
+    if (omit_token_node != NULL && aws_json_value_is_boolean(omit_token_node)) {
+        aws_json_value_get_boolean(omit_token_node, &context->omit_session_token);
     }
 
     result = AWS_OP_SUCCESS;
@@ -387,7 +406,7 @@ static int s_v4_test_context_parse_context_file(struct v4_test_context *context)
 done:
 
     if (document_root != NULL) {
-        cJSON_Delete(document_root);
+        aws_json_value_destroy(document_root);
     }
 
     return result;
@@ -601,7 +620,7 @@ static int s_v4_test_context_parse_verification_key(struct v4_test_context *cont
     AWS_ZERO_STRUCT(pub_y_buffer);
 
     struct aws_byte_buf *document = &context->test_case_data.public_key;
-    cJSON *document_root = NULL;
+    struct aws_json_value *document_root = NULL;
     int result = AWS_OP_ERR;
 
     struct aws_byte_cursor null_terminator_cursor = aws_byte_cursor_from_string(s_empty_empty_string);
@@ -609,7 +628,8 @@ static int s_v4_test_context_parse_verification_key(struct v4_test_context *cont
         goto done;
     }
 
-    document_root = cJSON_Parse((const char *)document->buffer);
+    struct aws_byte_cursor document_cursor = aws_byte_cursor_from_buf(document);
+    document_root = aws_json_value_new_from_string(aws_default_allocator(), document_cursor);
     if (document_root == NULL) {
         goto done;
     }
@@ -617,14 +637,16 @@ static int s_v4_test_context_parse_verification_key(struct v4_test_context *cont
     /*
      * Pull out the three credentials components
      */
-    cJSON *pub_x = cJSON_GetObjectItemCaseSensitive(document_root, "X");
-    cJSON *pub_y = cJSON_GetObjectItemCaseSensitive(document_root, "Y");
-    if (!cJSON_IsString(pub_x) || !cJSON_IsString(pub_y)) {
+    struct aws_json_value *pub_x = aws_json_value_get_from_object(document_root, aws_byte_cursor_from_c_str("X"));
+    struct aws_json_value *pub_y = aws_json_value_get_from_object(document_root, aws_byte_cursor_from_c_str("Y"));
+    if (!aws_json_value_is_string(pub_x) || !aws_json_value_is_string(pub_y)) {
         goto done;
     }
 
-    struct aws_byte_cursor pub_x_hex_cursor = aws_byte_cursor_from_c_str(pub_x->valuestring);
-    struct aws_byte_cursor pub_y_hex_cursor = aws_byte_cursor_from_c_str(pub_y->valuestring);
+    struct aws_byte_cursor pub_x_hex_cursor;
+    struct aws_byte_cursor pub_y_hex_cursor;
+    aws_json_value_get_string(pub_x, &pub_x_hex_cursor);
+    aws_json_value_get_string(pub_y, &pub_y_hex_cursor);
 
     size_t pub_x_length = 0;
     size_t pub_y_length = 0;
@@ -655,7 +677,7 @@ static int s_v4_test_context_parse_verification_key(struct v4_test_context *cont
 done:
 
     if (document_root) {
-        cJSON_Delete(document_root);
+        aws_json_value_destroy(document_root);
     }
 
     aws_byte_buf_clean_up(&pub_x_buffer);

data/aws-crt-ffi/crt/aws-c-cal/CMakeLists.txt

@@ -98,9 +98,14 @@ else ()
             endif()
             set(PLATFORM_LIBS crypto dl)
         else()
-            find_package(crypto REQUIRED)
-            message(STATUS "Using libcrypto from cmake path")
-            set(PLATFORM_LIBS AWS::crypto dl)
+            #  note aws_use_package() does this for you, except it appends to the public link targets
+            # which we probably don't want for this case where we want the crypto dependency private
+            if (IN_SOURCE_BUILD)
+                set(PLATFORM_LIBS crypto dl)
+            else()
+                find_package(crypto REQUIRED)
+                set(PLATFORM_LIBS AWS::crypto dl)
+            endif()
         endif()
     endif()
 endif()

data/aws-crt-ffi/crt/aws-c-cal/bin/run_x_platform_fuzz_corpus/main.c

@@ -146,6 +146,8 @@ int main(int argc, char *argv[]) {
 
                 aws_directory_entry_iterator_destroy(potential_corpus_dir);
             }
+
+            aws_string_destroy(potential_corpus_path);
         }
 
         if (corpus_file) {
@@ -224,10 +226,15 @@ int main(int argc, char *argv[]) {
                 (int)signatures_processed);
 
             aws_byte_buf_clean_up(&hex_decoded_buf);
+            aws_byte_buf_clean_up(&to_hash);
+            aws_byte_buf_clean_up(&signed_value);
+
             fclose(corpus_input_file);
             aws_string_destroy(mode);
         }
 
+        aws_string_destroy(corpus_file);
+
         if (aws_directory_entry_iterator_next(dir_iter)) {
             break;
         }
@@ -237,6 +244,8 @@ int main(int argc, char *argv[]) {
     aws_directory_entry_iterator_destroy(dir_iter);
     aws_string_destroy(scan_path_str);
 
+    aws_byte_buf_clean_up(&scan_path);
+
     aws_ecc_key_pair_release(verifying_key);
 
     aws_cal_library_clean_up();

data/aws-crt-ffi/crt/aws-c-cal/builder.json

@@ -7,12 +7,18 @@
     "targets": {
         "linux": {
             "upstream": [
-                { "name": "aws-lc" }
+                { 
+                    "name": "aws-lc",
+                    "revision": "v1.0.2"
+                }
             ]
         },
         "android": {
             "upstream": [
-                { "name": "aws-lc" }
+                { 
+                    "name": "aws-lc", 
+                    "revision": "v1.0.2"
+                }
             ]
         }
     },
@@ -38,6 +44,8 @@
         "test",
         [
             "{install_dir}/bin/sha256_profile"
-        ]
+        ],
+        "{install_dir}/bin/run_x_platform_fuzz_corpus --corpus-path {source_dir}/ecdsa-fuzz-corpus"
+
     ]
 }

data/aws-crt-ffi/crt/aws-c-cal/cmake/aws-c-cal-config.cmake

@@ -2,14 +2,23 @@ include(CMakeFindDependencyMacro)
 
 find_dependency(aws-c-common)
 
-if (NOT BYO_CRYPTO AND NOT WIN32 AND NOT APPLE)
-    list(APPEND CMAKE_MODULE_PATH "${CMAKE_CURRENT_LIST_DIR}/modules")
-    find_dependency(crypto)
-endif()
-
 if (BUILD_SHARED_LIBS)
     include(${CMAKE_CURRENT_LIST_DIR}/shared/@PROJECT_NAME@-targets.cmake)
 else()
     include(${CMAKE_CURRENT_LIST_DIR}/static/@PROJECT_NAME@-targets.cmake)
 endif()
 
+if (NOT BYO_CRYPTO AND NOT WIN32 AND NOT APPLE)
+    get_target_property(AWS_C_CAL_DEPS AWS::aws-c-cal INTERFACE_LINK_LIBRARIES)
+    # pre-cmake 3.3 IN_LIST search approach
+    list (FIND AWS_C_CAL_DEPS "OpenSSL::Crypto" _index)
+    if (${_index} GREATER -1) # if USE_OPENSSL AND NOT ANDROID
+        # aws-c-cal has been built with a dependency on OpenSSL::Crypto,
+        # therefore consumers of this library have a dependency on OpenSSL and must have it found
+        find_dependency(OpenSSL REQUIRED)
+        find_dependency(Threads REQUIRED)
+    else()
+        list(APPEND CMAKE_MODULE_PATH "${CMAKE_CURRENT_LIST_DIR}/modules")
+        find_dependency(crypto)
+    endif()
+endif()

data/aws-crt-ffi/crt/aws-c-cal/source/darwin/securityframework_ecc.c

@@ -189,15 +189,15 @@ static struct commoncrypto_ecc_key_pair *s_alloc_pair_and_init_buffers(
     }
 
     if (pub_x.ptr) {
-        cc_key_pair->key_pair.pub_x.buffer = cc_key_pair->key_pair.key_buf.buffer + 1;
-        cc_key_pair->key_pair.pub_x.len = s_key_coordinate_size;
+        cc_key_pair->key_pair.pub_x =
+            aws_byte_buf_from_array(cc_key_pair->key_pair.key_buf.buffer + 1, s_key_coordinate_size);
 
-        cc_key_pair->key_pair.pub_y.buffer = cc_key_pair->key_pair.pub_x.buffer + s_key_coordinate_size;
-        cc_key_pair->key_pair.pub_y.len = s_key_coordinate_size;
+        cc_key_pair->key_pair.pub_y =
+            aws_byte_buf_from_array(cc_key_pair->key_pair.pub_x.buffer + s_key_coordinate_size, s_key_coordinate_size);
     }
 
-    cc_key_pair->key_pair.priv_d.buffer = cc_key_pair->key_pair.key_buf.buffer + 1 + (s_key_coordinate_size * 2);
-    cc_key_pair->key_pair.priv_d.len = s_key_coordinate_size;
+    cc_key_pair->key_pair.priv_d = aws_byte_buf_from_array(
+        cc_key_pair->key_pair.key_buf.buffer + 1 + (s_key_coordinate_size * 2), s_key_coordinate_size);
     cc_key_pair->key_pair.vtable = &s_key_pair_vtable;
     cc_key_pair->key_pair.curve_name = curve_name;
 

data/aws-crt-ffi/crt/aws-c-cal/source/windows/bcrypt_ecc.c

@@ -333,14 +333,14 @@ static struct aws_ecc_key_pair *s_alloc_pair_and_init_buffers(
         aws_byte_buf_append(&key_impl->key_pair.key_buf, &priv_key);
     }
 
-    key_impl->key_pair.pub_x.buffer = key_impl->key_pair.key_buf.buffer + sizeof(key_blob);
-    key_impl->key_pair.pub_x.len = key_impl->key_pair.pub_x.capacity = s_key_coordinate_size;
+    key_impl->key_pair.pub_x =
+        aws_byte_buf_from_array(key_impl->key_pair.key_buf.buffer + sizeof(key_blob), s_key_coordinate_size);
 
-    key_impl->key_pair.pub_y.buffer = key_impl->key_pair.pub_x.buffer + s_key_coordinate_size;
-    key_impl->key_pair.pub_y.len = key_impl->key_pair.pub_y.capacity = s_key_coordinate_size;
+    key_impl->key_pair.pub_y =
+        aws_byte_buf_from_array(key_impl->key_pair.pub_x.buffer + s_key_coordinate_size, s_key_coordinate_size);
 
-    key_impl->key_pair.priv_d.buffer = key_impl->key_pair.pub_y.buffer + s_key_coordinate_size;
-    key_impl->key_pair.priv_d.len = key_impl->key_pair.priv_d.capacity = s_key_coordinate_size;
+    key_impl->key_pair.priv_d =
+        aws_byte_buf_from_array(key_impl->key_pair.pub_y.buffer + s_key_coordinate_size, s_key_coordinate_size);
 
     BCRYPT_ALG_HANDLE alg_handle = s_key_alg_handle_from_curve_name(curve_name);
     NTSTATUS status = BCryptImportKeyPair(
@@ -434,14 +434,14 @@ struct aws_ecc_key_pair *aws_ecc_key_pair_new_generate_random(
 
     aws_byte_buf_secure_zero(&key_impl->key_pair.key_buf);
 
-    key_impl->key_pair.pub_x.buffer = key_impl->key_pair.key_buf.buffer + sizeof(BCRYPT_ECCKEY_BLOB);
-    key_impl->key_pair.pub_x.len = key_impl->key_pair.pub_x.capacity = key_coordinate_size;
+    key_impl->key_pair.pub_x =
+        aws_byte_buf_from_array(key_impl->key_pair.key_buf.buffer + sizeof(BCRYPT_ECCKEY_BLOB), key_coordinate_size);
 
-    key_impl->key_pair.pub_y.buffer = key_impl->key_pair.pub_x.buffer + key_coordinate_size;
-    key_impl->key_pair.pub_y.len = key_impl->key_pair.pub_y.capacity = key_coordinate_size;
+    key_impl->key_pair.pub_y =
+        aws_byte_buf_from_array(key_impl->key_pair.pub_x.buffer + key_coordinate_size, key_coordinate_size);
 
-    key_impl->key_pair.priv_d.buffer = key_impl->key_pair.pub_y.buffer + key_coordinate_size;
-    key_impl->key_pair.priv_d.len = key_impl->key_pair.priv_d.capacity = key_coordinate_size;
+    key_impl->key_pair.priv_d =
+        aws_byte_buf_from_array(key_impl->key_pair.pub_y.buffer + key_coordinate_size, key_coordinate_size);
 
     if (s_derive_public_key(&key_impl->key_pair)) {
         goto error;

data/aws-crt-ffi/crt/aws-c-cal/tests/test_case_helper.h

@@ -16,11 +16,11 @@ static inline int s_verify_hmac_test_case(
     aws_cal_library_init(allocator);
 
     /* test all possible segmentation lengths from 1 byte at a time to the entire
-     * input. */
-    for (size_t i = 1; i < input->len; ++i) {
+     * input. Using a do-while so that we still do 1 pass on 0-length input */
+    size_t advance_i = 1;
+    do {
         uint8_t output[128] = {0};
-        struct aws_byte_buf output_buf = aws_byte_buf_from_array(output, expected->len);
-        output_buf.len = 0;
+        struct aws_byte_buf output_buf = aws_byte_buf_from_empty_array(output, AWS_ARRAY_SIZE(output));
 
         struct aws_hmac *hmac = new_fn(allocator, secret);
         ASSERT_NOT_NULL(hmac);
@@ -28,19 +28,19 @@ static inline int s_verify_hmac_test_case(
         struct aws_byte_cursor input_cpy = *input;
 
         while (input_cpy.len) {
-            size_t max_advance = input_cpy.len > i ? i : input_cpy.len;
+            size_t max_advance = aws_min_size(input_cpy.len, advance_i);
             struct aws_byte_cursor segment = aws_byte_cursor_from_array(input_cpy.ptr, max_advance);
             ASSERT_SUCCESS(aws_hmac_update(hmac, &segment));
             aws_byte_cursor_advance(&input_cpy, max_advance);
         }
 
-        size_t truncation_size = hmac->digest_size - expected->len;
+        size_t truncation_size = expected->len;
 
         ASSERT_SUCCESS(aws_hmac_finalize(hmac, &output_buf, truncation_size));
         ASSERT_BIN_ARRAYS_EQUALS(expected->ptr, expected->len, output_buf.buffer, output_buf.len);
 
         aws_hmac_destroy(hmac);
-    }
+    } while (++advance_i <= input->len);
 
     aws_cal_library_clean_up();
 
@@ -56,11 +56,11 @@ static inline int s_verify_hash_test_case(
     aws_cal_library_init(allocator);
 
     /* test all possible segmentation lengths from 1 byte at a time to the entire
-     * input. */
-    for (size_t i = 1; i < input->len; ++i) {
+     * input. Using a do-while so that we still do 1 pass on 0-length input */
+    size_t advance_i = 1;
+    do {
         uint8_t output[128] = {0};
-        struct aws_byte_buf output_buf = aws_byte_buf_from_array(output, expected->len);
-        output_buf.len = 0;
+        struct aws_byte_buf output_buf = aws_byte_buf_from_empty_array(output, AWS_ARRAY_SIZE(output));
 
         struct aws_hash *hash = new_fn(allocator);
         ASSERT_NOT_NULL(hash);
@@ -68,19 +68,19 @@ static inline int s_verify_hash_test_case(
         struct aws_byte_cursor input_cpy = *input;
 
         while (input_cpy.len) {
-            size_t max_advance = input_cpy.len > i ? i : input_cpy.len;
+            size_t max_advance = aws_min_size(input_cpy.len, advance_i);
             struct aws_byte_cursor segment = aws_byte_cursor_from_array(input_cpy.ptr, max_advance);
             ASSERT_SUCCESS(aws_hash_update(hash, &segment));
             aws_byte_cursor_advance(&input_cpy, max_advance);
         }
 
-        size_t truncation_size = hash->digest_size - expected->len;
+        size_t truncation_size = expected->len;
 
         ASSERT_SUCCESS(aws_hash_finalize(hash, &output_buf, truncation_size));
         ASSERT_BIN_ARRAYS_EQUALS(expected->ptr, expected->len, output_buf.buffer, output_buf.len);
 
         aws_hash_destroy(hash);
-    }
+    } while (++advance_i <= input->len);
 
     aws_cal_library_clean_up();
 

data/aws-crt-ffi/crt/aws-c-common/CMakeLists.txt

@@ -37,6 +37,9 @@ file(GLOB AWS_COMMON_HEADERS
         "include/aws/common/*.inl"
         )
 
+file (GLOB AWS_COMMON_EXTERNAL_HEADERS
+        "include/aws/common/external/*.h")
+
 file(GLOB AWS_TEST_HEADERS
         "include/aws/testing/*.h"
         )
@@ -50,6 +53,9 @@ file(GLOB AWS_COMMON_SRC
         "source/*.c"
         )
 
+file (GLOB AWS_COMMON_EXTERNAL_SRC
+        "source/external/*.c")
+
 option(AWS_NUM_CPU_CORES "Number of CPU cores of the target machine. Useful when cross-compiling." 0)
 
 if (WIN32)
@@ -85,13 +91,23 @@ else ()
 
     if (UNIX OR APPLE)
         find_package(Threads REQUIRED)
-    endif ()
+
+        if (NOT ANDROID AND NOT CMAKE_THREAD_LIBS_INIT)
+            check_symbol_exists(pthread_mutexattr_init "<pthread.h>" HAVE_PTHREAD_MUTEXATTR_INIT)
+            if (NOT HAVE_PTHREAD_MUTEXATTR_INIT)
+                # fsanitize=... results in GLIBC library to provide some pthread APIs but not all
+                list(APPEND PLATFORM_LIBS pthread)
+            endif()
+        endif()
+    endif()
 
     if (APPLE)
         # Don't add the exact path to CoreFoundation as this would hardcode the SDK version
         list(APPEND PLATFORM_LIBS dl Threads::Threads "-framework CoreFoundation")
+        list (APPEND AWS_COMMON_OS_SRC "source/darwin/*.c") # OS specific includes
     elseif (${CMAKE_SYSTEM_NAME} STREQUAL "Linux") # Android does not link to libpthread nor librt, so this is fine
         list(APPEND PLATFORM_LIBS dl m Threads::Threads rt)
+        list (APPEND AWS_COMMON_OS_SRC "source/linux/*.c") # OS specific includes
     elseif(CMAKE_SYSTEM_NAME STREQUAL "FreeBSD")
         list(APPEND PLATFORM_LIBS dl m thr execinfo)
     elseif(CMAKE_SYSTEM_NAME STREQUAL "NetBSD")
@@ -142,6 +158,7 @@ file(GLOB COMMON_HEADERS
         ${AWS_COMMON_HEADERS}
         ${AWS_COMMON_OS_HEADERS}
         ${AWS_COMMON_PRIV_HEADERS}
+        ${AWS_COMMON_EXTERNAL_HEADERS}
         ${AWS_TEST_HEADERS}
         )
 
@@ -149,6 +166,7 @@ file(GLOB COMMON_SRC
         ${AWS_COMMON_SRC}
         ${AWS_COMMON_OS_SRC}
         ${AWS_COMMON_ARCH_SRC}
+        ${AWS_COMMON_EXTERNAL_SRC}
         )
 
 
@@ -187,6 +205,8 @@ target_include_directories(${PROJECT_NAME} PUBLIC
 target_include_directories(${PROJECT_NAME} PUBLIC
         $<BUILD_INTERFACE:${GENERATED_INCLUDE_DIR}>)
 
+target_compile_definitions(${PROJECT_NAME} PRIVATE -DCJSON_HIDE_SYMBOLS)
+
 # Enable SIMD encoder if the compiler supports the right features
 simd_add_definitions(${PROJECT_NAME})
 

data/aws-crt-ffi/crt/aws-c-common/README.md

@@ -253,3 +253,11 @@ Not:
         AWS_LOGF_ERROR(AWS_LS_SOME_SUBJECT, "Invalid options - something is null");
         return aws_raise_error(AWS_ERROR_INVALID_ARGUMENT);
     }
+
+## CBMC
+
+To learn more about CBMC and proofs specifically, review the training material [here](https://model-checking.github.io/cbmc-training).
+
+The `verification/cbmc/proofs` directory contains CBMC proofs.
+
+In order to run these proofs you will need to install CBMC and other tools by following the instructions [here](https://model-checking.github.io/cbmc-training/installation.html).

data/aws-crt-ffi/crt/aws-c-common/cmake/AwsCFlags.cmake

@@ -120,11 +120,26 @@ function(aws_set_common_properties target)
             list(APPEND AWS_C_FLAGS -Wno-strict-aliasing)
         endif()
 
-       # -moutline-atomics generates code for both older load/store exclusive atomics and also
-       # Arm's Large System Extensions (LSE) which scale substantially better on large core count systems
-        check_c_compiler_flag("-moutline-atomics -Werror" HAS_MOUTLINE_ATOMICS)
-        if (HAS_MOUTLINE_ATOMICS AND AWS_ARCH_ARM64)
-            list(APPEND AWS_C_FLAGS -moutline-atomics)
+        # -moutline-atomics generates code for both older load/store exclusive atomics and also
+        # Arm's Large System Extensions (LSE) which scale substantially better on large core count systems.
+        #
+        # Test by compiling a program that actually uses atomics.
+        # Previously we'd simply used check_c_compiler_flag() but that wasn't detecting
+        # some real-world problems (see https://github.com/awslabs/aws-c-common/issues/902).
+        if (AWS_ARCH_ARM64)
+            set(old_flags "${CMAKE_REQUIRED_FLAGS}")
+            set(CMAKE_REQUIRED_FLAGS "-moutline-atomics -Werror")
+            check_c_source_compiles("
+                int main() {
+                    int x = 1;
+                    __atomic_fetch_add(&x, -1, __ATOMIC_SEQ_CST);
+                    return x;
+                }" HAS_MOUTLINE_ATOMICS)
+            set(CMAKE_REQUIRED_FLAGS "${old_flags}")
+
+            if (HAS_MOUTLINE_ATOMICS)
+                list(APPEND AWS_C_FLAGS -moutline-atomics)
+            endif()
         endif()
 
         # Check for Posix Large File Support (LFS).

data/aws-crt-ffi/crt/aws-c-common/cmake/AwsFeatureTests.cmake

@@ -7,7 +7,7 @@ include(AwsCFlags)
 option(USE_CPU_EXTENSIONS "Whenever possible, use functions optimized for CPUs with specific extensions (ex: SSE, AVX)." ON)
 
 # In the current (11/2/21) state of mingw64, the packaged gcc is not capable of emitting properly aligned avx2 instructions under certain circumstances.
-# This leads to crashes for windows builds using mingw64 when invoking the avx2-enabled versions of certain functions.  Until we can find a better 
+# This leads to crashes for windows builds using mingw64 when invoking the avx2-enabled versions of certain functions.  Until we can find a better
 # work-around, disable avx2 (and all other extensions) in mingw builds.
 #
 # https://gcc.gnu.org/bugzilla/show_bug.cgi?id=54412
@@ -106,3 +106,9 @@ if(NOT LEGACY_COMPILER_SUPPORT OR ARM_CPU)
         return 0;
     }" AWS_HAVE_EXECINFO)
 endif()
+
+check_c_source_compiles("
+#include <linux/if_link.h>
+int main() {
+    return 1;
+}" AWS_HAVE_LINUX_IF_LINK_H)

data/aws-crt-ffi/crt/aws-c-common/format-check.sh

@@ -4,7 +4,7 @@ if [[ -z $CLANG_FORMAT ]] ; then
     CLANG_FORMAT=clang-format
 fi
 
-if NOT type $CLANG_FORMAT 2> /dev/null ; then
+if ! type $CLANG_FORMAT 2> /dev/null ; then
     echo "No appropriate clang-format found."
     exit 1
 fi