aws-crt 0.1.5 → 0.1.6

data/aws-crt-ffi/crt/s2n/tls/s2n_handshake_transcript.c

@@ -24,24 +24,6 @@
 /* Length of the synthetic message header */
 #define MESSAGE_HASH_HEADER_LENGTH  4
 
-static S2N_RESULT s2n_tls13_calculate_digest(struct s2n_connection *conn, uint8_t *digest) {
-    RESULT_ENSURE_REF(conn);
-    RESULT_ENSURE_REF(digest);
-
-    s2n_hash_algorithm hash_algorithm = S2N_HASH_NONE;
-    RESULT_ENSURE_REF(conn->secure.cipher_suite);
-    RESULT_GUARD_POSIX(s2n_hmac_hash_alg(conn->secure.cipher_suite->prf_alg, &hash_algorithm));
-
-    uint8_t digest_size = 0;
-    RESULT_GUARD_POSIX(s2n_hash_digest_size(hash_algorithm, &digest_size));
-
-    RESULT_ENSURE_REF(conn->handshake.hashes);
-    struct s2n_hash_state *hash_state = &conn->handshake.hashes->hash_workspace;
-    RESULT_GUARD(s2n_handshake_copy_hash_state(conn, hash_algorithm, hash_state));
-    RESULT_GUARD_POSIX(s2n_hash_digest(hash_state, digest, digest_size));
-    return S2N_RESULT_OK;
-}
-
 int s2n_conn_update_handshake_hashes(struct s2n_connection *conn, struct s2n_blob *data)
 {
     POSIX_ENSURE_REF(conn);
@@ -91,32 +73,6 @@ int s2n_conn_update_handshake_hashes(struct s2n_connection *conn, struct s2n_blo
         POSIX_GUARD(s2n_hash_update(&hashes->sha512, data->data, data->size));
     }
 
-    /*
-     * TLS1.3 secret derivation requires specific transcript hash digests as inputs.
-     * Save the relevant hash state digests for later use.
-     */
-    if (s2n_connection_get_protocol_version(conn) >= S2N_TLS13) {
-        switch(s2n_conn_get_current_message_type(conn)) {
-            case CLIENT_HELLO:
-                POSIX_ENSURE_REF(conn->secure.cipher_suite);
-                if (conn->secure.cipher_suite->prf_alg != S2N_HMAC_NONE) {
-                    POSIX_GUARD_RESULT(s2n_tls13_calculate_digest(conn, hashes->client_hello_digest));
-                }
-                break;
-            case SERVER_HELLO:
-                POSIX_GUARD_RESULT(s2n_tls13_calculate_digest(conn, hashes->server_hello_digest));
-                break;
-            case SERVER_FINISHED:
-                POSIX_GUARD_RESULT(s2n_tls13_calculate_digest(conn, hashes->server_finished_digest));
-                break;
-            case CLIENT_FINISHED:
-                POSIX_GUARD_RESULT(s2n_tls13_calculate_digest(conn, hashes->client_finished_digest));
-                break;
-            default:
-                break;
-        }
-    }
-
     return S2N_SUCCESS;
 }
 

data/aws-crt-ffi/crt/s2n/tls/s2n_internal.h

@@ -31,7 +31,6 @@
  * used for testing purposes. All Internal APIs are subject to change without notice.
  */
 
-
 struct s2n_config;
 struct s2n_connection;
 

data/aws-crt-ffi/crt/s2n/tls/s2n_quic_support.h

@@ -31,7 +31,7 @@
 
 S2N_API int s2n_config_enable_quic(struct s2n_config *config);
 S2N_API int s2n_connection_enable_quic(struct s2n_connection *conn);
-bool s2n_connection_is_quic_enabled(struct s2n_connection *conn);
+S2N_API bool s2n_connection_is_quic_enabled(struct s2n_connection *conn);
 
 /*
  * Set the data to be sent in the quic_transport_parameters extension.

data/aws-crt-ffi/crt/s2n/tls/s2n_tls13_key_schedule.c

@@ -313,7 +313,6 @@ S2N_RESULT s2n_tls13_key_schedule_update(struct s2n_connection *conn)
     if (s2n_connection_get_protocol_version(conn) < S2N_TLS13) {
         return S2N_RESULT_OK;
     }
-    RESULT_GUARD(s2n_tls13_secrets_update(conn));
     RESULT_ENSURE_REF(key_schedules[conn->mode]);
     RESULT_GUARD(key_schedules[conn->mode](conn));
     return S2N_RESULT_OK;
@@ -324,6 +323,6 @@ S2N_RESULT s2n_tls13_key_schedule_reset(struct s2n_connection *conn)
     RESULT_ENSURE_REF(conn);
     conn->client = &conn->initial;
     conn->server = &conn->initial;
-    conn->secrets.tls13.secrets_state = S2N_NONE_SECRET;
+    conn->secrets.tls13.extract_secret_type = S2N_NONE_SECRET;
     return S2N_RESULT_OK;
 }

data/aws-crt-ffi/crt/s2n/tls/s2n_tls13_secrets.c

@@ -100,6 +100,28 @@ S2N_RESULT s2n_tls13_empty_transcripts_init()
     return S2N_RESULT_OK;
 }
 
+static S2N_RESULT s2n_calculate_transcript_digest(struct s2n_connection *conn)
+{
+    RESULT_ENSURE_REF(conn);
+    RESULT_ENSURE_REF(conn->handshake.hashes);
+
+    s2n_hash_algorithm hash_algorithm = S2N_HASH_NONE;
+    RESULT_ENSURE_REF(conn->secure.cipher_suite);
+    RESULT_GUARD_POSIX(s2n_hmac_hash_alg(conn->secure.cipher_suite->prf_alg, &hash_algorithm));
+
+    uint8_t digest_size = 0;
+    RESULT_GUARD_POSIX(s2n_hash_digest_size(hash_algorithm, &digest_size));
+
+    struct s2n_blob digest = { 0 };
+    RESULT_GUARD_POSIX(s2n_blob_init(&digest, CONN_HASHES(conn)->transcript_hash_digest, digest_size));
+
+    struct s2n_hash_state *hash_state = &conn->handshake.hashes->hash_workspace;
+    RESULT_GUARD(s2n_handshake_copy_hash_state(conn, hash_algorithm, hash_state));
+    RESULT_GUARD_POSIX(s2n_hash_digest(hash_state, digest.data, digest.size));
+
+    return S2N_RESULT_OK;
+}
+
 static S2N_RESULT s2n_extract_secret(s2n_hmac_algorithm hmac_alg,
         const struct s2n_blob *previous_secret_material, const struct s2n_blob *new_secret_material,
         struct s2n_blob *output)
@@ -141,10 +163,22 @@ static S2N_RESULT s2n_derive_secret(s2n_hmac_algorithm hmac_alg,
     return S2N_RESULT_OK;
 }
 
-static S2N_RESULT s2n_derive_secret_for_extract(struct s2n_connection *conn,
-        const struct s2n_blob *previous_secret, struct s2n_blob *output)
+static S2N_RESULT s2n_derive_secret_with_context(struct s2n_connection *conn,
+        s2n_extract_secret_type_t input_secret_type, const struct s2n_blob *label, message_type_t transcript_end_msg,
+        struct s2n_blob *output)
 {
-    RESULT_GUARD(s2n_derive_secret(CONN_HMAC_ALG(conn), previous_secret,
+    RESULT_ENSURE(CONN_SECRETS(conn).extract_secret_type == input_secret_type, S2N_ERR_SECRET_SCHEDULE_STATE);
+    RESULT_ENSURE(s2n_conn_get_current_message_type(conn) == transcript_end_msg, S2N_ERR_SECRET_SCHEDULE_STATE);
+    RESULT_GUARD(s2n_derive_secret(CONN_HMAC_ALG(conn), &CONN_SECRET(conn, extract_secret),
+            label, &CONN_HASH(conn, transcript_hash_digest), output));
+    return S2N_RESULT_OK;
+}
+
+static S2N_RESULT s2n_derive_secret_without_context(struct s2n_connection *conn,
+        s2n_extract_secret_type_t input_secret_type, struct s2n_blob *output)
+{
+    RESULT_ENSURE(CONN_SECRETS(conn).extract_secret_type == input_secret_type, S2N_ERR_SECRET_SCHEDULE_STATE);
+    RESULT_GUARD(s2n_derive_secret(CONN_HMAC_ALG(conn), &CONN_SECRET(conn, extract_secret),
             &s2n_tls13_label_derived_secret, &EMPTY_CONTEXT(CONN_HMAC_ALG(conn)), output));
     return S2N_RESULT_OK;
 }
@@ -242,7 +276,7 @@ static S2N_RESULT s2n_extract_early_secret_for_schedule(struct s2n_connection *c
         RESULT_GUARD(s2n_extract_secret(hmac_alg,
                 &ZERO_VALUE(hmac_alg),
                 &ZERO_VALUE(hmac_alg),
-                &CONN_SECRET(conn, early_secret)));
+                &CONN_SECRET(conn, extract_secret)));
         return S2N_RESULT_OK;
     }
 
@@ -252,7 +286,7 @@ static S2N_RESULT s2n_extract_early_secret_for_schedule(struct s2n_connection *c
      * Use the early secret stored on the PSK.
      */
     RESULT_ENSURE_EQ(hmac_alg, psk->hmac_alg);
-    RESULT_CHECKED_MEMCPY(CONN_SECRETS(conn).early_secret, psk->early_secret.data, psk->early_secret.size);
+    RESULT_CHECKED_MEMCPY(CONN_SECRETS(conn).extract_secret, psk->early_secret.data, psk->early_secret.size);
     return S2N_RESULT_OK;
 }
 
@@ -285,10 +319,10 @@ S2N_RESULT s2n_derive_binder_key(struct s2n_psk *psk, struct s2n_blob *output)
  */
 static S2N_RESULT s2n_derive_client_early_traffic_secret(struct s2n_connection *conn, struct s2n_blob *output)
 {
-    RESULT_GUARD(s2n_derive_secret(CONN_HMAC_ALG(conn),
-            &CONN_SECRET(conn, early_secret),
+    RESULT_GUARD(s2n_derive_secret_with_context(conn,
+            S2N_EARLY_SECRET,
             &s2n_tls13_label_client_early_traffic_secret,
-            &CONN_HASH(conn, client_hello_digest),
+            CLIENT_HELLO,
             output));
     return S2N_RESULT_OK;
 }
@@ -307,7 +341,7 @@ static S2N_RESULT s2n_extract_handshake_secret(struct s2n_connection *conn)
     struct s2n_blob derived_secret = { 0 };
     uint8_t derived_secret_bytes[S2N_TLS13_SECRET_MAX_LEN] = { 0 };
     RESULT_GUARD_POSIX(s2n_blob_init(&derived_secret, derived_secret_bytes, S2N_TLS13_SECRET_MAX_LEN));
-    RESULT_GUARD(s2n_derive_secret_for_extract(conn, &CONN_SECRET(conn, early_secret), &derived_secret));
+    RESULT_GUARD(s2n_derive_secret_without_context(conn, S2N_EARLY_SECRET, &derived_secret));
 
     DEFER_CLEANUP(struct s2n_blob shared_secret = { 0 }, s2n_blob_zeroize_free);
     RESULT_GUARD_POSIX(s2n_tls13_compute_shared_secret(conn, &shared_secret));
@@ -315,7 +349,7 @@ static S2N_RESULT s2n_extract_handshake_secret(struct s2n_connection *conn)
     RESULT_GUARD(s2n_extract_secret(CONN_HMAC_ALG(conn),
             &derived_secret,
             &shared_secret,
-            &CONN_SECRET(conn, handshake_secret)));
+            &CONN_SECRET(conn, extract_secret)));
 
     return S2N_RESULT_OK;
 }
@@ -329,10 +363,10 @@ static S2N_RESULT s2n_extract_handshake_secret(struct s2n_connection *conn)
  */
 static S2N_RESULT s2n_derive_client_handshake_traffic_secret(struct s2n_connection *conn, struct s2n_blob *output)
 {
-    RESULT_GUARD(s2n_derive_secret(CONN_HMAC_ALG(conn),
-            &CONN_SECRET(conn, handshake_secret),
+    RESULT_GUARD(s2n_derive_secret_with_context(conn,
+            S2N_HANDSHAKE_SECRET,
             &s2n_tls13_label_client_handshake_traffic_secret,
-            &CONN_HASH(conn, server_hello_digest),
+            SERVER_HELLO,
             output));
 
     /*
@@ -358,10 +392,10 @@ static S2N_RESULT s2n_derive_client_handshake_traffic_secret(struct s2n_connecti
  */
 static S2N_RESULT s2n_derive_server_handshake_traffic_secret(struct s2n_connection *conn, struct s2n_blob *output)
 {
-    RESULT_GUARD(s2n_derive_secret(CONN_HMAC_ALG(conn),
-            &CONN_SECRET(conn, handshake_secret),
+    RESULT_GUARD(s2n_derive_secret_with_context(conn,
+            S2N_HANDSHAKE_SECRET,
             &s2n_tls13_label_server_handshake_traffic_secret,
-            &CONN_HASH(conn, server_hello_digest),
+            SERVER_HELLO,
             output));
 
     /*
@@ -391,12 +425,12 @@ static S2N_RESULT s2n_extract_master_secret(struct s2n_connection *conn)
     struct s2n_blob derived_secret = { 0 };
     uint8_t derived_secret_bytes[S2N_TLS13_SECRET_MAX_LEN] = { 0 };
     RESULT_GUARD_POSIX(s2n_blob_init(&derived_secret, derived_secret_bytes, S2N_TLS13_SECRET_MAX_LEN));
-    RESULT_GUARD(s2n_derive_secret_for_extract(conn, &CONN_SECRET(conn, handshake_secret), &derived_secret));
+    RESULT_GUARD(s2n_derive_secret_without_context(conn, S2N_HANDSHAKE_SECRET, &derived_secret));
 
     RESULT_GUARD(s2n_extract_secret(CONN_HMAC_ALG(conn),
             &derived_secret,
             &ZERO_VALUE(CONN_HMAC_ALG(conn)),
-            &CONN_SECRET(conn, master_secret)));
+            &CONN_SECRET(conn, extract_secret)));
     return S2N_RESULT_OK;
 }
 
@@ -409,12 +443,11 @@ static S2N_RESULT s2n_extract_master_secret(struct s2n_connection *conn)
  */
 static S2N_RESULT s2n_derive_client_application_traffic_secret(struct s2n_connection *conn, struct s2n_blob *output)
 {
-    RESULT_GUARD(s2n_derive_secret(CONN_HMAC_ALG(conn),
-            &CONN_SECRET(conn, master_secret),
+    RESULT_GUARD(s2n_derive_secret_with_context(conn,
+            S2N_MASTER_SECRET,
             &s2n_tls13_label_client_application_traffic_secret,
-            &CONN_HASH(conn, server_finished_digest),
+            SERVER_FINISHED,
             output));
-    RESULT_CHECKED_MEMCPY(CONN_SECRETS(conn).client_app_secret, output->data, output->size);
     return S2N_RESULT_OK;
 }
 
@@ -427,12 +460,11 @@ static S2N_RESULT s2n_derive_client_application_traffic_secret(struct s2n_connec
  */
 static S2N_RESULT s2n_derive_server_application_traffic_secret(struct s2n_connection *conn, struct s2n_blob *output)
 {
-    RESULT_GUARD(s2n_derive_secret(CONN_HMAC_ALG(conn),
-            &CONN_SECRET(conn, master_secret),
+    RESULT_GUARD(s2n_derive_secret_with_context(conn,
+            S2N_MASTER_SECRET,
             &s2n_tls13_label_server_application_traffic_secret,
-            &CONN_HASH(conn, server_finished_digest),
+            SERVER_FINISHED,
             output));
-    RESULT_CHECKED_MEMCPY(CONN_SECRETS(conn).server_app_secret, output->data, output->size);
     return S2N_RESULT_OK;
 }
 
@@ -445,10 +477,10 @@ static S2N_RESULT s2n_derive_server_application_traffic_secret(struct s2n_connec
  */
 S2N_RESULT s2n_derive_resumption_master_secret(struct s2n_connection *conn)
 {
-    RESULT_GUARD(s2n_derive_secret(CONN_HMAC_ALG(conn),
-            &CONN_SECRET(conn, master_secret),
+    RESULT_GUARD(s2n_derive_secret_with_context(conn,
+            S2N_MASTER_SECRET,
             &s2n_tls13_label_resumption_master_secret,
-            &CONN_HASH(conn, client_finished_digest),
+            CLIENT_FINISHED,
             &CONN_SECRET(conn, resumption_master_secret)));
     return S2N_RESULT_OK;
 }
@@ -469,12 +501,13 @@ S2N_RESULT s2n_tls13_extract_secret(struct s2n_connection *conn, s2n_extract_sec
     RESULT_ENSURE_GTE(secret_type, 0);
     RESULT_ENSURE_LT(secret_type, s2n_array_len(extract_methods));
 
-    s2n_extract_secret_type_t next_secret_type = CONN_SECRETS(conn).secrets_state + 1;
+    s2n_extract_secret_type_t next_secret_type = CONN_SECRETS(conn).extract_secret_type + 1;
     for (s2n_extract_secret_type_t i = next_secret_type; i <= secret_type; i++) {
         RESULT_ENSURE_REF(extract_methods[i]);
         RESULT_GUARD(extract_methods[i](conn));
-        CONN_SECRETS(conn).secrets_state = i;
+        CONN_SECRETS(conn).extract_secret_type = i;
     }
+
     return S2N_RESULT_OK;
 }
 
@@ -517,12 +550,11 @@ S2N_RESULT s2n_tls13_secrets_clean(struct s2n_connection *conn)
      * A compromised secret additionally compromises all secrets derived from it,
      * so these are the most sensitive secrets.
      */
-    RESULT_GUARD_POSIX(s2n_blob_zero(&CONN_SECRET(conn, early_secret)));
-    RESULT_GUARD_POSIX(s2n_blob_zero(&CONN_SECRET(conn, handshake_secret)));
-    RESULT_GUARD_POSIX(s2n_blob_zero(&CONN_SECRET(conn, master_secret)));
-    conn->secrets.tls13.secrets_state = S2N_NONE_SECRET;
+    RESULT_GUARD_POSIX(s2n_blob_zero(&CONN_SECRET(conn, extract_secret)));
+    conn->secrets.tls13.extract_secret_type = S2N_NONE_SECRET;
 
     /* Wipe other secrets no longer needed */
+    RESULT_GUARD_POSIX(s2n_blob_zero(&CONN_SECRET(conn, client_early_secret)));
     RESULT_GUARD_POSIX(s2n_blob_zero(&CONN_SECRET(conn, client_handshake_secret)));
     RESULT_GUARD_POSIX(s2n_blob_zero(&CONN_SECRET(conn, server_handshake_secret)));
 
@@ -532,25 +564,37 @@ S2N_RESULT s2n_tls13_secrets_clean(struct s2n_connection *conn)
 S2N_RESULT s2n_tls13_secrets_update(struct s2n_connection *conn)
 {
     RESULT_ENSURE_REF(conn);
+    if (s2n_connection_get_protocol_version(conn) < S2N_TLS13) {
+        return S2N_RESULT_OK;
+    }
     RESULT_ENSURE_REF(conn->secure.cipher_suite);
 
     message_type_t message_type = s2n_conn_get_current_message_type(conn);
     switch(message_type) {
+        case CLIENT_HELLO:
+            if (conn->early_data_state == S2N_EARLY_DATA_REQUESTED
+                    || conn->early_data_state == S2N_EARLY_DATA_ACCEPTED) {
+                RESULT_GUARD(s2n_calculate_transcript_digest(conn));
+                RESULT_GUARD(s2n_tls13_derive_secret(conn, S2N_EARLY_SECRET,
+                        S2N_CLIENT, &CONN_SECRET(conn, client_early_secret)));
+            }
+            break;
         case SERVER_HELLO:
+            RESULT_GUARD(s2n_calculate_transcript_digest(conn));
             RESULT_GUARD(s2n_tls13_derive_secret(conn, S2N_HANDSHAKE_SECRET,
                     S2N_CLIENT, &CONN_SECRET(conn, client_handshake_secret)));
             RESULT_GUARD(s2n_tls13_derive_secret(conn, S2N_HANDSHAKE_SECRET,
                     S2N_SERVER, &CONN_SECRET(conn, server_handshake_secret)));
-            RESULT_ENSURE_EQ(CONN_SECRETS(conn).secrets_state, S2N_HANDSHAKE_SECRET);
             break;
         case SERVER_FINISHED:
+            RESULT_GUARD(s2n_calculate_transcript_digest(conn));
             RESULT_GUARD(s2n_tls13_derive_secret(conn, S2N_MASTER_SECRET,
                     S2N_CLIENT, &CONN_SECRET(conn, client_app_secret)));
             RESULT_GUARD(s2n_tls13_derive_secret(conn, S2N_MASTER_SECRET,
                     S2N_SERVER, &CONN_SECRET(conn, server_app_secret)));
-            RESULT_ENSURE_EQ(CONN_SECRETS(conn).secrets_state, S2N_MASTER_SECRET);
             break;
         case CLIENT_FINISHED:
+            RESULT_GUARD(s2n_calculate_transcript_digest(conn));
             RESULT_GUARD(s2n_derive_resumption_master_secret(conn));
             break;
         default:
@@ -566,18 +610,14 @@ S2N_RESULT s2n_tls13_secrets_get(struct s2n_connection *conn, s2n_extract_secret
     RESULT_ENSURE_REF(secret);
 
     uint8_t *secrets[][2] = {
+        [S2N_EARLY_SECRET]     = { NULL, CONN_SECRETS(conn).client_early_secret },
         [S2N_HANDSHAKE_SECRET] = { CONN_SECRETS(conn).server_handshake_secret, CONN_SECRETS(conn).client_handshake_secret },
         [S2N_MASTER_SECRET]    = { CONN_SECRETS(conn).server_app_secret, CONN_SECRETS(conn).client_app_secret },
     };
     RESULT_ENSURE_GT(secret_type, S2N_NONE_SECRET);
     RESULT_ENSURE_LT(secret_type, s2n_array_len(secrets));
-
-    if (secrets[secret_type][mode] == NULL) {
-        RESULT_GUARD(s2n_tls13_derive_secret(conn, secret_type, mode, secret));
-        return S2N_RESULT_OK;
-    }
-
-    RESULT_ENSURE_GTE(CONN_SECRETS(conn).secrets_state, secret_type);
+    RESULT_ENSURE_LTE(secret_type, CONN_SECRETS(conn).extract_secret_type);
+    RESULT_ENSURE_REF(secrets[secret_type][mode]);
 
     secret->size = s2n_get_hash_len(CONN_HMAC_ALG(conn));
     RESULT_CHECKED_MEMCPY(secret->data, secrets[secret_type][mode], secret->size);

data/aws-crt-ffi/crt/s2n/tls/s2n_tls13_secrets.h

@@ -31,26 +31,20 @@ typedef enum {
 } s2n_extract_secret_type_t;
 
 struct s2n_tls13_secrets {
-    uint8_t early_secret[S2N_TLS13_SECRET_MAX_LEN];
+    uint8_t extract_secret[S2N_TLS13_SECRET_MAX_LEN];
+    s2n_extract_secret_type_t extract_secret_type;
 
-    uint8_t handshake_secret[S2N_TLS13_SECRET_MAX_LEN];
+    uint8_t client_early_secret[S2N_TLS13_SECRET_MAX_LEN];
     uint8_t client_handshake_secret[S2N_TLS13_SECRET_MAX_LEN];
     uint8_t server_handshake_secret[S2N_TLS13_SECRET_MAX_LEN];
 
-    uint8_t master_secret[S2N_TLS13_SECRET_MAX_LEN];
     uint8_t client_app_secret[S2N_TLS13_SECRET_MAX_LEN];
     uint8_t server_app_secret[S2N_TLS13_SECRET_MAX_LEN];
     uint8_t resumption_master_secret[S2N_TLS13_SECRET_MAX_LEN];
-
-    s2n_extract_secret_type_t secrets_state;
 };
 
 S2N_RESULT s2n_tls13_empty_transcripts_init();
 
-S2N_RESULT s2n_tls13_extract_secret(struct s2n_connection *conn, s2n_extract_secret_type_t secret_type);
-S2N_RESULT s2n_tls13_derive_secret(struct s2n_connection *conn, s2n_extract_secret_type_t secret_type,
-        s2n_mode mode, struct s2n_blob *secret);
-
 S2N_RESULT s2n_tls13_secrets_update(struct s2n_connection *conn);
 S2N_RESULT s2n_tls13_secrets_get(struct s2n_connection *conn, s2n_extract_secret_type_t secret_type,
         s2n_mode mode, struct s2n_blob *secret);

data/aws-crt-ffi/crt/s2n/utils/s2n_blob.h

@@ -47,21 +47,28 @@ extern int s2n_blob_char_to_lower(struct s2n_blob *b);
 extern int s2n_hex_string_to_bytes(const uint8_t *str, struct s2n_blob *blob);
 extern int s2n_blob_slice(const struct s2n_blob *b, struct s2n_blob *slice, uint32_t offset, uint32_t size);
 
-#define s2n_stack_blob(name, requested_size, maximum)			\
-    size_t name ## _requested_size = (requested_size);			\
-    uint8_t name ## _buf[(maximum)] = {0};				\
-    POSIX_ENSURE_LTE(name ## _requested_size, (maximum));			\
-    struct s2n_blob name = {0};						\
+#define s2n_stack_blob(name, requested_size, maximum)       \
+    size_t name ## _requested_size = (requested_size);      \
+    uint8_t name ## _buf[(maximum)] = {0};                  \
+    POSIX_ENSURE_LTE(name ## _requested_size, (maximum));   \
+    struct s2n_blob name = {0};                             \
     POSIX_GUARD(s2n_blob_init(&name, name ## _buf, name ## _requested_size))
 
-#define S2N_BLOB_LABEL(name, str) \
-    static uint8_t name##_data[] = str;   \
+#define RESULT_STACK_BLOB(name, requested_size, maximum)    \
+    size_t name ## _requested_size = (requested_size);          \
+    uint8_t name ## _buf[(maximum)] = {0};                      \
+    RESULT_ENSURE_LTE(name ## _requested_size, (maximum));      \
+    struct s2n_blob name = {0};                                 \
+    RESULT_GUARD_POSIX(s2n_blob_init(&name, name ## _buf, name ## _requested_size))
+
+#define S2N_BLOB_LABEL(name, str)       \
+    static uint8_t name##_data[] = str; \
     const struct s2n_blob name = { .data = name##_data, .size = sizeof(name##_data) - 1 };
 
 /* The S2N_BLOB_FROM_HEX macro creates a s2n_blob with the contents of a hex string.
  * It is allocated on a stack so there no need to free after use.
  * hex should be a const char[]. This function checks against using char*,
  * because sizeof needs to refer to the buffer length rather than a pointer size */
-#define S2N_BLOB_FROM_HEX( name, hex ) \
+#define S2N_BLOB_FROM_HEX( name, hex )                                  \
     s2n_stack_blob(name, (sizeof(hex) - 1) / 2, (sizeof(hex) - 1) / 2); \
     POSIX_GUARD(s2n_hex_string_to_bytes((const uint8_t*)hex, &name));

data/aws-crt-ffi/crt/s2n/utils/s2n_fork_detection.c

@@ -42,10 +42,6 @@
 #include <unistd.h>
 
 
-#if defined(S2N_MINHERIT_SUPPORTED) && defined(S2N_MADVISE_SUPPORTED)
-#error "Both S2N_MINHERIT_SUPPORTED and S2N_MADVISE_SUPPORTED are defined. This should not be possible."
-#endif
-
 #if defined(S2N_MADVISE_SUPPORTED) && defined(MADV_WIPEONFORK)
 #if (MADV_WIPEONFORK != 18)
 #error "MADV_WIPEONFORK is not 18"
@@ -298,9 +294,9 @@ S2N_RESULT s2n_get_fork_generation_number(uint64_t *return_fork_generation_numbe
     return S2N_RESULT_OK;
 }
 
-static void s2n_cleanup_cb_munmap(void *probe_addr)
+static void s2n_cleanup_cb_munmap(void **probe_addr)
 {
-    munmap(probe_addr, (size_t) sysconf(_SC_PAGESIZE));
+    munmap(*probe_addr, (size_t) sysconf(_SC_PAGESIZE));
 }
 
 /* Run-time probe checking whether the system supports the MADV_WIPEONFORK fork

data/aws-crt-ffi/crt/s2n/utils/s2n_random.c

@@ -144,8 +144,8 @@ static inline S2N_RESULT s2n_defend_if_forked(void)
         /* Clean up the old drbg first */
         RESULT_GUARD(s2n_rand_cleanup_thread());
         /* Instantiate the new ones */
-        RESULT_GUARD_POSIX(s2n_drbg_instantiate(&per_thread_public_drbg, &public, S2N_AES_128_CTR_NO_DF_PR));
-        RESULT_GUARD_POSIX(s2n_drbg_instantiate(&per_thread_private_drbg, &private, S2N_AES_128_CTR_NO_DF_PR));
+        RESULT_GUARD(s2n_drbg_instantiate(&per_thread_public_drbg, &public, S2N_AES_128_CTR_NO_DF_PR));
+        RESULT_GUARD(s2n_drbg_instantiate(&per_thread_private_drbg, &private, S2N_AES_128_CTR_NO_DF_PR));
         zero_if_forked_ptr = zeroed_when_forked_page;
         zero_if_forked = 1;
     }
@@ -165,7 +165,7 @@ S2N_RESULT s2n_get_public_random_data(struct s2n_blob *blob)
 
         RESULT_GUARD_POSIX(s2n_blob_slice(blob, &slice, offset, MIN(remaining, S2N_DRBG_GENERATE_LIMIT)));;
 
-        RESULT_GUARD_POSIX(s2n_drbg_generate(&per_thread_public_drbg, &slice));
+        RESULT_GUARD(s2n_drbg_generate(&per_thread_public_drbg, &slice));
 
         remaining -= slice.size;
         offset += slice.size;
@@ -186,7 +186,7 @@ S2N_RESULT s2n_get_private_random_data(struct s2n_blob *blob)
 
         RESULT_GUARD_POSIX(s2n_blob_slice(blob, &slice, offset, MIN(remaining, S2N_DRBG_GENERATE_LIMIT)));;
 
-        RESULT_GUARD_POSIX(s2n_drbg_generate(&per_thread_private_drbg, &slice));
+        RESULT_GUARD(s2n_drbg_generate(&per_thread_private_drbg, &slice));
 
         remaining -= slice.size;
         offset += slice.size;
@@ -197,13 +197,13 @@ S2N_RESULT s2n_get_private_random_data(struct s2n_blob *blob)
 
 S2N_RESULT s2n_get_public_random_bytes_used(uint64_t *bytes_used)
 {
-    RESULT_GUARD_POSIX(s2n_drbg_bytes_used(&per_thread_public_drbg, bytes_used));
+    RESULT_GUARD(s2n_drbg_bytes_used(&per_thread_public_drbg, bytes_used));
     return S2N_RESULT_OK;
 }
 
 S2N_RESULT s2n_get_private_random_bytes_used(uint64_t *bytes_used)
 {
-    RESULT_GUARD_POSIX(s2n_drbg_bytes_used(&per_thread_private_drbg, bytes_used));
+    RESULT_GUARD(s2n_drbg_bytes_used(&per_thread_private_drbg, bytes_used));
     return S2N_RESULT_OK;
 }
 
@@ -439,8 +439,8 @@ S2N_RESULT s2n_rand_cleanup(void)
 
 S2N_RESULT s2n_rand_cleanup_thread(void)
 {
-    RESULT_GUARD_POSIX(s2n_drbg_wipe(&per_thread_private_drbg));
-    RESULT_GUARD_POSIX(s2n_drbg_wipe(&per_thread_public_drbg));
+    RESULT_GUARD(s2n_drbg_wipe(&per_thread_private_drbg));
+    RESULT_GUARD(s2n_drbg_wipe(&per_thread_public_drbg));
 
     return S2N_RESULT_OK;
 }
@@ -452,7 +452,7 @@ S2N_RESULT s2n_rand_cleanup_thread(void)
 S2N_RESULT s2n_set_private_drbg_for_test(struct s2n_drbg drbg)
 {
     RESULT_ENSURE(s2n_in_unit_test(), S2N_ERR_NOT_IN_UNIT_TEST);
-    RESULT_GUARD_POSIX(s2n_drbg_wipe(&per_thread_private_drbg));
+    RESULT_GUARD(s2n_drbg_wipe(&per_thread_private_drbg));
 
     per_thread_private_drbg = drbg;
     return S2N_RESULT_OK;

data/aws-crt-ffi/src/input_stream.c

@@ -54,28 +54,37 @@ static int s_external_input_stream_seek(
     struct aws_input_stream *stream,
     aws_off_t offset,
     enum aws_stream_seek_basis basis) {
-    aws_external_input_stream *ext_stream = stream->impl;
-    return ext_stream->seek(ext_stream->user_data, (int64_t)offset, (aws_crt_input_stream_seek_basis)basis);
+    aws_crt_input_stream *impl = stream->impl;
+    aws_external_input_stream ext_stream = impl->impl;
+    return ext_stream.seek(ext_stream.user_data, (int64_t)offset, (aws_crt_input_stream_seek_basis)basis);
 }
 
 static int s_external_input_stream_read(struct aws_input_stream *stream, struct aws_byte_buf *dest) {
-    aws_external_input_stream *ext_stream = stream->impl;
-    return ext_stream->read(ext_stream->user_data, dest->buffer, dest->capacity);
+    aws_crt_input_stream *impl = stream->impl;
+    aws_external_input_stream ext_stream = impl->impl;
+    return ext_stream.read(ext_stream.user_data, dest->buffer, dest->capacity);
 }
 
 static int s_external_input_stream_get_status(struct aws_input_stream *stream, struct aws_stream_status *status) {
-    aws_external_input_stream *ext_stream = stream->impl;
-    return ext_stream->get_status(ext_stream->user_data, (aws_crt_input_stream_status *)status);
+    aws_crt_input_stream *impl = stream->impl;
+    aws_external_input_stream ext_stream = impl->impl;
+    return ext_stream.get_status(ext_stream.user_data, (aws_crt_input_stream_status *)status);
 }
 
 static int s_external_input_stream_get_length(struct aws_input_stream *stream, int64_t *out_length) {
-    aws_external_input_stream *ext_stream = stream->impl;
-    return ext_stream->get_length(ext_stream->user_data, out_length);
+    aws_crt_input_stream *impl = stream->impl;
+    aws_external_input_stream ext_stream = impl->impl;
+    return ext_stream.get_length(ext_stream.user_data, out_length);
 }
 
-static void s_external_input_stream_destroy(struct aws_input_stream *stream) {
-    aws_external_input_stream *ext_stream = stream->impl;
-    ext_stream->destroy(ext_stream->user_data);
+static void s_external_input_stream_acquire(struct aws_input_stream *stream) {
+    aws_crt_input_stream *impl = stream->impl;
+    aws_crt_resource_acquire(&impl->resource);
+}
+
+static void s_external_input_stream_release(struct aws_input_stream *stream) {
+    aws_crt_input_stream *impl = stream->impl;
+    aws_crt_resource_release(&impl->resource);
 }
 
 static struct aws_input_stream_vtable s_external_input_stream_vtable = {
@@ -83,23 +92,31 @@ static struct aws_input_stream_vtable s_external_input_stream_vtable = {
     .read = s_external_input_stream_read,
     .get_status = s_external_input_stream_get_status,
     .get_length = s_external_input_stream_get_length,
-    .destroy = s_external_input_stream_destroy,
+    .acquire = s_external_input_stream_acquire,
+    .release = s_external_input_stream_release,
 };
 
+static void s_external_input_stream_destroy(void *user_data) {
+    aws_external_input_stream *ext_stream = user_data;
+    ext_stream->destroy(ext_stream->user_data);
+}
+
 aws_crt_input_stream *aws_crt_input_stream_new(const aws_crt_input_stream_options *options) {
     aws_crt_input_stream *stream = aws_crt_resource_new(sizeof(aws_crt_input_stream));
     AWS_ZERO_STRUCT(stream->stream);
     AWS_ZERO_STRUCT(stream->impl);
 
     stream->impl = *options;
-    stream->stream.allocator = aws_crt_default_allocator();
-    stream->stream.impl = &stream->impl;
+    stream->stream.impl = &stream;
     stream->stream.vtable = &s_external_input_stream_vtable;
+
+    aws_crt_resource_set_user_data(&stream->resource, &stream->impl, s_external_input_stream_destroy);
+
     return stream;
 }
 
 void aws_crt_input_stream_release(aws_crt_input_stream *stream) {
-    aws_input_stream_destroy(&stream->stream);
+    aws_input_stream_release(&stream->stream);
     aws_crt_resource_release(&stream->resource);
 }
 

data/ext/compile.rb

@@ -41,15 +41,16 @@ def find_file(name, search_dirs, base_dir)
 end
 
 # Compile bin to expected location
-def compile_bin
-  platform = local_platform
+def compile_bin(cpu = host_cpu)
+  platform = target_platform(cpu)
   native_dir = File.expand_path('../aws-crt-ffi', File.dirname(__FILE__))
-  tmp_build_dir = File.expand_path('../tmp/build', File.dirname(__FILE__))
+  tmp_dir = File.expand_path("../tmp/#{platform.cpu}", File.dirname(__FILE__))
+  tmp_build_dir = File.expand_path('build', tmp_dir)
 
   # We need cmake to "install" aws-crt-ffi so that the binaries end up in a
   # predictable location. But cmake still adds subdirectories we don't want,
   # so we'll "install" under tmp, and manually copy to bin/ after that.
-  tmp_install_dir = File.expand_path('../tmp/install', File.dirname(__FILE__))
+  tmp_install_dir = File.expand_path('install', tmp_dir)
 
   build_type = 'RelWithDebInfo'
 
@@ -59,8 +60,15 @@ def compile_bin
     "-B#{tmp_build_dir}",
     "-DCMAKE_INSTALL_PREFIX=#{tmp_install_dir}",
     "-DCMAKE_BUILD_TYPE=#{build_type}",
+    '-DBUILD_TESTING=OFF',
   ]
 
+  # macOS can cross-compile for arm64 or x86_64.
+  # This lets us prepare both types of gems from either type of machine.
+  if platform.os == 'darwin'
+    config_cmd.append("-DCMAKE_OSX_ARCHITECTURES=#{platform.cpu}")
+  end
+
   build_cmd = [
     CMAKE,
     '--build', tmp_build_dir,
@@ -87,5 +95,5 @@ def compile_bin
     'lib', # some unix variants
   ]
   tmp_path = find_file(bin_name, search_dirs, tmp_install_dir)
-  FileUtils.cp(tmp_path, bin_dir)
+  FileUtils.cp(tmp_path, bin_dir, verbose: true)
 end