refactor: clean up other hex methods (#4664)

tests/testlib/s2n_hex_testlib.c

@@ -0,0 +1,66 @@
+/*
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License").
+ * You may not use this file except in compliance with the License.
+ * A copy of the License is located at
+ *
+ *  http://aws.amazon.com/apache2.0
+ *
+ * or in the "license" file accompanying this file. This file is distributed
+ * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
+ * express or implied. See the License for the specific language governing
+ * permissions and limitations under the License.
+ */
+
+#include <string.h>
+
+#include "error/s2n_errno.h"
+#include "stuffer/s2n_stuffer.h"
+#include "testlib/s2n_testlib.h"
+#include "utils/s2n_safety.h"
+
+S2N_RESULT s2n_stuffer_alloc_from_hex(struct s2n_stuffer *bytes_out, const char *hex_cstr)
+{
+    RESULT_ENSURE_REF(bytes_out);
+    RESULT_ENSURE_REF(hex_cstr);
+
+    DEFER_CLEANUP(struct s2n_blob hex = { 0 }, s2n_free);
+    /* Copying the hex into heap memory to handle the 'const' isn't exactly efficient,
+     * but for a testlib method it is sufficient.
+     */
+    RESULT_GUARD_POSIX(s2n_alloc(&hex, strlen(hex_cstr)));
+    RESULT_CHECKED_MEMCPY(hex.data, hex_cstr, hex.size);
+
+    RESULT_GUARD_POSIX(s2n_stuffer_alloc(bytes_out, strlen(hex_cstr) / 2));
+    RESULT_GUARD(s2n_stuffer_read_hex(bytes_out, &hex));
+    return S2N_RESULT_OK;
+}
+
+S2N_RESULT s2n_blob_alloc_from_hex_with_whitespace(struct s2n_blob *bytes_out, const char *hex_cstr)
+{
+    RESULT_ENSURE_REF(bytes_out);
+    RESULT_ENSURE_REF(hex_cstr);
+
+    DEFER_CLEANUP(struct s2n_stuffer hex_in = { 0 }, s2n_stuffer_free);
+    RESULT_GUARD_POSIX(s2n_stuffer_alloc(&hex_in, strlen(hex_cstr)));
+    for (size_t i = 0; i < strlen(hex_cstr); i++) {
+        if (hex_cstr[i] == ' ') {
+            continue;
+        }
+        RESULT_GUARD_POSIX(s2n_stuffer_write_uint8(&hex_in, hex_cstr[i]));
+    }
+    uint32_t hex_in_size = s2n_stuffer_data_available(&hex_in);
+    hex_in.blob.size = hex_in_size;
+
+    DEFER_CLEANUP(struct s2n_blob bytes_out_mem = { 0 }, s2n_free);
+    RESULT_GUARD_POSIX(s2n_alloc(&bytes_out_mem, hex_in_size / 2));
+
+    struct s2n_stuffer bytes_out_stuffer = { 0 };
+    RESULT_GUARD_POSIX(s2n_stuffer_init(&bytes_out_stuffer, &bytes_out_mem));
+    RESULT_GUARD(s2n_stuffer_read_hex(&bytes_out_stuffer, &hex_in.blob));
+
+    *bytes_out = bytes_out_mem;
+    ZERO_TO_DISABLE_DEFER_CLEANUP(bytes_out_mem);
+    return S2N_RESULT_OK;
+}

tests/testlib/s2n_resumption_testlib.c

@@ -21,7 +21,7 @@ S2N_RESULT s2n_resumption_test_ticket_key_setup(struct s2n_config *config)
      *# PRK  = 0x077709362c2e32df0ddc3f0dc47bba63
      *#        90b6c73bb50f9c3122ec844ad7c2b3e5 (32 octets)
      **/
-    S2N_RESULT_BLOB_FROM_HEX(ticket_key,
+    S2N_CHECKED_BLOB_FROM_HEX(ticket_key, RESULT_GUARD,
             "077709362c2e32df0ddc3f0dc47bba63"
             "90b6c73bb50f9c3122ec844ad7c2b3e5");
 

tests/testlib/s2n_testlib.h

@@ -23,8 +23,11 @@
 extern const struct s2n_ecc_preferences ecc_preferences_for_retry;
 extern const struct s2n_security_policy security_policy_test_tls13_retry;
 
-/* Stuffer methods for testing */
-int s2n_stuffer_alloc_ro_from_hex_string(struct s2n_stuffer *stuffer, const char *str);
+/* Hex methods for testing */
+S2N_RESULT s2n_stuffer_alloc_from_hex(struct s2n_stuffer *stuffer, const char *str);
+/* Unlike other hex methods, the hex string read here may include spaces.
+ * This is useful for hex strings with odd whitespace for readability purposes. */
+S2N_RESULT s2n_blob_alloc_from_hex_with_whitespace(struct s2n_blob *bytes_out, const char *str);
 
 void s2n_print_connection(struct s2n_connection *conn, const char *marker);
 
@@ -287,3 +290,8 @@ int s2n_kem_recv_ciphertext_fuzz_test(const uint8_t *buf, size_t len, struct s2n
 int s2n_kem_recv_ciphertext_fuzz_test_init(const char *kat_file_path, struct s2n_kem_params *kem_params);
 
 S2N_RESULT s2n_resumption_test_ticket_key_setup(struct s2n_config *config);
+
+#define S2N_BLOB_FROM_HEX(name, hex) S2N_CHECKED_BLOB_FROM_HEX(name, POSIX_GUARD_RESULT, hex)
+#define S2N_CHECKED_BLOB_FROM_HEX(name, check, hex)        \
+    DEFER_CLEANUP(struct s2n_blob name = { 0 }, s2n_free); \
+    check(s2n_blob_alloc_from_hex_with_whitespace(&name, (const char *) hex));

tests/unit/s2n_blob_test.c

@@ -104,60 +104,5 @@ int main(int argc, char **argv)
     EXPECT_EQUAL(memcmp(g8.data, world, sizeof(world)), 0);
     EXPECT_EQUAL(g8.size, sizeof(world));
 
-    /* Test s2n_hex_string_to_bytes */
-    {
-        uint8_t test_mem[10] = { 0 };
-
-        /* Test with output buffer too small */
-        {
-            const uint8_t long_input_str[] = "abcdef123456";
-            struct s2n_blob output_blob = { 0 };
-
-            /* Succeeds with output blob of the right size */
-            EXPECT_SUCCESS(s2n_blob_init(&output_blob, test_mem, sizeof(long_input_str) / 2));
-            EXPECT_SUCCESS(s2n_hex_string_to_bytes(long_input_str, &output_blob));
-
-            /* Fails with output blob that's too small */
-            EXPECT_SUCCESS(s2n_blob_init(&output_blob, test_mem, 1));
-            EXPECT_FAILURE_WITH_ERRNO(s2n_hex_string_to_bytes(long_input_str, &output_blob),
-                    S2N_ERR_INVALID_HEX);
-        };
-
-        /* Test with invalid characters */
-        {
-            struct s2n_blob output_blob = { 0 };
-            EXPECT_SUCCESS(s2n_blob_init(&output_blob, test_mem, sizeof(test_mem)));
-
-            EXPECT_SUCCESS(s2n_hex_string_to_bytes((const uint8_t *) "12", &output_blob));
-            EXPECT_FAILURE_WITH_ERRNO(s2n_hex_string_to_bytes((const uint8_t *) "#2", &output_blob),
-                    S2N_ERR_INVALID_HEX);
-            EXPECT_FAILURE_WITH_ERRNO(s2n_hex_string_to_bytes((const uint8_t *) "1#", &output_blob),
-                    S2N_ERR_INVALID_HEX);
-        };
-
-        struct {
-            const char *input;
-            size_t expected_output_size;
-            uint8_t expected_output[sizeof(test_mem)];
-        } test_cases[] = {
-            { .input = "abcd", .expected_output = { 171, 205 }, .expected_output_size = 2 },
-            { .input = "ab cd", .expected_output = { 171, 205 }, .expected_output_size = 2 },
-            { .input = " abcd", .expected_output = { 171, 205 }, .expected_output_size = 2 },
-            { .input = "abcd ", .expected_output = { 171, 205 }, .expected_output_size = 2 },
-            { .input = "  ab     cd  ", .expected_output = { 171, 205 }, .expected_output_size = 2 },
-            { .input = "", .expected_output = { 0 }, .expected_output_size = 0 },
-            { .input = " ", .expected_output = { 0 }, .expected_output_size = 0 },
-            { .input = "12 34 56 78 90", .expected_output = { 18, 52, 86, 120, 144 }, .expected_output_size = 5 },
-            { .input = "1234567890", .expected_output = { 18, 52, 86, 120, 144 }, .expected_output_size = 5 },
-        };
-        for (size_t i = 0; i < s2n_array_len(test_cases); i++) {
-            struct s2n_blob actual_output = { 0 };
-            EXPECT_SUCCESS(s2n_blob_init(&actual_output, test_mem, sizeof(test_mem)));
-
-            EXPECT_SUCCESS(s2n_hex_string_to_bytes((const uint8_t *) test_cases[i].input, &actual_output));
-            EXPECT_BYTEARRAY_EQUAL(actual_output.data, test_cases[i].expected_output, test_cases[i].expected_output_size);
-        }
-    };
-
     END_TEST();
 }

tests/unit/s2n_client_hello_retry_test.c

@@ -284,7 +284,7 @@ int main(int argc, char **argv)
                     /* Server responds with HRR indicating x25519+Kyber as choice for negotiation;
                      * the last 6 bytes (0033 0002 2F39) are the key share extension with x25519+Kyber */
                     DEFER_CLEANUP(struct s2n_stuffer hrr = { 0 }, s2n_stuffer_free);
-                    EXPECT_SUCCESS(s2n_stuffer_alloc_ro_from_hex_string(&hrr,
+                    EXPECT_OK(s2n_stuffer_alloc_from_hex(&hrr,
                             "0303CF21AD74E59A6111BE1D8C021E65B891C2A211167ABB8C5E079E09E2C8A8339C00130200000C002B00020304003300022F39"));
 
                     EXPECT_SUCCESS(s2n_stuffer_copy(&hrr, &conn->handshake.io, s2n_stuffer_data_available(&hrr)));

tests/unit/s2n_client_key_share_extension_pq_test.c

@@ -435,7 +435,7 @@ int main()
                 DEFER_CLEANUP(struct s2n_stuffer key_share_extension = { 0 }, s2n_stuffer_free);
                 /* The key shares in this extension are fake - that's OK, the server should ignore the
                  * KEM group ID and skip the share. */
-                EXPECT_SUCCESS(s2n_stuffer_alloc_ro_from_hex_string(&key_share_extension,
+                EXPECT_OK(s2n_stuffer_alloc_from_hex(&key_share_extension,
                         /* Shares size: 12 bytes */
                         "000C"
                         /* IANA ID for secp256r1_sikep434r3 */

tests/unit/s2n_drbg_test.c

@@ -282,9 +282,9 @@ int check_drgb_version(s2n_drbg_mode mode, int (*generator)(void *, uint32_t), i
     DEFER_CLEANUP(struct s2n_stuffer personalization = { 0 }, s2n_stuffer_free);
     DEFER_CLEANUP(struct s2n_stuffer returned_bits = { 0 }, s2n_stuffer_free);
     DEFER_CLEANUP(struct s2n_stuffer reference_values = { 0 }, s2n_stuffer_free);
-    POSIX_GUARD(s2n_stuffer_alloc_ro_from_hex_string(&personalization, personalization_hex));
-    POSIX_GUARD(s2n_stuffer_alloc_ro_from_hex_string(&returned_bits, returned_bits_hex));
-    POSIX_GUARD(s2n_stuffer_alloc_ro_from_hex_string(&reference_values, reference_values_hex));
+    POSIX_GUARD_RESULT(s2n_stuffer_alloc_from_hex(&personalization, personalization_hex));
+    POSIX_GUARD_RESULT(s2n_stuffer_alloc_from_hex(&returned_bits, returned_bits_hex));
+    POSIX_GUARD_RESULT(s2n_stuffer_alloc_from_hex(&reference_values, reference_values_hex));
 
     for (int i = 0; i < 14; i++) {
         uint8_t ps[S2N_DRBG_MAX_SEED_SIZE] = { 0 };
@@ -428,7 +428,7 @@ int main(int argc, char **argv)
     EXPECT_OK(s2n_drbg_wipe(&aes256_pr_drbg));
 
     /* Check everything against the NIST AES 128 vectors with prediction resistance */
-    EXPECT_SUCCESS(s2n_stuffer_alloc_ro_from_hex_string(&nist_aes128_reference_entropy, nist_aes128_reference_entropy_hex));
+    EXPECT_OK(s2n_stuffer_alloc_from_hex(&nist_aes128_reference_entropy, nist_aes128_reference_entropy_hex));
     EXPECT_SUCCESS(check_drgb_version(S2N_AES_128_CTR_NO_DF_PR, &nist_fake_128_entropy_data, 32, nist_aes128_reference_personalization_strings_hex,
             nist_aes128_reference_values_hex, nist_aes128_reference_returned_bits_hex));
 
@@ -438,8 +438,8 @@ int main(int argc, char **argv)
 
     /* Combine nist_aes256_reference_entropy_hex_part1 and nist_aes256_reference_entropy_hex_part2 to avoid C99
      * string length limit. */
-    EXPECT_SUCCESS(s2n_stuffer_alloc_ro_from_hex_string(&temp1, nist_aes256_reference_entropy_hex_part1));
-    EXPECT_SUCCESS(s2n_stuffer_alloc_ro_from_hex_string(&temp2, nist_aes256_reference_entropy_hex_part2));
+    EXPECT_OK(s2n_stuffer_alloc_from_hex(&temp1, nist_aes256_reference_entropy_hex_part1));
+    EXPECT_OK(s2n_stuffer_alloc_from_hex(&temp2, nist_aes256_reference_entropy_hex_part2));
     EXPECT_SUCCESS(s2n_stuffer_alloc(&nist_aes256_reference_entropy, temp1.write_cursor + temp2.write_cursor));
     EXPECT_SUCCESS(s2n_stuffer_copy(&temp1, &nist_aes256_reference_entropy, temp1.write_cursor));
     EXPECT_SUCCESS(s2n_stuffer_copy(&temp2, &nist_aes256_reference_entropy, temp2.write_cursor));

tests/unit/s2n_hash_all_algs_test.c

@@ -145,10 +145,7 @@ int main(int argc, char **argv)
         uint8_t actual_result_data[OUTPUT_DATA_SIZE] = { 0 };
         EXPECT_SUCCESS(s2n_blob_init(&actual_result, actual_result_data, OUTPUT_DATA_SIZE));
 
-        struct s2n_blob expected_result = { 0 };
-        uint8_t expected_result_data[OUTPUT_DATA_SIZE] = { 0 };
-        EXPECT_SUCCESS(s2n_blob_init(&expected_result, expected_result_data, OUTPUT_DATA_SIZE));
-        EXPECT_SUCCESS(s2n_hex_string_to_bytes((const uint8_t *) expected_result_hex[hash_alg], &expected_result));
+        S2N_CHECKED_BLOB_FROM_HEX(expected_result, EXPECT_OK, expected_result_hex[hash_alg]);
 
         EXPECT_OK(s2n_hash_test(hash_alg, &actual_result));
         EXPECT_EQUAL(expected_result.size, actual_result.size);

tests/unit/s2n_override_openssl_random_test.c

@@ -98,7 +98,7 @@ int main(int argc, char **argv)
     EXPECT_SUCCESS(s2n_pkcs3_to_dh_params(&dh_params, &b));
 
     /* Set s2n_random to use a new fixed DRBG to test that other known answer tests with s2n_random and OpenSSL are deterministic */
-    EXPECT_SUCCESS(s2n_stuffer_alloc_ro_from_hex_string(&test_entropy, reference_entropy_hex));
+    EXPECT_OK(s2n_stuffer_alloc_from_hex(&test_entropy, reference_entropy_hex));
     struct s2n_drbg drbg;
     EXPECT_SUCCESS(s2n_rand_set_callbacks(s2n_entropy_init_cleanup, s2n_entropy_init_cleanup, s2n_entropy_generator, s2n_entropy_generator));
 
@@ -119,7 +119,7 @@ int main(int argc, char **argv)
     EXPECT_EQUAL(bytes_used, 352);
 
     DEFER_CLEANUP(struct s2n_stuffer dhe_key_stuffer = { 0 }, s2n_stuffer_free);
-    EXPECT_SUCCESS(s2n_stuffer_alloc_ro_from_hex_string(&dhe_key_stuffer, expected_dhe_key_hex));
+    EXPECT_OK(s2n_stuffer_alloc_from_hex(&dhe_key_stuffer, expected_dhe_key_hex));
     EXPECT_EQUAL(dhe_key_stuffer.blob.size, 519);
 
     EXPECT_EQUAL(out_blob.size, 519);

tests/unit/s2n_rsa_pss_rsae_test.c

@@ -318,8 +318,8 @@ int main(int argc, char **argv)
         RSA_free(rsa_key_copy);
 
         struct s2n_stuffer message_stuffer = { 0 }, signature_stuffer = { 0 };
-        s2n_stuffer_alloc_ro_from_hex_string(&message_stuffer, test_case.message);
-        s2n_stuffer_alloc_ro_from_hex_string(&signature_stuffer, test_case.signature);
+        POSIX_GUARD_RESULT(s2n_stuffer_alloc_from_hex(&message_stuffer, test_case.message));
+        POSIX_GUARD_RESULT(s2n_stuffer_alloc_from_hex(&signature_stuffer, test_case.signature));
         hash_state_for_alg_new(verify_hash, test_case.hash_alg, message_stuffer.blob);
 
         int ret_val = rsa_public_key.verify(&rsa_public_key, S2N_SIGNATURE_RSA_PSS_RSAE,