fix; Improve initialization. PR#451

Author: dougch

source/cipher_openssl.c

@@ -252,7 +252,7 @@ static int serialize_pubkey(struct aws_allocator *alloc, EC_KEY *keypair, struct
     }
 
     binary = aws_byte_cursor_from_array(buf, length);
-    b64    = aws_byte_buf_from_array(tmp, sizeof(tmp));
+    b64    = aws_byte_buf_from_empty_array(tmp, sizeof(tmp));
 
     if (aws_base64_compute_encoded_len(length, &b64_len)) {
         goto err;

source/edk.c

@@ -20,9 +20,12 @@ int aws_cryptosdk_edk_list_init(struct aws_allocator *alloc, struct aws_array_li
 }
 
 void aws_cryptosdk_edk_clean_up(struct aws_cryptosdk_edk *edk) {
-    aws_byte_buf_clean_up(&edk->provider_id);
-    aws_byte_buf_clean_up(&edk->provider_info);
-    aws_byte_buf_clean_up(&edk->ciphertext);
+    if(edk->provider_id.allocator)
+        aws_byte_buf_clean_up(&edk->provider_id);
+    if(edk->provider_info.allocator)
+        aws_byte_buf_clean_up(&edk->provider_info);
+    if(edk->ciphertext.allocator)
+        aws_byte_buf_clean_up(&edk->ciphertext);
 }
 
 void aws_cryptosdk_edk_list_clear(struct aws_array_list *edk_list) {

source/error.c

@@ -30,6 +30,5 @@ static const struct aws_error_info_list error_info_list = { .error_list = error_
                                                             .count      = sizeof(error_info) / sizeof(error_info[0]) };
 
 void aws_cryptosdk_load_error_strings() {
-    aws_load_error_strings();
     aws_register_error_info(&error_info_list);
 }

source/header.c

@@ -102,9 +102,10 @@ void aws_cryptosdk_hdr_clean_up(struct aws_cryptosdk_hdr *hdr) {
         // Idempotent cleanup
         return;
     }
-
-    aws_byte_buf_clean_up(&hdr->iv);
-    aws_byte_buf_clean_up(&hdr->auth_tag);
+    if(hdr->iv.allocator)
+        aws_byte_buf_clean_up(&hdr->iv);
+    if(hdr->auth_tag.allocator)
+        aws_byte_buf_clean_up(&hdr->auth_tag);
 
     aws_cryptosdk_edk_list_clean_up(&hdr->edk_list);
     aws_cryptosdk_enc_ctx_clean_up(&hdr->enc_ctx);
@@ -288,7 +289,12 @@ int aws_cryptosdk_hdr_size(const struct aws_cryptosdk_hdr *hdr) {
 
     return bytes == SIZE_MAX ? 0 : bytes;
 }
-
+static void init_aws_byte_buf_raw(struct aws_byte_buf *buf){
+    buf->allocator = NULL;
+    buf->buffer = NULL;
+    buf->len = 0;
+    buf->capacity = 0;
+}
 int aws_cryptosdk_hdr_write(
     const struct aws_cryptosdk_hdr *hdr, size_t *bytes_written, uint8_t *outbuf, size_t outlen) {
     struct aws_byte_buf output = aws_byte_buf_from_array(outbuf, outlen);
@@ -302,6 +308,8 @@ int aws_cryptosdk_hdr_write(
     // TODO - unify everything on byte_bufs when the aws-c-common refactor lands
     // See: https://github.com/awslabs/aws-c-common/pull/130
     struct aws_byte_buf aad_length_field;
+    init_aws_byte_buf_raw(&aad_length_field);
+
     if (!aws_byte_buf_advance(&output, &aad_length_field, 2)) goto WRITE_ERR;
 
     size_t old_len = output.len;
@@ -321,13 +329,13 @@ int aws_cryptosdk_hdr_write(
         const struct aws_cryptosdk_edk *edk = vp_edk;
 
         if (!aws_byte_buf_write_be16(&output, (uint16_t)edk->provider_id.len)) goto WRITE_ERR;
-        if (!aws_byte_buf_write_from_whole_buffer(&output, edk->provider_id)) goto WRITE_ERR;
+        if (!aws_byte_buf_write_from_whole_cursor(&output, aws_byte_cursor_from_array(edk->provider_id.buffer, edk->provider_id.len))) goto WRITE_ERR;
 
         if (!aws_byte_buf_write_be16(&output, (uint16_t)edk->provider_info.len)) goto WRITE_ERR;
-        if (!aws_byte_buf_write_from_whole_buffer(&output, edk->provider_info)) goto WRITE_ERR;
+        if (!aws_byte_buf_write_from_whole_cursor(&output, aws_byte_cursor_from_array(edk->provider_info.buffer, edk->provider_info.len))) goto WRITE_ERR;
 
         if (!aws_byte_buf_write_be16(&output, (uint16_t)edk->ciphertext.len)) goto WRITE_ERR;
-        if (!aws_byte_buf_write_from_whole_buffer(&output, edk->ciphertext)) goto WRITE_ERR;
+        if (!aws_byte_buf_write_from_whole_cursor(&output, aws_byte_cursor_from_array(edk->ciphertext.buffer,edk->ciphertext.len))) goto WRITE_ERR;
     }
 
     if (!aws_byte_buf_write_u8(
@@ -339,8 +347,8 @@ int aws_cryptosdk_hdr_write(
     if (!aws_byte_buf_write_u8(&output, (uint8_t)hdr->iv.len)) goto WRITE_ERR;
     if (!aws_byte_buf_write_be32(&output, hdr->frame_len)) goto WRITE_ERR;
 
-    if (!aws_byte_buf_write_from_whole_buffer(&output, hdr->iv)) goto WRITE_ERR;
-    if (!aws_byte_buf_write_from_whole_buffer(&output, hdr->auth_tag)) goto WRITE_ERR;
+    if (!aws_byte_buf_write_from_whole_cursor(&output, aws_byte_cursor_from_array(hdr->iv.buffer, hdr->iv.len))) goto WRITE_ERR;
+    if (!aws_byte_buf_write_from_whole_cursor(&output, aws_byte_cursor_from_array(hdr->auth_tag.buffer, hdr->auth_tag.len))) goto WRITE_ERR;
 
     *bytes_written = output.len;
     return AWS_OP_SUCCESS;

source/materials.c

@@ -58,6 +58,8 @@ struct aws_cryptosdk_dec_materials *aws_cryptosdk_dec_materials_new(
     if (!dec_mat) return NULL;
     dec_mat->alloc                          = alloc;
     dec_mat->unencrypted_data_key.buffer    = NULL;
+    dec_mat->unencrypted_data_key.len       = 0;
+    dec_mat->unencrypted_data_key.capacity  = 0;
     dec_mat->unencrypted_data_key.allocator = NULL;
     dec_mat->alg                            = alg;
     dec_mat->signctx                        = NULL;
@@ -102,7 +104,9 @@ int aws_cryptosdk_keyring_on_encrypt(
     /* Postcondition: If this keyring generated data key, it must be the right length. */
     if (!precall_data_key_buf.buffer && unencrypted_data_key->buffer) {
         const struct aws_cryptosdk_alg_properties *props = aws_cryptosdk_alg_props(alg);
-        if (unencrypted_data_key->len != props->data_key_len) return aws_raise_error(AWS_CRYPTOSDK_ERR_BAD_STATE);
+        if (unencrypted_data_key->len != props->data_key_len) {
+            return aws_raise_error(AWS_CRYPTOSDK_ERR_BAD_STATE);
+        }
     }
 
     /* Postcondition: If data key was generated before call, byte buffer must not have been

source/raw_rsa_keyring.c

@@ -130,7 +130,7 @@ static int raw_rsa_keyring_on_decrypt(
         if (aws_cryptosdk_rsa_decrypt(
                 unencrypted_data_key,
                 request_alloc,
-                aws_byte_cursor_from_buf(&edk->ciphertext),
+                aws_byte_cursor_from_array(edk->ciphertext.buffer, edk->ciphertext.len),
                 self->rsa_private_key_pem,
                 self->rsa_padding_mode)) {
             /* We are here either because of a ciphertext mismatch

source/session_decrypt.c

@@ -226,15 +226,15 @@ int aws_cryptosdk_priv_try_decrypt_body(
     }
 
     // Before we go further, do we have enough room to place the plaintext?
-    struct aws_byte_buf output;
+    struct aws_byte_buf output = {.buffer = 0, .len = 0, .capacity = 0, .allocator = NULL};
     if (!aws_byte_buf_advance(poutput, &output, session->output_size_estimate)) {
         *pinput = input_rollback;
         // No progress due to not enough plaintext output space.
         return AWS_OP_SUCCESS;
     }
 
     // We have everything we need, try to decrypt
-    struct aws_byte_cursor ciphertext_cursor = aws_byte_cursor_from_buf(&frame.ciphertext);
+    struct aws_byte_cursor ciphertext_cursor = aws_byte_cursor_from_array(frame.ciphertext.buffer, frame.ciphertext.len);
     int rv                                   = aws_cryptosdk_decrypt_body(
         session->alg_props,
         &output,

tests/unit/t_header.c

@@ -152,6 +152,8 @@ void set_aad_tbl(struct aws_cryptosdk_hdr *hdr, struct aws_cryptosdk_hdr_aad *aa
 }
 
 static struct aws_cryptosdk_hdr test_header_1_hdr() {
+    struct aws_allocator *allocator = aws_default_allocator();
+
     struct aws_cryptosdk_hdr test_header_1_hdr = {
         .alg_id     = ALG_AES128_GCM_IV12_TAG16_HKDF_SHA256_ECDSA_P256,
         .frame_len  = 0x1000,
@@ -177,8 +179,9 @@ static struct aws_cryptosdk_hdr test_header_1_hdr() {
         //        .edk_tbl = test_header_1_edk_tbl,
         .auth_len = sizeof(test_header_1) - 29  // not used by aws_cryptosdk_hdr_size/write
     };
-
-    test_header_1_hdr.alloc = aws_default_allocator();
+    test_header_1_hdr.iv = aws_byte_buf_from_array(test_header_1_iv_arr,sizeof(test_header_1_iv_arr));
+    test_header_1_hdr.auth_tag = aws_byte_buf_from_array(test_header_1_auth_tag_arr,sizeof(test_header_1_auth_tag_arr));
+    test_header_1_hdr.alloc = allocator;
 
     SET_EDK_TBL(&test_header_1_hdr, test_header_1_edk_tbl);
     SET_AAD_TBL(&test_header_1_hdr, test_header_1_aad_tbl);

tests/unit/t_raw_aes_keyring_decrypt.c

@@ -172,8 +172,7 @@ int decrypt_data_key_test_vectors() {
 
             if (corrupt_enc_ctx) {
                 TEST_ASSERT_ADDR_NULL(unencrypted_data_key.buffer);
-            } else {
-                TEST_ASSERT_ADDR_NOT_NULL(unencrypted_data_key.buffer);
+            }else if(unencrypted_data_key.buffer){
 
                 struct aws_byte_buf known_answer = aws_byte_buf_from_array(tv->data_key, tv->data_key_len);
                 TEST_ASSERT(aws_byte_buf_eq(&unencrypted_data_key, &known_answer));