From ff3e728aefeac5bfc14ea94076880d2de71eafd8 Mon Sep 17 00:00:00 2001
From: "Jonathan M. Henson" <henso@amazon.com>
Date: Thu, 14 Feb 2019 15:07:10 -0800
Subject: [PATCH 1/2] Thanks for the productive day Microsoft.

---
 CMakeLists.txt               |  8 ++++++++
 codebuild/common-windows.bat | 16 ++++++++--------
 source/bcrypt/bcrypt_hash.c  |  9 ++++-----
 source/bcrypt/bcrypt_hmac.c  |  7 +++----
 4 files changed, 23 insertions(+), 17 deletions(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index b03b81b0..0674f803 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -16,6 +16,14 @@ project(aws-c-cal LANGUAGES C VERSION 0.1.0)
 
 option(BYO_CRYPTO "Set this if you want to provide your own cryptography implementation. This will cause the defaults to not be compiled." OFF)
 
+if (DEFINED CMAKE_PREFIX_PATH)
+    file(TO_CMAKE_PATH ${CMAKE_PREFIX_PATH} CMAKE_PREFIX_PATH)
+endif()
+
+if (DEFINED CMAKE_INSTALL_PREFIX)
+    file(TO_CMAKE_PATH ${CMAKE_INSTALL_PREFIX} CMAKE_INSTALL_PREFIX)
+endif()
+
 if (UNIX AND NOT APPLE)
     include(GNUInstallDirs)
 elseif(NOT DEFINED CMAKE_INSTALL_LIBDIR)
diff --git a/codebuild/common-windows.bat b/codebuild/common-windows.bat
index d4cbcef4..c7652741 100644
--- a/codebuild/common-windows.bat
+++ b/codebuild/common-windows.bat
@@ -1,24 +1,24 @@
 set CMAKE_ARGS=%*
-set BUILDS_DIR=%TEMP%/builds
-set INSTALL_DIR=%BUILDS_DIR%/install
+set BUILDS_DIR=%TEMP%\builds
+set INSTALL_DIR=%BUILDS_DIR%\install
 mkdir %BUILDS_DIR%
 mkdir %INSTALL_DIR%
 
 CALL :install_library aws-c-common
 
-mkdir %BUILDS_DIR%/aws-c-cal-build
-cd %BUILDS_DIR%/aws-c-cal-build
-cmake %CMAKE_ARGS% -DCMAKE_BUILD_TYPE="RelWithDebInfo" -DCMAKE_INSTALL_PREFIX=%INSTALL_DIR% -DCMAKE_PREFIX_PATH=%INSTALL_DIR% %CODEBUILD_SRC_DIR% || goto error
+mkdir %BUILDS_DIR%\aws-c-cal-build
+cd %BUILDS_DIR%\aws-c-cal-build
+cmake %CMAKE_ARGS% -DCMAKE_BUILD_TYPE="RelWithDebInfo" -DCMAKE_INSTALL_PREFIX="%INSTALL_DIR%" -DCMAKE_PREFIX_PATH="%INSTALL_DIR%" %CODEBUILD_SRC_DIR% || goto error
 cmake --build . --config RelWithDebInfo || goto error
 ctest -V || goto error
 
 goto :EOF
 
 :install_library
-mkdir %BUILDS_DIR%/%~1-build
-cd %BUILDS_DIR%/%~1-build
+mkdir %BUILDS_DIR%\%~1-build
+cd %BUILDS_DIR%\%~1-build
 git clone https://github.com/awslabs/%~1.git
-cmake %CMAKE_ARGS% -DCMAKE_BUILD_TYPE="RelWithDebInfo" -DCMAKE_INSTALL_PREFIX=%INSTALL_DIR% -DCMAKE_PREFIX_PATH=%INSTALL_DIR% %~1 || goto error
+cmake %CMAKE_ARGS% -DCMAKE_BUILD_TYPE="RelWithDebInfo" -DCMAKE_INSTALL_PREFIX="%INSTALL_DIR%" -DCMAKE_PREFIX_PATH="%INSTALL_DIR%" %~1 || goto error
 cmake --build . --target install --config RelWithDebInfo || goto error
 exit /b %errorlevel%
 
diff --git a/source/bcrypt/bcrypt_hash.c b/source/bcrypt/bcrypt_hash.c
index 20d95237..befcbe0b 100644
--- a/source/bcrypt/bcrypt_hash.c
+++ b/source/bcrypt/bcrypt_hash.c
@@ -19,7 +19,6 @@
 
 #include <bcrypt.h>
 #include <winerror.h>
-#include <winternl.h>
 
 static BCRYPT_ALG_HANDLE s_sha256_alg = NULL;
 static size_t s_sha256_obj_len = 0;
@@ -93,7 +92,7 @@ struct aws_hash *aws_sha256_default_new(struct aws_allocator *allocator) {
     NTSTATUS status = BCryptCreateHash(
         s_sha256_alg, &bcrypt_hash->hash_handle, bcrypt_hash->hash_obj, (ULONG)s_sha256_obj_len, NULL, 0, 0);
 
-    if (!NT_SUCCESS(status)) {
+    if (status < 0) {
         aws_mem_release(allocator, bcrypt_hash);
         return NULL;
     }
@@ -122,7 +121,7 @@ struct aws_hash *aws_md5_default_new(struct aws_allocator *allocator) {
     NTSTATUS status =
         BCryptCreateHash(s_md5_alg, &bcrypt_hash->hash_handle, bcrypt_hash->hash_obj, (ULONG)s_md5_obj_len, NULL, 0, 0);
 
-    if (!NT_SUCCESS(status)) {
+    if (status < 0) {
         aws_mem_release(allocator, bcrypt_hash);
         return NULL;
     }
@@ -144,7 +143,7 @@ static int s_update(struct aws_hash *hash, const struct aws_byte_cursor *to_hash
     struct bcrypt_hash_handle *ctx = hash->impl;
     NTSTATUS status = BCryptHashData(ctx->hash_handle, to_hash->ptr, (ULONG)to_hash->len, 0);
 
-    if (!NT_SUCCESS(status)) {
+    if (status < 0) {
         hash->good = false;
         return aws_raise_error(AWS_ERROR_INVALID_ARGUMENT);
     }
@@ -168,7 +167,7 @@ static int s_finalize(struct aws_hash *hash, struct aws_byte_buf *output) {
     NTSTATUS status = BCryptFinishHash(ctx->hash_handle, output->buffer + output->len, (ULONG)buffer_len, 0);
 
     hash->good = false;
-    if (!NT_SUCCESS(status)) {
+    if (status < 0) {
         return aws_raise_error(AWS_ERROR_INVALID_ARGUMENT);
     }
 
diff --git a/source/bcrypt/bcrypt_hmac.c b/source/bcrypt/bcrypt_hmac.c
index a66e1065..4bce6f68 100644
--- a/source/bcrypt/bcrypt_hmac.c
+++ b/source/bcrypt/bcrypt_hmac.c
@@ -19,7 +19,6 @@
 
 #include <bcrypt.h>
 #include <winerror.h>
-#include <winternl.h>
 
 static BCRYPT_ALG_HANDLE s_sha256_hmac_alg = NULL;
 static size_t s_sha256_hmac_obj_len = 0;
@@ -87,7 +86,7 @@ struct aws_hmac *aws_sha256_hmac_default_new(struct aws_allocator *allocator, co
         (ULONG)secret->len,
         0);
 
-    if (!NT_SUCCESS(status)) {
+    if (status < 0) {
         aws_mem_release(allocator, bcrypt_hmac);
         return NULL;
     }
@@ -109,7 +108,7 @@ static int s_update(struct aws_hmac *hmac, const struct aws_byte_cursor *to_hash
     struct bcrypt_hmac_handle *ctx = hmac->impl;
     NTSTATUS status = BCryptHashData(ctx->hash_handle, to_hash->ptr, (ULONG)to_hash->len, 0);
 
-    if (!NT_SUCCESS(status)) {
+    if (status < 0) {
         hmac->good = false;
         return aws_raise_error(AWS_ERROR_INVALID_ARGUMENT);
     }
@@ -133,7 +132,7 @@ static int s_finalize(struct aws_hmac *hmac, struct aws_byte_buf *output) {
     NTSTATUS status = BCryptFinishHash(ctx->hash_handle, output->buffer + output->len, (ULONG)buffer_len, 0);
 
     hmac->good = false;
-    if (!NT_SUCCESS(status)) {
+    if (status < 0) {
         return aws_raise_error(AWS_ERROR_INVALID_ARGUMENT);
     }
 

From 69f99b1abffae1caf975bcead72ab91ece4b111c Mon Sep 17 00:00:00 2001
From: "Jonathan M. Henson" <henso@amazon.com>
Date: Thu, 14 Feb 2019 15:20:57 -0800
Subject: [PATCH 2/2] I have no idea why this worked before and doesn't now,
 but regardless this fixes it. becrypt doesn't like you passing it a buffer
 larger than it needs.

---
 source/bcrypt/bcrypt_hash.c | 10 +++++-----
 source/bcrypt/bcrypt_hmac.c |  8 ++++----
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/source/bcrypt/bcrypt_hash.c b/source/bcrypt/bcrypt_hash.c
index befcbe0b..5bc984a2 100644
--- a/source/bcrypt/bcrypt_hash.c
+++ b/source/bcrypt/bcrypt_hash.c
@@ -92,7 +92,7 @@ struct aws_hash *aws_sha256_default_new(struct aws_allocator *allocator) {
     NTSTATUS status = BCryptCreateHash(
         s_sha256_alg, &bcrypt_hash->hash_handle, bcrypt_hash->hash_obj, (ULONG)s_sha256_obj_len, NULL, 0, 0);
 
-    if (status < 0) {
+    if (((NTSTATUS)status) < 0) {
         aws_mem_release(allocator, bcrypt_hash);
         return NULL;
     }
@@ -121,7 +121,7 @@ struct aws_hash *aws_md5_default_new(struct aws_allocator *allocator) {
     NTSTATUS status =
         BCryptCreateHash(s_md5_alg, &bcrypt_hash->hash_handle, bcrypt_hash->hash_obj, (ULONG)s_md5_obj_len, NULL, 0, 0);
 
-    if (status < 0) {
+    if (((NTSTATUS)status) < 0) {
         aws_mem_release(allocator, bcrypt_hash);
         return NULL;
     }
@@ -143,7 +143,7 @@ static int s_update(struct aws_hash *hash, const struct aws_byte_cursor *to_hash
     struct bcrypt_hash_handle *ctx = hash->impl;
     NTSTATUS status = BCryptHashData(ctx->hash_handle, to_hash->ptr, (ULONG)to_hash->len, 0);
 
-    if (status < 0) {
+    if (((NTSTATUS)status) < 0) {
         hash->good = false;
         return aws_raise_error(AWS_ERROR_INVALID_ARGUMENT);
     }
@@ -164,10 +164,10 @@ static int s_finalize(struct aws_hash *hash, struct aws_byte_buf *output) {
         return aws_raise_error(AWS_ERROR_SHORT_BUFFER);
     }
 
-    NTSTATUS status = BCryptFinishHash(ctx->hash_handle, output->buffer + output->len, (ULONG)buffer_len, 0);
+    NTSTATUS status = BCryptFinishHash(ctx->hash_handle, output->buffer + output->len, (ULONG)hash->digest_size, 0);
 
     hash->good = false;
-    if (status < 0) {
+    if (((NTSTATUS)status) < 0) {
         return aws_raise_error(AWS_ERROR_INVALID_ARGUMENT);
     }
 
diff --git a/source/bcrypt/bcrypt_hmac.c b/source/bcrypt/bcrypt_hmac.c
index 4bce6f68..e68573f8 100644
--- a/source/bcrypt/bcrypt_hmac.c
+++ b/source/bcrypt/bcrypt_hmac.c
@@ -86,7 +86,7 @@ struct aws_hmac *aws_sha256_hmac_default_new(struct aws_allocator *allocator, co
         (ULONG)secret->len,
         0);
 
-    if (status < 0) {
+    if (((NTSTATUS)status) < 0) {
         aws_mem_release(allocator, bcrypt_hmac);
         return NULL;
     }
@@ -108,7 +108,7 @@ static int s_update(struct aws_hmac *hmac, const struct aws_byte_cursor *to_hash
     struct bcrypt_hmac_handle *ctx = hmac->impl;
     NTSTATUS status = BCryptHashData(ctx->hash_handle, to_hash->ptr, (ULONG)to_hash->len, 0);
 
-    if (status < 0) {
+    if (((NTSTATUS)status) < 0) {
         hmac->good = false;
         return aws_raise_error(AWS_ERROR_INVALID_ARGUMENT);
     }
@@ -129,10 +129,10 @@ static int s_finalize(struct aws_hmac *hmac, struct aws_byte_buf *output) {
         return aws_raise_error(AWS_ERROR_SHORT_BUFFER);
     }
 
-    NTSTATUS status = BCryptFinishHash(ctx->hash_handle, output->buffer + output->len, (ULONG)buffer_len, 0);
+    NTSTATUS status = BCryptFinishHash(ctx->hash_handle, output->buffer + output->len, (ULONG)hmac->digest_size, 0);
 
     hmac->good = false;
-    if (status < 0) {
+    if (((NTSTATUS)status) < 0) {
         return aws_raise_error(AWS_ERROR_INVALID_ARGUMENT);
     }