diff --git a/include/aws/io/pem.h b/include/aws/io/pem.h index 0f2e7841f..a3256ea67 100644 --- a/include/aws/io/pem.h +++ b/include/aws/io/pem.h @@ -58,10 +58,11 @@ struct aws_pem_object { }; /** - * Cleans up and securely zeroes out the outputs of 'aws_decode_pem_to_object_list()' - * and 'aws_read_and_decode_pem_file_to_object_list()' + * Cleans up elements of pem_objects list 'aws_pem_objects_init_from_file_contents()' + * and 'aws_pem_objects_init_from_file_path()'. + * Does not clean_up list itself. */ -AWS_IO_API void aws_pem_objects_clean_up(struct aws_array_list *pem_objects); +AWS_IO_API void aws_pem_objects_clear(struct aws_array_list *pem_objects); /** * Decodes PEM data and reads objects sequentially adding them to pem_objects. @@ -70,11 +71,11 @@ AWS_IO_API void aws_pem_objects_clean_up(struct aws_array_list *pem_objects); * If no objects can be read PEM or objects could not be base 64 decoded, * AWS_ERROR_PEM_MALFORMED is raised. * out_pem_objects stores aws_pem_object struct by value. - * Caller must initialize out_pem_objects before calling the function. + * Function will initialize pem_objects list. * This code is slow, and it allocates, so please try * not to call this in the middle of something that needs to be fast or resource sensitive. */ -AWS_IO_API int aws_decode_pem_to_object_list( +AWS_IO_API int aws_pem_objects_init_from_file_contents( struct aws_allocator *alloc, struct aws_byte_cursor pem_cursor, struct aws_array_list *out_pem_objects); @@ -86,11 +87,11 @@ AWS_IO_API int aws_decode_pem_to_object_list( * If no objects can be read PEM or objects could not be base 64 decoded, * AWS_ERROR_PEM_MALFORMED is raised. * out_pem_objects stores aws_pem_object struct by value. - * Caller must initialize out_pem_objects before calling the function. + * Function will initialize pem_objects list. * This code is slow, and it allocates, so please try * not to call this in the middle of something that needs to be fast or resource sensitive. */ -AWS_IO_API int aws_read_and_decode_pem_file_to_object_list( +AWS_IO_API int aws_pem_objects_init_from_file_path( struct aws_allocator *allocator, const char *filename, struct aws_array_list *out_pem_objects); diff --git a/source/darwin/darwin_pki_utils.c b/source/darwin/darwin_pki_utils.c index 6238202ab..47d5bc5ce 100644 --- a/source/darwin/darwin_pki_utils.c +++ b/source/darwin/darwin_pki_utils.c @@ -38,13 +38,9 @@ int aws_import_ecc_key_into_keychain( int result = AWS_OP_ERR; struct aws_array_list decoded_key_buffer_list; - /* Init empty array list, ideally, the PEM should only has one key included. */ - if (aws_array_list_init_dynamic(&decoded_key_buffer_list, alloc, 1, sizeof(struct aws_pem_object))) { - return result; - } /* Decode PEM format file to DER format */ - if (aws_decode_pem_to_object_list(alloc, *private_key, &decoded_key_buffer_list)) { + if (aws_pem_objects_init_from_file_contents(alloc, *private_key, &decoded_key_buffer_list)) { AWS_LOGF_ERROR(AWS_LS_IO_PKI, "static: Failed to decode PEM private key to DER format."); goto ecc_import_cleanup; } @@ -90,7 +86,7 @@ int aws_import_ecc_key_into_keychain( ecc_import_cleanup: // Zero out the array list and release it - aws_pem_objects_clean_up(&decoded_key_buffer_list); + aws_pem_objects_clear(&decoded_key_buffer_list); aws_array_list_clean_up(&decoded_key_buffer_list); return result; } @@ -208,12 +204,7 @@ int aws_import_public_and_private_keys_to_identity( "Using key from Keychain instead of the one provided."); struct aws_array_list cert_chain_list; - if (aws_array_list_init_dynamic(&cert_chain_list, alloc, 2, sizeof(struct aws_pem_object))) { - result = AWS_OP_ERR; - goto done; - } - - if (aws_decode_pem_to_object_list(alloc, *public_cert_chain, &cert_chain_list)) { + if (aws_pem_objects_init_from_file_contents(alloc, *public_cert_chain, &cert_chain_list)) { AWS_LOGF_ERROR(AWS_LS_IO_PKI, "static: decoding certificate PEM failed."); aws_array_list_clean_up(&cert_chain_list); result = AWS_OP_ERR; @@ -230,7 +221,7 @@ int aws_import_public_and_private_keys_to_identity( CFRelease(root_cert_data); } - aws_pem_objects_clean_up(&cert_chain_list); + aws_pem_objects_clear(&cert_chain_list); aws_array_list_clean_up(&cert_chain_list); } else { certificate_ref = (SecCertificateRef)CFArrayGetValueAtIndex(cert_import_output, 0); @@ -325,11 +316,7 @@ int aws_import_trusted_certificates( struct aws_array_list certificates; - if (aws_array_list_init_dynamic(&certificates, alloc, 2, sizeof(struct aws_pem_object))) { - return AWS_OP_ERR; - } - - if (aws_decode_pem_to_object_list(alloc, *certificates_blob, &certificates)) { + if (aws_pem_objects_init_from_file_contents(alloc, *certificates_blob, &certificates)) { AWS_LOGF_ERROR(AWS_LS_IO_PKI, "static: decoding CA PEM failed."); aws_array_list_clean_up(&certificates); return AWS_OP_ERR; @@ -358,7 +345,7 @@ int aws_import_trusted_certificates( aws_mutex_unlock(&s_sec_mutex); *certs = temp_cert_array; - aws_pem_objects_clean_up(&certificates); + aws_pem_objects_clear(&certificates); aws_array_list_clean_up(&certificates); return err; } diff --git a/source/pem.c b/source/pem.c index a2205c9d6..56b743452 100644 --- a/source/pem.c +++ b/source/pem.c @@ -140,7 +140,7 @@ static struct aws_byte_cursor s_pem_type_parameters_cur = AWS_BYTE_CUR_INIT_FROM static struct aws_byte_cursor s_pem_type_cms_cur = AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("CMS"); static struct aws_byte_cursor s_pem_type_sm2_parameters_cur = AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("SM2 PARAMETERS"); -void aws_pem_objects_clean_up(struct aws_array_list *cert_chain) { +void aws_pem_objects_clear(struct aws_array_list *cert_chain) { for (size_t i = 0; i < aws_array_list_length(cert_chain); ++i) { struct aws_pem_object *pem_obj_ptr = NULL; aws_array_list_get_at_ptr(cert_chain, (void **)&pem_obj_ptr, i); @@ -313,9 +313,10 @@ static int s_convert_pem_to_raw_base64( } else { struct aws_pem_object pem_object = { - .data = current_obj_buf, - .type_string = aws_string_new_from_cursor(allocator, ¤t_obj_type_cur), - .type = current_obj_type,}; + .data = current_obj_buf, + .type_string = aws_string_new_from_cursor(allocator, ¤t_obj_type_cur), + .type = current_obj_type, + }; if (aws_array_list_push_back(pem_objects, &pem_object)) { goto on_end_of_loop; @@ -358,17 +359,21 @@ static int s_convert_pem_to_raw_base64( } AWS_LOGF_ERROR(AWS_LS_IO_PEM, "Invalid PEM buffer."); - aws_pem_objects_clean_up(pem_objects); + aws_pem_objects_clear(pem_objects); return aws_raise_error(AWS_ERROR_PEM_MALFORMED); } -int aws_decode_pem_to_object_list( +int aws_pem_objects_init_from_file_contents( struct aws_allocator *allocator, struct aws_byte_cursor pem_cursor, struct aws_array_list *pem_objects) { AWS_PRECONDITION(allocator); AWS_PRECONDITION(pem_objects != NULL); - AWS_PRECONDITION(aws_array_list_length(pem_objects) == 0); + + /* Init empty array list, ideally, the PEM should only has one key included. */ + if (aws_array_list_init_dynamic(&pem_objects, allocator, 1, sizeof(struct aws_pem_object))) { + return AWS_OP_ERR; + } if (s_convert_pem_to_raw_base64(allocator, pem_cursor, pem_objects)) { goto on_error; @@ -403,11 +408,11 @@ int aws_decode_pem_to_object_list( return AWS_OP_SUCCESS; on_error: - aws_pem_objects_clean_up(pem_objects); + aws_pem_objects_clear(pem_objects); return AWS_OP_ERR; } -int aws_read_and_decode_pem_file_to_object_list( +int aws_pem_objects_init_from_file_path( struct aws_allocator *alloc, const char *filename, struct aws_array_list *pem_objects) { @@ -420,7 +425,7 @@ int aws_read_and_decode_pem_file_to_object_list( AWS_ASSERT(raw_file_buffer.buffer); struct aws_byte_cursor file_cursor = aws_byte_cursor_from_buf(&raw_file_buffer); - if (aws_decode_pem_to_object_list(alloc, file_cursor, pem_objects)) { + if (aws_pem_objects_init_from_file_contents(alloc, file_cursor, pem_objects)) { aws_byte_buf_clean_up_secure(&raw_file_buffer); AWS_LOGF_ERROR(AWS_LS_IO_PEM, "Failed to decode PEM file %s.", filename); return AWS_OP_ERR; diff --git a/source/windows/windows_pki_utils.c b/source/windows/windows_pki_utils.c index 065038a4a..98ce1bb57 100644 --- a/source/windows/windows_pki_utils.c +++ b/source/windows/windows_pki_utils.c @@ -184,11 +184,7 @@ int aws_import_trusted_certificates( *cert_store = NULL; int result = AWS_OP_ERR; - if (aws_array_list_init_dynamic(&certificates, alloc, 2, sizeof(struct aws_pem_object))) { - return AWS_OP_ERR; - } - - if (aws_decode_pem_to_object_list(alloc, *certificates_blob, &certificates)) { + if (aws_pem_objects_init_from_file_contents(alloc, *certificates_blob, &certificates)) { goto clean_up; } @@ -259,7 +255,7 @@ int aws_import_trusted_certificates( clean_up: - aws_pem_objects_clean_up(&certificates); + aws_pem_objects_clear(&certificates); aws_array_list_clean_up(&certificates); if (result == AWS_OP_ERR && *cert_store) { @@ -565,21 +561,13 @@ int aws_import_key_pair_to_cert_context( int result = AWS_OP_ERR; BYTE *key = NULL; - if (aws_array_list_init_dynamic(&certificates, alloc, 2, sizeof(struct aws_pem_object))) { - return AWS_OP_ERR; - } - - if (aws_decode_pem_to_object_list(alloc, *public_cert_chain, &certificates)) { + if (aws_pem_objects_init_from_file_contents(alloc, *public_cert_chain, &certificates)) { AWS_LOGF_ERROR( AWS_LS_IO_PKI, "static: failed to decode cert pem to buffer list with error %d", (int)aws_last_error()); goto clean_up; } - if (aws_array_list_init_dynamic(&private_keys, alloc, 1, sizeof(struct aws_pem_object))) { - goto clean_up; - } - - if (aws_decode_pem_to_object_list(alloc, *private_key, &private_keys)) { + if (aws_pem_objects_init_from_file_contents(alloc, *private_key, &private_keys)) { AWS_LOGF_ERROR( AWS_LS_IO_PKI, "static: failed to decode key pem to buffer list with error %d", (int)aws_last_error()); goto clean_up; @@ -730,9 +718,9 @@ int aws_import_key_pair_to_cert_context( } clean_up: - aws_pem_objects_clean_up(&certificates); + aws_pem_objects_clear(&certificates); aws_array_list_clean_up(&certificates); - aws_pem_objects_clean_up(&private_keys); + aws_pem_objects_clear(&private_keys); aws_array_list_clean_up(&private_keys); LocalFree(key); diff --git a/tests/pem_test.c b/tests/pem_test.c index 12d4426ca..56694247a 100644 --- a/tests/pem_test.c +++ b/tests/pem_test.c @@ -210,7 +210,7 @@ static int s_test_pem_cert_parse_from_file(struct aws_allocator *allocator, void struct aws_array_list output_list; ASSERT_SUCCESS(aws_array_list_init_dynamic(&output_list, allocator, 1, sizeof(struct aws_pem_object))); - ASSERT_SUCCESS(aws_read_and_decode_pem_file_to_object_list(allocator, "testparse.crt", &output_list)); + ASSERT_SUCCESS(aws_pem_objects_init_from_file_path(allocator, "testparse.crt", &output_list)); ASSERT_UINT_EQUALS(1, aws_array_list_length(&output_list)); struct aws_pem_object *pem_object = NULL; @@ -219,7 +219,7 @@ static int s_test_pem_cert_parse_from_file(struct aws_allocator *allocator, void ASSERT_CURSOR_VALUE_CSTRING_EQUALS(aws_byte_cursor_from_string(&pem_object->type_string), "CERTIFICATE"); ASSERT_INT_EQUALS(AWS_PEM_TYPE_X509, pem_object->type); - aws_pem_objects_clean_up(&output_list); + aws_pem_objects_clear(&output_list); aws_array_list_clean_up(&output_list); return AWS_OP_SUCCESS; @@ -302,7 +302,7 @@ static int s_test_pem_private_key_parse_from_file(struct aws_allocator *allocato struct aws_array_list output_list; ASSERT_SUCCESS(aws_array_list_init_dynamic(&output_list, allocator, 1, sizeof(struct aws_pem_object))); - ASSERT_SUCCESS(aws_read_and_decode_pem_file_to_object_list(allocator, "unittests.key", &output_list)); + ASSERT_SUCCESS(aws_pem_objects_init_from_file_path(allocator, "unittests.key", &output_list)); ASSERT_UINT_EQUALS(1, aws_array_list_length(&output_list)); struct aws_pem_object *pem_object = NULL; @@ -311,7 +311,7 @@ static int s_test_pem_private_key_parse_from_file(struct aws_allocator *allocato ASSERT_CURSOR_VALUE_CSTRING_EQUALS(aws_byte_cursor_from_string(&pem_object->type_string), "RSA PRIVATE KEY"); ASSERT_INT_EQUALS(AWS_PEM_TYPE_PRIVATE_RSA_PKCS1, pem_object->type); - aws_pem_objects_clean_up(&output_list); + aws_pem_objects_clear(&output_list); aws_array_list_clean_up(&output_list); return AWS_OP_SUCCESS; @@ -379,8 +379,7 @@ static int s_test_pem_single_cert_parse(struct aws_allocator *allocator, void *c struct aws_byte_cursor pem_data = aws_byte_cursor_from_c_str(s_rsa_1024_sha224_client_crt_pem); struct aws_array_list output_list; - ASSERT_SUCCESS(aws_array_list_init_dynamic(&output_list, allocator, 1, sizeof(struct aws_pem_object))); - ASSERT_SUCCESS(aws_decode_pem_to_object_list(allocator, pem_data, &output_list)); + ASSERT_SUCCESS(aws_pem_objects_init_from_file_contents(allocator, pem_data, &output_list)); ASSERT_UINT_EQUALS(1, aws_array_list_length(&output_list)); struct aws_pem_object *pem_object = NULL; @@ -389,7 +388,7 @@ static int s_test_pem_single_cert_parse(struct aws_allocator *allocator, void *c ASSERT_CURSOR_VALUE_CSTRING_EQUALS(aws_byte_cursor_from_string(&pem_object->type_string), "CERTIFICATE"); ASSERT_INT_EQUALS(AWS_PEM_TYPE_X509, pem_object->type); - aws_pem_objects_clean_up(&output_list); + aws_pem_objects_clear(&output_list); aws_array_list_clean_up(&output_list); return AWS_OP_SUCCESS; @@ -593,8 +592,7 @@ static int s_test_pem_cert_chain_parse(struct aws_allocator *allocator, void *ct struct aws_byte_cursor pem_data = aws_byte_cursor_from_c_str(s_rsa_2048_pkcs1_crt_pem); struct aws_array_list output_list; - ASSERT_SUCCESS(aws_array_list_init_dynamic(&output_list, allocator, 1, sizeof(struct aws_pem_object))); - ASSERT_SUCCESS(aws_decode_pem_to_object_list(allocator, pem_data, &output_list)); + ASSERT_SUCCESS(aws_pem_objects_init_from_file_contents(allocator, pem_data, &output_list)); ASSERT_UINT_EQUALS(3, aws_array_list_length(&output_list)); struct aws_pem_object *pem_object = NULL; @@ -613,7 +611,7 @@ static int s_test_pem_cert_chain_parse(struct aws_allocator *allocator, void *ct ASSERT_CURSOR_VALUE_CSTRING_EQUALS(aws_byte_cursor_from_string(&pem_object->type_string), "CERTIFICATE"); ASSERT_INT_EQUALS(AWS_PEM_TYPE_X509, pem_object->type); - aws_pem_objects_clean_up(&output_list); + aws_pem_objects_clear(&output_list); aws_array_list_clean_up(&output_list); return AWS_OP_SUCCESS; @@ -723,8 +721,7 @@ static int s_test_pem_private_key_parse(struct aws_allocator *allocator, void *c struct aws_byte_cursor pem_data = aws_byte_cursor_from_c_str(s_private_key_pem); struct aws_array_list output_list; - ASSERT_SUCCESS(aws_array_list_init_dynamic(&output_list, allocator, 1, sizeof(struct aws_pem_object))); - ASSERT_SUCCESS(aws_decode_pem_to_object_list(allocator, pem_data, &output_list)); + ASSERT_SUCCESS(aws_pem_objects_init_from_file_contents(allocator, pem_data, &output_list)); ASSERT_UINT_EQUALS(1, aws_array_list_length(&output_list)); struct aws_pem_object *pem_object = NULL; @@ -733,7 +730,7 @@ static int s_test_pem_private_key_parse(struct aws_allocator *allocator, void *c ASSERT_CURSOR_VALUE_CSTRING_EQUALS(aws_byte_cursor_from_string(&pem_object->type_string), "RSA PRIVATE KEY"); ASSERT_INT_EQUALS(AWS_PEM_TYPE_PRIVATE_RSA_PKCS1, pem_object->type); - aws_pem_objects_clean_up(&output_list); + aws_pem_objects_clear(&output_list); aws_array_list_clean_up(&output_list); return AWS_OP_SUCCESS; @@ -953,8 +950,7 @@ static int s_test_pem_cert_chain_comments_and_whitespace(struct aws_allocator *a struct aws_byte_cursor pem_data = aws_byte_cursor_from_c_str(s_pem_data_str); struct aws_array_list output_list; - ASSERT_SUCCESS(aws_array_list_init_dynamic(&output_list, allocator, 1, sizeof(struct aws_pem_object))); - ASSERT_SUCCESS(aws_decode_pem_to_object_list(allocator, pem_data, &output_list)); + ASSERT_SUCCESS(aws_pem_objects_init_from_file_contents(allocator, pem_data, &output_list)); ASSERT_UINT_EQUALS(3, aws_array_list_length(&output_list)); struct aws_pem_object *pem_object = NULL; @@ -973,7 +969,7 @@ static int s_test_pem_cert_chain_comments_and_whitespace(struct aws_allocator *a ASSERT_CURSOR_VALUE_CSTRING_EQUALS(aws_byte_cursor_from_string(&pem_object->type_string), "CERTIFICATE"); ASSERT_INT_EQUALS(AWS_PEM_TYPE_X509, pem_object->type); - aws_pem_objects_clean_up(&output_list); + aws_pem_objects_clear(&output_list); aws_array_list_clean_up(&output_list); return AWS_OP_SUCCESS; @@ -1003,8 +999,7 @@ static int s_test_pem_invalid_parse(struct aws_allocator *allocator, void *ctx) struct aws_byte_cursor pem_data = aws_byte_cursor_from_c_str(s_invalid_pem); struct aws_array_list output_list; - ASSERT_SUCCESS(aws_array_list_init_dynamic(&output_list, allocator, 1, sizeof(struct aws_pem_object))); - ASSERT_ERROR(AWS_ERROR_PEM_MALFORMED, aws_decode_pem_to_object_list(allocator, pem_data, &output_list)); + ASSERT_ERROR(AWS_ERROR_PEM_MALFORMED, aws_pem_objects_init_from_file_contents(allocator, pem_data, &output_list)); ASSERT_UINT_EQUALS(0, aws_array_list_length(&output_list)); aws_array_list_clean_up(&output_list); @@ -1036,8 +1031,7 @@ static int s_test_pem_valid_data_invalid_parse(struct aws_allocator *allocator, struct aws_byte_cursor pem_data = aws_byte_cursor_from_c_str(s_invalid_data); struct aws_array_list output_list; - ASSERT_SUCCESS(aws_array_list_init_dynamic(&output_list, allocator, 1, sizeof(struct aws_pem_object))); - ASSERT_ERROR(AWS_ERROR_PEM_MALFORMED, aws_decode_pem_to_object_list(allocator, pem_data, &output_list)); + ASSERT_ERROR(AWS_ERROR_PEM_MALFORMED, aws_pem_objects_init_from_file_contents(allocator, pem_data, &output_list)); ASSERT_UINT_EQUALS(0, aws_array_list_length(&output_list)); aws_array_list_clean_up(&output_list); @@ -1108,8 +1102,7 @@ static int s_test_pem_invalid_in_chain_parse(struct aws_allocator *allocator, vo struct aws_byte_cursor pem_data = aws_byte_cursor_from_c_str(s_invalid_data); struct aws_array_list output_list; - ASSERT_SUCCESS(aws_array_list_init_dynamic(&output_list, allocator, 1, sizeof(struct aws_pem_object))); - ASSERT_ERROR(AWS_ERROR_PEM_MALFORMED, aws_decode_pem_to_object_list(allocator, pem_data, &output_list)); + ASSERT_ERROR(AWS_ERROR_PEM_MALFORMED, aws_pem_objects_init_from_file_contents(allocator, pem_data, &output_list)); ASSERT_UINT_EQUALS(0, aws_array_list_length(&output_list)); aws_array_list_clean_up(&output_list);