From 31d6041db89c30bc4a5df313bce6d89a87ac3499 Mon Sep 17 00:00:00 2001 From: Lindsay Stewart Date: Tue, 23 Jul 2024 17:11:32 -0700 Subject: [PATCH 1/2] refactor: clean up other hex methods --- .../proofs/s2n_hex_string_to_bytes/Makefile | 48 ------------- .../s2n_hex_string_to_bytes/cbmc-proof.txt | 1 - .../s2n_hex_string_to_bytes_harness.c | 53 --------------- tests/testlib/s2n_hex_testlib.c | 68 +++++++++++++++++++ tests/testlib/s2n_resumption_testlib.c | 2 +- tests/testlib/s2n_stuffer_testlib.c | 35 ---------- tests/testlib/s2n_testlib.h | 10 ++- tests/unit/s2n_blob_test.c | 55 --------------- tests/unit/s2n_client_hello_retry_test.c | 2 +- .../s2n_client_key_share_extension_pq_test.c | 2 +- tests/unit/s2n_drbg_test.c | 12 ++-- tests/unit/s2n_hash_all_algs_test.c | 5 +- tests/unit/s2n_override_openssl_random_test.c | 4 +- tests/unit/s2n_rsa_pss_rsae_test.c | 4 +- tests/unit/s2n_self_talk_key_log_test.c | 4 +- .../s2n_server_key_share_extension_test.c | 14 ++-- tests/unit/s2n_testlib_test.c | 25 +++++++ tests/unit/s2n_tls13_server_cert_test.c | 7 +- tls/s2n_key_log.c | 38 +++++------ tls/s2n_key_log.h | 1 - utils/s2n_blob.c | 56 --------------- utils/s2n_blob.h | 13 ---- 22 files changed, 142 insertions(+), 317 deletions(-) delete mode 100644 tests/cbmc/proofs/s2n_hex_string_to_bytes/Makefile delete mode 100644 tests/cbmc/proofs/s2n_hex_string_to_bytes/cbmc-proof.txt delete mode 100644 tests/cbmc/proofs/s2n_hex_string_to_bytes/s2n_hex_string_to_bytes_harness.c create mode 100644 tests/testlib/s2n_hex_testlib.c delete mode 100644 tests/testlib/s2n_stuffer_testlib.c diff --git a/tests/cbmc/proofs/s2n_hex_string_to_bytes/Makefile b/tests/cbmc/proofs/s2n_hex_string_to_bytes/Makefile deleted file mode 100644 index 0fe32ed3e37..00000000000 --- a/tests/cbmc/proofs/s2n_hex_string_to_bytes/Makefile +++ /dev/null @@ -1,48 +0,0 @@ -# -# -# Licensed under the Apache License, Version 2.0 (the "License"). You may not use -# this file except in compliance with the License. A copy of the License is -# located at -# -# http://aws.amazon.com/apache2.0/ -# -# or in the "license" file accompanying this file. This file is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or -# implied. See the License for the specific language governing permissions and -# limitations under the License. - -# Enough to get full coverage with 10 seconds of runtime. -MAX_STRING_LEN = 10 -DEFINES += -DMAX_STRING_LEN=$(MAX_STRING_LEN) - -CBMCFLAGS += - -PROOF_UID = s2n_hex_string_to_bytes -HARNESS_ENTRY = $(PROOF_UID)_harness -HARNESS_FILE = $(HARNESS_ENTRY).c - -PROOF_SOURCES += $(PROOFDIR)/$(HARNESS_FILE) -PROOF_SOURCES += $(PROOF_SOURCE)/cbmc_utils.c -PROOF_SOURCES += $(PROOF_SOURCE)/make_common_datastructures.c - -PROJECT_SOURCES += $(SRCDIR)/utils/s2n_blob.c -PROJECT_SOURCES += $(SRCDIR)/utils/s2n_safety.c -PROJECT_SOURCES += $(SRCDIR)/error/s2n_errno.c -PROJECT_SOURCES += $(SRCDIR)/utils/s2n_result.c - -# We abstract this function because manual inspection demonstrates it is unreachable. -REMOVE_FUNCTION_BODY += s2n_calculate_stacktrace - -UNWINDSET += strlen.0:$(shell echo $$((1 + $(MAX_STRING_LEN)))) -UNWINDSET += s2n_hex_string_to_bytes_harness.0:$(shell echo $$((1 + $(MAX_STRING_LEN)))) -UNWINDSET += s2n_hex_string_to_bytes.2:$(shell echo $$((1 + $(MAX_STRING_LEN)))) -UNWINDSET += s2n_hex_string_to_bytes.3:$(shell echo $$((1 + $(MAX_STRING_LEN)))) -UNWINDSET += s2n_hex_string_to_bytes.6:$(shell echo $$((1 + $(MAX_STRING_LEN)))) -UNWINDSET += s2n_hex_string_to_bytes.9:$(shell echo $$((1 + $(MAX_STRING_LEN)))) -UNWINDSET += s2n_hex_string_to_bytes.12:$(shell echo $$((1 + $(MAX_STRING_LEN)))) -UNWINDSET += s2n_hex_string_to_bytes.13:$(shell echo $$((1 + $(MAX_STRING_LEN)))) -UNWINDSET += s2n_hex_string_to_bytes.15:$(shell echo $$((1 + $(MAX_STRING_LEN)))) -UNWINDSET += s2n_hex_string_to_bytes.16:$(shell echo $$((1 + $(MAX_STRING_LEN)))) -UNWINDSET += s2n_hex_string_to_bytes.17:$(shell echo $$((1 + $(MAX_STRING_LEN)))) - -include ../Makefile.common diff --git a/tests/cbmc/proofs/s2n_hex_string_to_bytes/cbmc-proof.txt b/tests/cbmc/proofs/s2n_hex_string_to_bytes/cbmc-proof.txt deleted file mode 100644 index 6ed46f1258c..00000000000 --- a/tests/cbmc/proofs/s2n_hex_string_to_bytes/cbmc-proof.txt +++ /dev/null @@ -1 +0,0 @@ -# This file marks this directory as containing a CBMC proof. diff --git a/tests/cbmc/proofs/s2n_hex_string_to_bytes/s2n_hex_string_to_bytes_harness.c b/tests/cbmc/proofs/s2n_hex_string_to_bytes/s2n_hex_string_to_bytes_harness.c deleted file mode 100644 index 6a144e5bbbe..00000000000 --- a/tests/cbmc/proofs/s2n_hex_string_to_bytes/s2n_hex_string_to_bytes_harness.c +++ /dev/null @@ -1,53 +0,0 @@ -/* - * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. - * - * Licensed under the Apache License, Version 2.0 (the "License"). - * You may not use this file except in compliance with the License. - * A copy of the License is located at - * - * http://aws.amazon.com/apache2.0 - * - * or in the "license" file accompanying this file. This file is distributed - * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either - * express or implied. See the License for the specific language governing - * permissions and limitations under the License. - */ - -#include -#include -#include - -#include "error/s2n_errno.h" -#include "utils/s2n_blob.h" - -#include - -void s2n_hex_string_to_bytes_harness() -{ - /* Non-deterministic inputs. */ - struct s2n_blob *blob = cbmc_allocate_s2n_blob(); - __CPROVER_assume(s2n_result_is_ok(s2n_blob_validate(blob))); - char *str = ensure_c_str_is_allocated(MAX_STRING_LEN); - - /* Save previous state. */ - struct s2n_blob old_blob = *blob; - struct store_byte_from_buffer old_byte_from_blob; - save_byte_from_blob(blob, &old_byte_from_blob); - - /* Operation under verification. */ - if (s2n_hex_string_to_bytes(str, blob) == S2N_SUCCESS) { - size_t strLength = 0; - for (size_t i = 0; i < strlen(str); i++) { - if (str[i] != ' ') { - strLength++; - } - } - assert(strLength % 2 == 0); - assert(blob->size == (strLength / 2)); - } else { - assert(blob->allocated == old_blob.allocated); - assert(blob->growable == old_blob.growable); - assert(blob->size == old_blob.size); - } - assert(s2n_result_is_ok(s2n_blob_validate(blob))); -} diff --git a/tests/testlib/s2n_hex_testlib.c b/tests/testlib/s2n_hex_testlib.c new file mode 100644 index 00000000000..3f6ce8f9260 --- /dev/null +++ b/tests/testlib/s2n_hex_testlib.c @@ -0,0 +1,68 @@ +/* + * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"). + * You may not use this file except in compliance with the License. + * A copy of the License is located at + * + * http://aws.amazon.com/apache2.0 + * + * or in the "license" file accompanying this file. This file is distributed + * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either + * express or implied. See the License for the specific language governing + * permissions and limitations under the License. + */ + +#include + +#include "error/s2n_errno.h" +#include "stuffer/s2n_stuffer.h" +#include "testlib/s2n_testlib.h" +#include "utils/s2n_safety.h" + +S2N_RESULT s2n_stuffer_alloc_from_hex(struct s2n_stuffer *bytes_out, const char *hex_cstr) +{ + RESULT_ENSURE_REF(bytes_out); + RESULT_ENSURE_REF(hex_cstr); + + DEFER_CLEANUP(struct s2n_blob hex = { 0 }, s2n_free); + /* Copying the hex into heap memory to handle the 'const' isn't exactly efficient, + * but for a testlib method it is sufficient. + */ + RESULT_GUARD_POSIX(s2n_alloc(&hex, strlen(hex_cstr))); + RESULT_CHECKED_MEMCPY(hex.data, hex_cstr, hex.size); + + RESULT_GUARD_POSIX(s2n_stuffer_alloc(bytes_out, strlen(hex_cstr) / 2)); + RESULT_GUARD(s2n_stuffer_read_hex(bytes_out, &hex)); + return S2N_RESULT_OK; +} + +/* Unlike other hex methods, the hex string read here may include spaces. + * This is useful for hex strings with odd whitespace for readability purposes. */ +S2N_RESULT s2n_blob_alloc_from_hex_with_whitespace(struct s2n_blob *bytes_out, const char *hex_cstr) +{ + RESULT_ENSURE_REF(bytes_out); + RESULT_ENSURE_REF(hex_cstr); + + DEFER_CLEANUP(struct s2n_stuffer hex_in = { 0 }, s2n_stuffer_free); + RESULT_GUARD_POSIX(s2n_stuffer_alloc(&hex_in, strlen(hex_cstr))); + for (size_t i = 0; i < strlen(hex_cstr); i++) { + if (hex_cstr[i] == ' ') { + continue; + } + RESULT_GUARD_POSIX(s2n_stuffer_write_uint8(&hex_in, hex_cstr[i])); + } + uint32_t hex_in_size = s2n_stuffer_data_available(&hex_in); + hex_in.blob.size = hex_in_size; + + DEFER_CLEANUP(struct s2n_blob bytes_out_mem = { 0 }, s2n_free); + RESULT_GUARD_POSIX(s2n_alloc(&bytes_out_mem, hex_in_size / 2)); + + struct s2n_stuffer bytes_out_stuffer = { 0 }; + RESULT_GUARD_POSIX(s2n_stuffer_init(&bytes_out_stuffer, &bytes_out_mem)); + RESULT_GUARD(s2n_stuffer_read_hex(&bytes_out_stuffer, &hex_in.blob)); + + *bytes_out = bytes_out_mem; + ZERO_TO_DISABLE_DEFER_CLEANUP(bytes_out_mem); + return S2N_RESULT_OK; +} diff --git a/tests/testlib/s2n_resumption_testlib.c b/tests/testlib/s2n_resumption_testlib.c index 561f231a85c..c219baa8658 100644 --- a/tests/testlib/s2n_resumption_testlib.c +++ b/tests/testlib/s2n_resumption_testlib.c @@ -21,7 +21,7 @@ S2N_RESULT s2n_resumption_test_ticket_key_setup(struct s2n_config *config) *# PRK = 0x077709362c2e32df0ddc3f0dc47bba63 *# 90b6c73bb50f9c3122ec844ad7c2b3e5 (32 octets) **/ - S2N_RESULT_BLOB_FROM_HEX(ticket_key, + S2N_CHECKED_BLOB_FROM_HEX(ticket_key, RESULT_GUARD, "077709362c2e32df0ddc3f0dc47bba63" "90b6c73bb50f9c3122ec844ad7c2b3e5"); diff --git a/tests/testlib/s2n_stuffer_testlib.c b/tests/testlib/s2n_stuffer_testlib.c deleted file mode 100644 index 60e911fb854..00000000000 --- a/tests/testlib/s2n_stuffer_testlib.c +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. - * - * Licensed under the Apache License, Version 2.0 (the "License"). - * You may not use this file except in compliance with the License. - * A copy of the License is located at - * - * http://aws.amazon.com/apache2.0 - * - * or in the "license" file accompanying this file. This file is distributed - * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either - * express or implied. See the License for the specific language governing - * permissions and limitations under the License. - */ - -#include - -#include "error/s2n_errno.h" -#include "stuffer/s2n_stuffer.h" -#include "testlib/s2n_testlib.h" -#include "utils/s2n_safety.h" - -int s2n_stuffer_alloc_ro_from_hex_string(struct s2n_stuffer *stuffer, const char *str) -{ - DEFER_CLEANUP(struct s2n_blob hex = { 0 }, s2n_free); - /* Copying the hex into heap memory to handle the 'const' isn't exactly efficient, - * but for a testlib method it is sufficient. - */ - POSIX_GUARD(s2n_alloc(&hex, strlen(str))); - POSIX_CHECKED_MEMCPY(hex.data, str, hex.size); - - POSIX_GUARD(s2n_stuffer_alloc(stuffer, strlen(str) / 2)); - POSIX_GUARD_RESULT(s2n_stuffer_read_hex(stuffer, &hex)); - return S2N_SUCCESS; -} diff --git a/tests/testlib/s2n_testlib.h b/tests/testlib/s2n_testlib.h index eea219b71dc..51e91d8a031 100644 --- a/tests/testlib/s2n_testlib.h +++ b/tests/testlib/s2n_testlib.h @@ -23,8 +23,9 @@ extern const struct s2n_ecc_preferences ecc_preferences_for_retry; extern const struct s2n_security_policy security_policy_test_tls13_retry; -/* Stuffer methods for testing */ -int s2n_stuffer_alloc_ro_from_hex_string(struct s2n_stuffer *stuffer, const char *str); +/* Hex methods for testing */ +S2N_RESULT s2n_stuffer_alloc_from_hex(struct s2n_stuffer *stuffer, const char *str); +S2N_RESULT s2n_blob_alloc_from_hex_with_whitespace(struct s2n_blob *bytes_out, const char *str); void s2n_print_connection(struct s2n_connection *conn, const char *marker); @@ -287,3 +288,8 @@ int s2n_kem_recv_ciphertext_fuzz_test(const uint8_t *buf, size_t len, struct s2n int s2n_kem_recv_ciphertext_fuzz_test_init(const char *kat_file_path, struct s2n_kem_params *kem_params); S2N_RESULT s2n_resumption_test_ticket_key_setup(struct s2n_config *config); + +#define S2N_BLOB_FROM_HEX(name, hex) S2N_CHECKED_BLOB_FROM_HEX(name, POSIX_GUARD_RESULT, hex) +#define S2N_CHECKED_BLOB_FROM_HEX(name, check, hex) \ + DEFER_CLEANUP(struct s2n_blob name = { 0 }, s2n_free); \ + check(s2n_blob_alloc_from_hex_with_whitespace(&name, (const char *) hex)); diff --git a/tests/unit/s2n_blob_test.c b/tests/unit/s2n_blob_test.c index 48aed4ea74f..5db247d4b32 100644 --- a/tests/unit/s2n_blob_test.c +++ b/tests/unit/s2n_blob_test.c @@ -104,60 +104,5 @@ int main(int argc, char **argv) EXPECT_EQUAL(memcmp(g8.data, world, sizeof(world)), 0); EXPECT_EQUAL(g8.size, sizeof(world)); - /* Test s2n_hex_string_to_bytes */ - { - uint8_t test_mem[10] = { 0 }; - - /* Test with output buffer too small */ - { - const uint8_t long_input_str[] = "abcdef123456"; - struct s2n_blob output_blob = { 0 }; - - /* Succeeds with output blob of the right size */ - EXPECT_SUCCESS(s2n_blob_init(&output_blob, test_mem, sizeof(long_input_str) / 2)); - EXPECT_SUCCESS(s2n_hex_string_to_bytes(long_input_str, &output_blob)); - - /* Fails with output blob that's too small */ - EXPECT_SUCCESS(s2n_blob_init(&output_blob, test_mem, 1)); - EXPECT_FAILURE_WITH_ERRNO(s2n_hex_string_to_bytes(long_input_str, &output_blob), - S2N_ERR_INVALID_HEX); - }; - - /* Test with invalid characters */ - { - struct s2n_blob output_blob = { 0 }; - EXPECT_SUCCESS(s2n_blob_init(&output_blob, test_mem, sizeof(test_mem))); - - EXPECT_SUCCESS(s2n_hex_string_to_bytes((const uint8_t *) "12", &output_blob)); - EXPECT_FAILURE_WITH_ERRNO(s2n_hex_string_to_bytes((const uint8_t *) "#2", &output_blob), - S2N_ERR_INVALID_HEX); - EXPECT_FAILURE_WITH_ERRNO(s2n_hex_string_to_bytes((const uint8_t *) "1#", &output_blob), - S2N_ERR_INVALID_HEX); - }; - - struct { - const char *input; - size_t expected_output_size; - uint8_t expected_output[sizeof(test_mem)]; - } test_cases[] = { - { .input = "abcd", .expected_output = { 171, 205 }, .expected_output_size = 2 }, - { .input = "ab cd", .expected_output = { 171, 205 }, .expected_output_size = 2 }, - { .input = " abcd", .expected_output = { 171, 205 }, .expected_output_size = 2 }, - { .input = "abcd ", .expected_output = { 171, 205 }, .expected_output_size = 2 }, - { .input = " ab cd ", .expected_output = { 171, 205 }, .expected_output_size = 2 }, - { .input = "", .expected_output = { 0 }, .expected_output_size = 0 }, - { .input = " ", .expected_output = { 0 }, .expected_output_size = 0 }, - { .input = "12 34 56 78 90", .expected_output = { 18, 52, 86, 120, 144 }, .expected_output_size = 5 }, - { .input = "1234567890", .expected_output = { 18, 52, 86, 120, 144 }, .expected_output_size = 5 }, - }; - for (size_t i = 0; i < s2n_array_len(test_cases); i++) { - struct s2n_blob actual_output = { 0 }; - EXPECT_SUCCESS(s2n_blob_init(&actual_output, test_mem, sizeof(test_mem))); - - EXPECT_SUCCESS(s2n_hex_string_to_bytes((const uint8_t *) test_cases[i].input, &actual_output)); - EXPECT_BYTEARRAY_EQUAL(actual_output.data, test_cases[i].expected_output, test_cases[i].expected_output_size); - } - }; - END_TEST(); } diff --git a/tests/unit/s2n_client_hello_retry_test.c b/tests/unit/s2n_client_hello_retry_test.c index 643e6d12bf7..222bd59c33a 100644 --- a/tests/unit/s2n_client_hello_retry_test.c +++ b/tests/unit/s2n_client_hello_retry_test.c @@ -284,7 +284,7 @@ int main(int argc, char **argv) /* Server responds with HRR indicating x25519+Kyber as choice for negotiation; * the last 6 bytes (0033 0002 2F39) are the key share extension with x25519+Kyber */ DEFER_CLEANUP(struct s2n_stuffer hrr = { 0 }, s2n_stuffer_free); - EXPECT_SUCCESS(s2n_stuffer_alloc_ro_from_hex_string(&hrr, + EXPECT_OK(s2n_stuffer_alloc_from_hex(&hrr, "0303CF21AD74E59A6111BE1D8C021E65B891C2A211167ABB8C5E079E09E2C8A8339C00130200000C002B00020304003300022F39")); EXPECT_SUCCESS(s2n_stuffer_copy(&hrr, &conn->handshake.io, s2n_stuffer_data_available(&hrr))); diff --git a/tests/unit/s2n_client_key_share_extension_pq_test.c b/tests/unit/s2n_client_key_share_extension_pq_test.c index 0308cde026a..6d397e3bfaf 100644 --- a/tests/unit/s2n_client_key_share_extension_pq_test.c +++ b/tests/unit/s2n_client_key_share_extension_pq_test.c @@ -435,7 +435,7 @@ int main() DEFER_CLEANUP(struct s2n_stuffer key_share_extension = { 0 }, s2n_stuffer_free); /* The key shares in this extension are fake - that's OK, the server should ignore the * KEM group ID and skip the share. */ - EXPECT_SUCCESS(s2n_stuffer_alloc_ro_from_hex_string(&key_share_extension, + EXPECT_OK(s2n_stuffer_alloc_from_hex(&key_share_extension, /* Shares size: 12 bytes */ "000C" /* IANA ID for secp256r1_sikep434r3 */ diff --git a/tests/unit/s2n_drbg_test.c b/tests/unit/s2n_drbg_test.c index a90715f933b..4595ff79b6f 100644 --- a/tests/unit/s2n_drbg_test.c +++ b/tests/unit/s2n_drbg_test.c @@ -282,9 +282,9 @@ int check_drgb_version(s2n_drbg_mode mode, int (*generator)(void *, uint32_t), i DEFER_CLEANUP(struct s2n_stuffer personalization = { 0 }, s2n_stuffer_free); DEFER_CLEANUP(struct s2n_stuffer returned_bits = { 0 }, s2n_stuffer_free); DEFER_CLEANUP(struct s2n_stuffer reference_values = { 0 }, s2n_stuffer_free); - POSIX_GUARD(s2n_stuffer_alloc_ro_from_hex_string(&personalization, personalization_hex)); - POSIX_GUARD(s2n_stuffer_alloc_ro_from_hex_string(&returned_bits, returned_bits_hex)); - POSIX_GUARD(s2n_stuffer_alloc_ro_from_hex_string(&reference_values, reference_values_hex)); + POSIX_GUARD_RESULT(s2n_stuffer_alloc_from_hex(&personalization, personalization_hex)); + POSIX_GUARD_RESULT(s2n_stuffer_alloc_from_hex(&returned_bits, returned_bits_hex)); + POSIX_GUARD_RESULT(s2n_stuffer_alloc_from_hex(&reference_values, reference_values_hex)); for (int i = 0; i < 14; i++) { uint8_t ps[S2N_DRBG_MAX_SEED_SIZE] = { 0 }; @@ -428,7 +428,7 @@ int main(int argc, char **argv) EXPECT_OK(s2n_drbg_wipe(&aes256_pr_drbg)); /* Check everything against the NIST AES 128 vectors with prediction resistance */ - EXPECT_SUCCESS(s2n_stuffer_alloc_ro_from_hex_string(&nist_aes128_reference_entropy, nist_aes128_reference_entropy_hex)); + EXPECT_OK(s2n_stuffer_alloc_from_hex(&nist_aes128_reference_entropy, nist_aes128_reference_entropy_hex)); EXPECT_SUCCESS(check_drgb_version(S2N_AES_128_CTR_NO_DF_PR, &nist_fake_128_entropy_data, 32, nist_aes128_reference_personalization_strings_hex, nist_aes128_reference_values_hex, nist_aes128_reference_returned_bits_hex)); @@ -438,8 +438,8 @@ int main(int argc, char **argv) /* Combine nist_aes256_reference_entropy_hex_part1 and nist_aes256_reference_entropy_hex_part2 to avoid C99 * string length limit. */ - EXPECT_SUCCESS(s2n_stuffer_alloc_ro_from_hex_string(&temp1, nist_aes256_reference_entropy_hex_part1)); - EXPECT_SUCCESS(s2n_stuffer_alloc_ro_from_hex_string(&temp2, nist_aes256_reference_entropy_hex_part2)); + EXPECT_OK(s2n_stuffer_alloc_from_hex(&temp1, nist_aes256_reference_entropy_hex_part1)); + EXPECT_OK(s2n_stuffer_alloc_from_hex(&temp2, nist_aes256_reference_entropy_hex_part2)); EXPECT_SUCCESS(s2n_stuffer_alloc(&nist_aes256_reference_entropy, temp1.write_cursor + temp2.write_cursor)); EXPECT_SUCCESS(s2n_stuffer_copy(&temp1, &nist_aes256_reference_entropy, temp1.write_cursor)); EXPECT_SUCCESS(s2n_stuffer_copy(&temp2, &nist_aes256_reference_entropy, temp2.write_cursor)); diff --git a/tests/unit/s2n_hash_all_algs_test.c b/tests/unit/s2n_hash_all_algs_test.c index af4dc4963ff..f38ae72002e 100644 --- a/tests/unit/s2n_hash_all_algs_test.c +++ b/tests/unit/s2n_hash_all_algs_test.c @@ -145,10 +145,7 @@ int main(int argc, char **argv) uint8_t actual_result_data[OUTPUT_DATA_SIZE] = { 0 }; EXPECT_SUCCESS(s2n_blob_init(&actual_result, actual_result_data, OUTPUT_DATA_SIZE)); - struct s2n_blob expected_result = { 0 }; - uint8_t expected_result_data[OUTPUT_DATA_SIZE] = { 0 }; - EXPECT_SUCCESS(s2n_blob_init(&expected_result, expected_result_data, OUTPUT_DATA_SIZE)); - EXPECT_SUCCESS(s2n_hex_string_to_bytes((const uint8_t *) expected_result_hex[hash_alg], &expected_result)); + S2N_CHECKED_BLOB_FROM_HEX(expected_result, EXPECT_OK, expected_result_hex[hash_alg]); EXPECT_OK(s2n_hash_test(hash_alg, &actual_result)); EXPECT_EQUAL(expected_result.size, actual_result.size); diff --git a/tests/unit/s2n_override_openssl_random_test.c b/tests/unit/s2n_override_openssl_random_test.c index 823cecf9315..765d806b525 100644 --- a/tests/unit/s2n_override_openssl_random_test.c +++ b/tests/unit/s2n_override_openssl_random_test.c @@ -98,7 +98,7 @@ int main(int argc, char **argv) EXPECT_SUCCESS(s2n_pkcs3_to_dh_params(&dh_params, &b)); /* Set s2n_random to use a new fixed DRBG to test that other known answer tests with s2n_random and OpenSSL are deterministic */ - EXPECT_SUCCESS(s2n_stuffer_alloc_ro_from_hex_string(&test_entropy, reference_entropy_hex)); + EXPECT_OK(s2n_stuffer_alloc_from_hex(&test_entropy, reference_entropy_hex)); struct s2n_drbg drbg; EXPECT_SUCCESS(s2n_rand_set_callbacks(s2n_entropy_init_cleanup, s2n_entropy_init_cleanup, s2n_entropy_generator, s2n_entropy_generator)); @@ -119,7 +119,7 @@ int main(int argc, char **argv) EXPECT_EQUAL(bytes_used, 352); DEFER_CLEANUP(struct s2n_stuffer dhe_key_stuffer = { 0 }, s2n_stuffer_free); - EXPECT_SUCCESS(s2n_stuffer_alloc_ro_from_hex_string(&dhe_key_stuffer, expected_dhe_key_hex)); + EXPECT_OK(s2n_stuffer_alloc_from_hex(&dhe_key_stuffer, expected_dhe_key_hex)); EXPECT_EQUAL(dhe_key_stuffer.blob.size, 519); EXPECT_EQUAL(out_blob.size, 519); diff --git a/tests/unit/s2n_rsa_pss_rsae_test.c b/tests/unit/s2n_rsa_pss_rsae_test.c index 132ffc0c5d0..fe0c46d8f6d 100644 --- a/tests/unit/s2n_rsa_pss_rsae_test.c +++ b/tests/unit/s2n_rsa_pss_rsae_test.c @@ -318,8 +318,8 @@ int main(int argc, char **argv) RSA_free(rsa_key_copy); struct s2n_stuffer message_stuffer = { 0 }, signature_stuffer = { 0 }; - s2n_stuffer_alloc_ro_from_hex_string(&message_stuffer, test_case.message); - s2n_stuffer_alloc_ro_from_hex_string(&signature_stuffer, test_case.signature); + POSIX_GUARD_RESULT(s2n_stuffer_alloc_from_hex(&message_stuffer, test_case.message)); + POSIX_GUARD_RESULT(s2n_stuffer_alloc_from_hex(&signature_stuffer, test_case.signature)); hash_state_for_alg_new(verify_hash, test_case.hash_alg, message_stuffer.blob); int ret_val = rsa_public_key.verify(&rsa_public_key, S2N_SIGNATURE_RSA_PSS_RSAE, diff --git a/tests/unit/s2n_self_talk_key_log_test.c b/tests/unit/s2n_self_talk_key_log_test.c index b0269bf0175..a74d76db310 100644 --- a/tests/unit/s2n_self_talk_key_log_test.c +++ b/tests/unit/s2n_self_talk_key_log_test.c @@ -176,7 +176,9 @@ int main(int argc, char **argv) DEFER_CLEANUP(struct s2n_stuffer encoded, s2n_stuffer_free); EXPECT_SUCCESS(s2n_stuffer_alloc(&encoded, sizeof(bytes) * 2)); - EXPECT_OK(s2n_key_log_hex_encode(&encoded, bytes, sizeof(bytes))); + struct s2n_blob raw_bytes = { 0 }; + EXPECT_SUCCESS(s2n_blob_init(&raw_bytes, bytes, sizeof(bytes))); + EXPECT_OK(s2n_stuffer_write_hex(&encoded, &raw_bytes)); DEFER_CLEANUP(struct s2n_stuffer decoded, s2n_stuffer_free); EXPECT_SUCCESS(s2n_stuffer_alloc(&decoded, sizeof(bytes))); diff --git a/tests/unit/s2n_server_key_share_extension_test.c b/tests/unit/s2n_server_key_share_extension_test.c index 962ffbd77f0..7f2d46f15fe 100644 --- a/tests/unit/s2n_server_key_share_extension_test.c +++ b/tests/unit/s2n_server_key_share_extension_test.c @@ -259,7 +259,7 @@ int main(int argc, char **argv) const char *payload = key_share_payloads[i]; EXPECT_NULL(client_conn->kex_params.server_ecc_evp_params.negotiated_curve); - EXPECT_SUCCESS(s2n_stuffer_alloc_ro_from_hex_string(&extension_stuffer, payload)); + EXPECT_OK(s2n_stuffer_alloc_from_hex(&extension_stuffer, payload)); client_conn->kex_params.client_ecc_evp_params.negotiated_curve = ecc_pref->ecc_curves[i]; EXPECT_SUCCESS(s2n_ecc_evp_generate_ephemeral_key(&client_conn->kex_params.client_ecc_evp_params)); @@ -289,7 +289,7 @@ int main(int argc, char **argv) const char *payload = key_share_payloads[0]; EXPECT_NULL(client_conn->kex_params.server_ecc_evp_params.negotiated_curve); - EXPECT_SUCCESS(s2n_stuffer_alloc_ro_from_hex_string(&extension_stuffer, payload)); + EXPECT_OK(s2n_stuffer_alloc_from_hex(&extension_stuffer, payload)); client_conn->kex_params.client_ecc_evp_params.negotiated_curve = ecc_pref->ecc_curves[0]; EXPECT_SUCCESS(s2n_ecc_evp_generate_ephemeral_key(&client_conn->kex_params.client_ecc_evp_params)); @@ -318,7 +318,7 @@ int main(int argc, char **argv) const char *p256 = "001700410474cfd75c0ab7b57247761a277e1c92b5810dacb251bb758f43e9d15aaf292c4a2be43e886425ba55653ebb7a4f32fe368bacce3df00c618645cf1eb6"; EXPECT_NULL(client_conn->kex_params.server_ecc_evp_params.negotiated_curve); - EXPECT_SUCCESS(s2n_stuffer_alloc_ro_from_hex_string(&extension_stuffer, p256)); + EXPECT_OK(s2n_stuffer_alloc_from_hex(&extension_stuffer, p256)); EXPECT_FAILURE_WITH_ERRNO(s2n_server_key_share_extension.recv(client_conn, &extension_stuffer), S2N_ERR_BAD_KEY_SHARE); @@ -339,7 +339,7 @@ int main(int argc, char **argv) const char *p256 = "001700410474cfd75c0ab7b57247761a277e1c92b5810dacb251bb758f43e9d15aaf292c4a2be43e886425ba55653ebb7a4f32fe368bacce3df00c618645cf1eb646f22552"; EXPECT_NULL(client_conn->kex_params.server_ecc_evp_params.negotiated_curve); - EXPECT_SUCCESS(s2n_stuffer_alloc_ro_from_hex_string(&extension_stuffer, p256)); + EXPECT_OK(s2n_stuffer_alloc_from_hex(&extension_stuffer, p256)); /* If s2n_is_evp_apis_supported is not supported, the ecc_prefs->ecc_curves contains only p-256, p-384 curves. */ int p_384_index = s2n_is_evp_apis_supported() ? 2 : 1; @@ -647,7 +647,7 @@ int main(int argc, char **argv) /* In the HRR, the server indicated p256+Kyber as it's choice in the key share extension */ const struct s2n_kem_group *kem_group = &s2n_secp256r1_kyber_512_r3; DEFER_CLEANUP(struct s2n_stuffer key_share_payload = { 0 }, s2n_stuffer_free); - EXPECT_SUCCESS(s2n_stuffer_alloc_ro_from_hex_string(&key_share_payload, "2F3A")); + EXPECT_OK(s2n_stuffer_alloc_from_hex(&key_share_payload, "2F3A")); /* Client should successfully parse the indicated group */ EXPECT_SUCCESS(s2n_server_key_share_extension.recv(client_conn, &key_share_payload)); @@ -689,14 +689,14 @@ int main(int argc, char **argv) /* Server sends a named group identifier that isn't in the client's KEM preferences */ const char *bad_group = "2F2C"; /* IANA ID for secp256r1_threebears-babybear-r2 (not imported into s2n) */ DEFER_CLEANUP(struct s2n_stuffer bad_group_stuffer = { 0 }, s2n_stuffer_free); - EXPECT_SUCCESS(s2n_stuffer_alloc_ro_from_hex_string(&bad_group_stuffer, bad_group)); + EXPECT_OK(s2n_stuffer_alloc_from_hex(&bad_group_stuffer, bad_group)); EXPECT_FAILURE_WITH_ERRNO(s2n_server_key_share_extension.recv(client_conn, &bad_group_stuffer), S2N_ERR_ECDHE_UNSUPPORTED_CURVE); /* Server sends a key share that is in the client's KEM preferences, but client didn't send a key share */ const char *wrong_share = "2F1F"; /* Full extension truncated - not necessary */ DEFER_CLEANUP(struct s2n_stuffer wrong_share_stuffer = { 0 }, s2n_stuffer_free); - EXPECT_SUCCESS(s2n_stuffer_alloc_ro_from_hex_string(&wrong_share_stuffer, wrong_share)); + EXPECT_OK(s2n_stuffer_alloc_from_hex(&wrong_share_stuffer, wrong_share)); EXPECT_FAILURE_WITH_ERRNO(s2n_server_key_share_extension.recv(client_conn, &wrong_share_stuffer), S2N_ERR_ECDHE_UNSUPPORTED_CURVE); diff --git a/tests/unit/s2n_testlib_test.c b/tests/unit/s2n_testlib_test.c index 7dbd2da11e4..f5f7b8b9df0 100644 --- a/tests/unit/s2n_testlib_test.c +++ b/tests/unit/s2n_testlib_test.c @@ -43,5 +43,30 @@ int main(int argc, char **argv) EXPECT_SUCCESS(s2n_connection_free(server_conn)); }; + /* Test s2n_blob_alloc_from_hex_with_whitespace */ + { + struct { + const char *input; + size_t expected_output_size; + uint8_t expected_output[100]; + } test_cases[] = { + { .input = "abcd", .expected_output = { 171, 205 }, .expected_output_size = 2 }, + { .input = "ab cd", .expected_output = { 171, 205 }, .expected_output_size = 2 }, + { .input = " abcd", .expected_output = { 171, 205 }, .expected_output_size = 2 }, + { .input = "abcd ", .expected_output = { 171, 205 }, .expected_output_size = 2 }, + { .input = " ab cd ", .expected_output = { 171, 205 }, .expected_output_size = 2 }, + { .input = "", .expected_output = { 0 }, .expected_output_size = 0 }, + { .input = " ", .expected_output = { 0 }, .expected_output_size = 0 }, + { .input = "12 34 56 78 90", .expected_output = { 18, 52, 86, 120, 144 }, .expected_output_size = 5 }, + { .input = "1234567890", .expected_output = { 18, 52, 86, 120, 144 }, .expected_output_size = 5 }, + }; + for (size_t i = 0; i < s2n_array_len(test_cases); i++) { + DEFER_CLEANUP(struct s2n_blob actual_output = { 0 }, s2n_free); + EXPECT_OK(s2n_blob_alloc_from_hex_with_whitespace(&actual_output, test_cases[i].input)); + EXPECT_EQUAL(actual_output.size, test_cases[i].expected_output_size); + EXPECT_BYTEARRAY_EQUAL(actual_output.data, test_cases[i].expected_output, actual_output.size); + } + }; + END_TEST(); } diff --git a/tests/unit/s2n_tls13_server_cert_test.c b/tests/unit/s2n_tls13_server_cert_test.c index da9e6e6994d..c18ab419dfb 100644 --- a/tests/unit/s2n_tls13_server_cert_test.c +++ b/tests/unit/s2n_tls13_server_cert_test.c @@ -123,11 +123,8 @@ int main(int argc, char **argv) EXPECT_NOT_NULL(tls13_cert_chain_hex = malloc(S2N_MAX_TEST_PEM_SIZE)); strcpy(tls13_cert_chain_hex, tls13_cert_chain_header_hex); strcat(tls13_cert_chain_hex, tls13_cert_hex); - /* convert certificate chain hex to bytes*/ - struct s2n_blob tls13_cert = { 0 }; - EXPECT_SUCCESS(s2n_alloc(&tls13_cert, strlen(tls13_cert_chain_hex) / 2)); - POSIX_GUARD(s2n_hex_string_to_bytes((uint8_t *) tls13_cert_chain_hex, &tls13_cert)); + S2N_BLOB_FROM_HEX(tls13_cert, tls13_cert_chain_hex); S2N_BLOB_FROM_HEX(tls13_cert_chain, tls13_cert_hex); struct s2n_connection *conn = NULL; @@ -164,8 +161,6 @@ int main(int argc, char **argv) EXPECT_SUCCESS(s2n_connection_free(conn)); free(tls13_cert_chain_hex); - /* free memory allocated in s2n_alloc*/ - free(tls13_cert.data); } /* Test server sends cert and client receives cert for tls 1.3 */ diff --git a/tls/s2n_key_log.c b/tls/s2n_key_log.c index 75ef3db618f..f135ea31ba1 100644 --- a/tls/s2n_key_log.c +++ b/tls/s2n_key_log.c @@ -50,24 +50,6 @@ /* hex requires 2 chars per byte */ #define HEX_ENCODING_SIZE 2 -S2N_RESULT s2n_key_log_hex_encode(struct s2n_stuffer *output, uint8_t *bytes, size_t len) -{ - RESULT_ENSURE_MUT(output); - RESULT_ENSURE_REF(bytes); - - const uint8_t chars[] = "0123456789abcdef"; - - for (size_t i = 0; i < len; i++) { - uint8_t upper = bytes[i] >> 4; - uint8_t lower = bytes[i] & 0x0f; - - RESULT_GUARD_POSIX(s2n_stuffer_write_uint8(output, chars[upper])); - RESULT_GUARD_POSIX(s2n_stuffer_write_uint8(output, chars[lower])); - } - - return S2N_RESULT_OK; -} - S2N_RESULT s2n_key_log_tls13_secret(struct s2n_connection *conn, const struct s2n_blob *secret, s2n_secret_type_t secret_type) { RESULT_ENSURE_REF(conn); @@ -127,10 +109,14 @@ S2N_RESULT s2n_key_log_tls13_secret(struct s2n_connection *conn, const struct s2 DEFER_CLEANUP(struct s2n_stuffer output, s2n_stuffer_free); RESULT_GUARD_POSIX(s2n_stuffer_alloc(&output, len)); + struct s2n_blob client_random = { 0 }; + RESULT_GUARD_POSIX(s2n_blob_init(&client_random, conn->handshake_params.client_random, + sizeof(conn->handshake_params.client_random))); + RESULT_GUARD_POSIX(s2n_stuffer_write_bytes(&output, label, label_size)); - RESULT_GUARD(s2n_key_log_hex_encode(&output, conn->handshake_params.client_random, S2N_TLS_RANDOM_DATA_LEN)); + RESULT_GUARD(s2n_stuffer_write_hex(&output, &client_random)); RESULT_GUARD_POSIX(s2n_stuffer_write_uint8(&output, ' ')); - RESULT_GUARD(s2n_key_log_hex_encode(&output, secret->data, secret->size)); + RESULT_GUARD(s2n_stuffer_write_hex(&output, secret)); uint8_t *data = s2n_stuffer_raw_read(&output, len); RESULT_ENSURE_REF(data); @@ -162,10 +148,18 @@ S2N_RESULT s2n_key_log_tls12_secret(struct s2n_connection *conn) DEFER_CLEANUP(struct s2n_stuffer output, s2n_stuffer_free); RESULT_GUARD_POSIX(s2n_stuffer_alloc(&output, len)); + struct s2n_blob client_random = { 0 }; + RESULT_GUARD_POSIX(s2n_blob_init(&client_random, conn->handshake_params.client_random, + sizeof(conn->handshake_params.client_random))); + + struct s2n_blob master_secret = { 0 }; + RESULT_GUARD_POSIX(s2n_blob_init(&master_secret, conn->secrets.version.tls12.master_secret, + sizeof(conn->secrets.version.tls12.master_secret))); + RESULT_GUARD_POSIX(s2n_stuffer_write_bytes(&output, label, label_size)); - RESULT_GUARD(s2n_key_log_hex_encode(&output, conn->handshake_params.client_random, S2N_TLS_RANDOM_DATA_LEN)); + RESULT_GUARD(s2n_stuffer_write_hex(&output, &client_random)); RESULT_GUARD_POSIX(s2n_stuffer_write_uint8(&output, ' ')); - RESULT_GUARD(s2n_key_log_hex_encode(&output, conn->secrets.version.tls12.master_secret, S2N_TLS_SECRET_LEN)); + RESULT_GUARD(s2n_stuffer_write_hex(&output, &master_secret)); uint8_t *data = s2n_stuffer_raw_read(&output, len); RESULT_ENSURE_REF(data); diff --git a/tls/s2n_key_log.h b/tls/s2n_key_log.h index 02d39a8e704..9f07dfb5531 100644 --- a/tls/s2n_key_log.h +++ b/tls/s2n_key_log.h @@ -21,6 +21,5 @@ #include "utils/s2n_blob.h" #include "utils/s2n_safety.h" -S2N_RESULT s2n_key_log_hex_encode(struct s2n_stuffer *output, uint8_t *bytes, size_t len); S2N_RESULT s2n_key_log_tls12_secret(struct s2n_connection *conn); S2N_RESULT s2n_key_log_tls13_secret(struct s2n_connection *conn, const struct s2n_blob *secret, s2n_secret_type_t secret_type); diff --git a/utils/s2n_blob.c b/utils/s2n_blob.c index 2c3997ae746..58cd7b0a72b 100644 --- a/utils/s2n_blob.c +++ b/utils/s2n_blob.c @@ -78,59 +78,3 @@ int s2n_blob_char_to_lower(struct s2n_blob *b) POSIX_POSTCONDITION(s2n_blob_validate(b)); return S2N_SUCCESS; } - -/* An inverse map from an ascii value to a hexidecimal nibble value - * accounts for all possible char values, where 255 is invalid value */ -static const uint8_t hex_inverse[256] = { - /* clang-format off */ - 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, - 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, - 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, - 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 255, 255, 255, 255, 255, 255, - 255, 10, 11, 12, 13, 14, 15, 255, 255, 255, 255, 255, 255, 255, 255, 255, - 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, - 255, 10, 11, 12, 13, 14, 15, 255, 255, 255, 255, 255, 255, 255, 255, 255, - 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, - 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, - 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, - 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, - 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, - 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, - 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, - 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, - 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255 - /* clang-format on */ -}; - -/* takes a hex string and writes values in the s2n_blob - * string needs to a valid hex and blob needs to be large enough */ -int s2n_hex_string_to_bytes(const uint8_t *str, struct s2n_blob *blob) -{ - POSIX_ENSURE_REF(str); - POSIX_PRECONDITION(s2n_blob_validate(blob)); - uint32_t len_with_spaces = strlen((const char *) str); - - size_t i = 0, j = 0; - while (j < len_with_spaces) { - if (str[j] == ' ') { - j++; - continue; - } - - uint8_t high_nibble = hex_inverse[str[j]]; - POSIX_ENSURE(high_nibble != 255, S2N_ERR_INVALID_HEX); - - uint8_t low_nibble = hex_inverse[str[j + 1]]; - POSIX_ENSURE(low_nibble != 255, S2N_ERR_INVALID_HEX); - - POSIX_ENSURE(i < blob->size, S2N_ERR_INVALID_HEX); - blob->data[i] = high_nibble << 4 | low_nibble; - - i++; - j += 2; - } - blob->size = i; - - POSIX_POSTCONDITION(s2n_blob_validate(blob)); - return S2N_SUCCESS; -} diff --git a/utils/s2n_blob.h b/utils/s2n_blob.h index 8f9481affbc..25e6b7a7646 100644 --- a/utils/s2n_blob.h +++ b/utils/s2n_blob.h @@ -43,7 +43,6 @@ S2N_RESULT s2n_blob_validate(const struct s2n_blob *b); int S2N_RESULT_MUST_USE s2n_blob_init(struct s2n_blob *b, uint8_t *data, uint32_t size); int s2n_blob_zero(struct s2n_blob *b); int S2N_RESULT_MUST_USE s2n_blob_char_to_lower(struct s2n_blob *b); -int S2N_RESULT_MUST_USE s2n_hex_string_to_bytes(const uint8_t *str, struct s2n_blob *blob); int S2N_RESULT_MUST_USE s2n_blob_slice(const struct s2n_blob *b, struct s2n_blob *slice, uint32_t offset, uint32_t size); #define s2n_stack_blob(name, requested_size, maximum) \ @@ -63,15 +62,3 @@ int S2N_RESULT_MUST_USE s2n_blob_slice(const struct s2n_blob *b, struct s2n_blob #define S2N_BLOB_LABEL(name, str) \ static uint8_t name##_data[] = str; \ const struct s2n_blob name = { .data = name##_data, .size = sizeof(name##_data) - 1 }; - -/* The S2N_BLOB_FROM_HEX macro creates a s2n_blob with the contents of a hex string. - * It is allocated on a stack so there no need to free after use. - * hex should be a const char[]. This function checks against using char*, - * because sizeof needs to refer to the buffer length rather than a pointer size */ -#define S2N_BLOB_FROM_HEX(name, hex) \ - s2n_stack_blob(name, (sizeof(hex) - 1) / 2, (sizeof(hex) - 1) / 2); \ - POSIX_GUARD(s2n_hex_string_to_bytes((const uint8_t *) hex, &name)); - -#define S2N_RESULT_BLOB_FROM_HEX(name, hex) \ - RESULT_STACK_BLOB(name, (sizeof(hex) - 1) / 2, (sizeof(hex) - 1) / 2); \ - RESULT_GUARD_POSIX(s2n_hex_string_to_bytes((const uint8_t *) hex, &name)); From 20c245c09f7240e1cefd3936d677fe91a56f62cf Mon Sep 17 00:00:00 2001 From: Lindsay Stewart Date: Sat, 27 Jul 2024 12:26:58 -0700 Subject: [PATCH 2/2] move comment --- tests/testlib/s2n_hex_testlib.c | 2 -- tests/testlib/s2n_testlib.h | 2 ++ 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/testlib/s2n_hex_testlib.c b/tests/testlib/s2n_hex_testlib.c index 3f6ce8f9260..0f33b871e25 100644 --- a/tests/testlib/s2n_hex_testlib.c +++ b/tests/testlib/s2n_hex_testlib.c @@ -37,8 +37,6 @@ S2N_RESULT s2n_stuffer_alloc_from_hex(struct s2n_stuffer *bytes_out, const char return S2N_RESULT_OK; } -/* Unlike other hex methods, the hex string read here may include spaces. - * This is useful for hex strings with odd whitespace for readability purposes. */ S2N_RESULT s2n_blob_alloc_from_hex_with_whitespace(struct s2n_blob *bytes_out, const char *hex_cstr) { RESULT_ENSURE_REF(bytes_out); diff --git a/tests/testlib/s2n_testlib.h b/tests/testlib/s2n_testlib.h index 51e91d8a031..cc9d5614035 100644 --- a/tests/testlib/s2n_testlib.h +++ b/tests/testlib/s2n_testlib.h @@ -25,6 +25,8 @@ extern const struct s2n_security_policy security_policy_test_tls13_retry; /* Hex methods for testing */ S2N_RESULT s2n_stuffer_alloc_from_hex(struct s2n_stuffer *stuffer, const char *str); +/* Unlike other hex methods, the hex string read here may include spaces. + * This is useful for hex strings with odd whitespace for readability purposes. */ S2N_RESULT s2n_blob_alloc_from_hex_with_whitespace(struct s2n_blob *bytes_out, const char *str); void s2n_print_connection(struct s2n_connection *conn, const char *marker);