utils: remove deprecated safety macros (#2747)

aws · Apr 20, 2021 · 423dbf1 · 423dbf1
1 parent c8bac0c
commit 423dbf1
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 277 deletions.
diff --git a/tests/unit/s2n_certificate_test.c b/tests/unit/s2n_certificate_test.c
@@ -44,46 +44,46 @@ static uint8_t verify_host_fn(const char *host_name, size_t host_name_len, void
 
 static S2N_RESULT s2n_compare_cert_chain(struct s2n_connection *conn, struct s2n_cert_chain_and_key *test_peer_chain)
 {
-    ENSURE_REF(conn);
-    ENSURE_REF(test_peer_chain);
+    RESULT_ENSURE_REF(conn);
+    RESULT_ENSURE_REF(test_peer_chain);
     uint32_t cert_chain_length = 0;
     RESULT_GUARD_POSIX(s2n_cert_chain_get_length(test_peer_chain, &cert_chain_length));
     DEFER_CLEANUP(STACK_OF(X509) *cert_chain_validated = X509_STORE_CTX_get1_chain(conn->x509_validator.store_ctx),
                   s2n_openssl_x509_stack_pop_free);
-    ENSURE_REF(cert_chain_validated);
-    ENSURE_EQ(cert_chain_length, sk_X509_num(cert_chain_validated));
+    RESULT_ENSURE_REF(cert_chain_validated);
+    RESULT_ENSURE_EQ(cert_chain_length, sk_X509_num(cert_chain_validated));
     struct s2n_cert *cur_cert = NULL;
 
     for (size_t cert_idx = 0; cert_idx < cert_chain_length; cert_idx++) {
         X509 *cert = sk_X509_value(cert_chain_validated, cert_idx);
-        ENSURE_REF(cert);
+        RESULT_ENSURE_REF(cert);
         DEFER_CLEANUP(uint8_t *cert_data_from_validator = NULL, s2n_crypto_free);
         int cert_size_from_validator = i2d_X509(cert, &cert_data_from_validator);
-        ENSURE_REF(cert_data_from_validator);
-        ENSURE_GT(cert_size_from_validator, 0);
+        RESULT_ENSURE_REF(cert_data_from_validator);
+        RESULT_ENSURE_GT(cert_size_from_validator, 0);
 
         RESULT_GUARD_POSIX(s2n_cert_chain_get_cert(test_peer_chain, &cur_cert, cert_idx));
-        ENSURE_REF(cur_cert);
-        ENSURE_EQ(cert_size_from_validator, cur_cert->raw.size);
-        ENSURE_EQ(memcmp(cert_data_from_validator, cur_cert->raw.data, cur_cert->raw.size), 0);
+        RESULT_ENSURE_REF(cur_cert);
+        RESULT_ENSURE_EQ(cert_size_from_validator, cur_cert->raw.size);
+        RESULT_ENSURE_EQ(memcmp(cert_data_from_validator, cur_cert->raw.data, cur_cert->raw.size), 0);
     }
 
     return S2N_RESULT_OK;
 }
 
 static S2N_RESULT s2n_compare_utf8_strings(struct s2n_blob *input_der, const char *expected_utf8_str, uint32_t utf8_len_in, uint32_t expected_utf8_len)
 {
-    ENSURE_REF(input_der);
-    ENSURE_REF(expected_utf8_str);
-    ENSURE_GT(expected_utf8_len, 0);
+    RESULT_ENSURE_REF(input_der);
+    RESULT_ENSURE_REF(expected_utf8_str);
+    RESULT_ENSURE_GT(expected_utf8_len, 0);
 
     DEFER_CLEANUP(struct s2n_blob utf8_str = { 0 }, s2n_free);
     RESULT_GUARD_POSIX(s2n_alloc(&utf8_str, utf8_len_in));
 
     RESULT_GUARD_POSIX(s2n_cert_get_utf8_string_from_extension_data(input_der->data, input_der->size, utf8_str.data, &utf8_str.size));
 
-    ENSURE_EQ(utf8_str.size, expected_utf8_len);
-    ENSURE_EQ(memcmp(utf8_str.data, expected_utf8_str, utf8_str.size), 0);
+    RESULT_ENSURE_EQ(utf8_str.size, expected_utf8_len);
+    RESULT_ENSURE_EQ(memcmp(utf8_str.data, expected_utf8_str, utf8_str.size), 0);
 
     RESULT_GUARD_POSIX(s2n_free(&utf8_str));
     return S2N_RESULT_OK;

diff --git a/tls/extensions/s2n_client_psk.c b/tls/extensions/s2n_client_psk.c
@@ -96,8 +96,8 @@ bool s2n_client_psk_should_send(struct s2n_connection *conn)
 */
 static S2N_RESULT s2n_generate_obfuscated_ticket_age(struct s2n_psk *psk, uint64_t current_time, uint32_t *output)
 {
-    ENSURE_REF(psk);
-    ENSURE_MUT(output);
+    RESULT_ENSURE_REF(psk);
+    RESULT_ENSURE_MUT(output);
 
     /**
      *= https://tools.ietf.org/rfc/rfc8446#section-4.2.11

diff --git a/utils/s2n_safety.h b/utils/s2n_safety.h
@@ -105,263 +105,3 @@ extern int s2n_mul_overflow(uint32_t a, uint32_t b, uint32_t* out);
 extern int s2n_align_to(uint32_t initial, uint32_t alignment, uint32_t* out);
 extern int s2n_add_overflow(uint32_t a, uint32_t b, uint32_t* out);
 extern int s2n_sub_overflow(uint32_t a, uint32_t b, uint32_t* out);
-
-
-/* START COMPATIBILITY LAYER */
-
-/**
- * NOTE: This will be removed once everything is using the new safety macro
- *       naming conventions
- */
-
-/**
- * Sets the global `errno` and returns with a `S2N_RESULT_ERROR`
- */
-#define BAIL( x )                                    RESULT_BAIL(x)
-
-/**
- * Sets the global `errno` and returns with a POSIX error (`-1`)
- */
-#define BAIL_POSIX( x )                              POSIX_BAIL(x)
-
-/**
- * Sets the global `errno` and returns with a `NULL` pointer value
- */
-#define BAIL_PTR( x )                                PTR_BAIL(x)
-
-/**
- * Ensures the `condition` is `true`, otherwise the function will `BAIL` with an `error`
- */
-#define ENSURE( condition , error )                  RESULT_ENSURE((condition), (error))
-
-/**
- * Ensures the `result` is OK, otherwise the function will `BAIL` with an `error`
- */
-#define ENSURE_OK( result , error )                  RESULT_ENSURE_OK((result), (error))
-
-/**
- * Ensures `n` is greater than or equal to `min`, otherwise the function will `BAIL` with a `S2N_ERR_SAFETY` error
- */
-#define ENSURE_GTE( n , min )                        RESULT_ENSURE_GTE((n), (min))
-
-/**
- * Ensures `n` is less than or equal to `max`, otherwise the function will `BAIL` with a `S2N_ERR_SAFETY` error
- */
-#define ENSURE_LTE( n , max )                        RESULT_ENSURE_LTE((n), (max))
-
-/**
- * Ensures `n` is greater than `min`, otherwise the function will `BAIL` with a `S2N_ERR_SAFETY` error
- */
-#define ENSURE_GT( n , min )                         RESULT_ENSURE_GT((n), (min))
-
-/**
- * Ensures `n` is less than `min`, otherwise the function will `BAIL` with a `S2N_ERR_SAFETY` error
- */
-#define ENSURE_LT( n , max )                         RESULT_ENSURE_LT((n), (max))
-
-/**
- * Ensures `a` is equal to `b`, otherwise the function will `BAIL` with a `S2N_ERR_SAFETY` error
- */
-#define ENSURE_EQ( a , b )                           RESULT_ENSURE_EQ((a), (b))
-
-/**
- * Ensures `a` is not equal to `b`, otherwise the function will `BAIL` with a `S2N_ERR_SAFETY` error
- */
-#define ENSURE_NE( a , b )                           RESULT_ENSURE_NE((a), (b))
-
-/**
- * Ensures the `condition` is `true`, otherwise the function will `BAIL_POSIX` with an `error`
- */
-#define ENSURE_POSIX( condition , error )           POSIX_ENSURE((condition), (error))
-
-/**
- * Ensures the `condition` is `true`, otherwise the function will `BAIL_PTR` with an `error`
- */
-#define ENSURE_PTR( condition , error )             PTR_ENSURE((condition), (error))
-
-/**
- * Ensures `x` is not `NULL`, otherwise the function will `BAIL_PTR` with an `error`
- */
-#define ENSURE_REF_PTR( x )                         PTR_ENSURE_REF(x)
-
-/**
- * Ensures `x` is a readable reference, otherwise the function will `BAIL` with `S2N_ERR_NULL`
- */
-#define ENSURE_REF( x )                             RESULT_ENSURE_REF(x)
-
-/**
- * Ensures `x` is a readable reference, otherwise the function will `BAIL_POSIX` with `S2N_ERR_NULL`
- */
-#define ENSURE_POSIX_REF( x )                       POSIX_ENSURE_REF(x)
-
-/**
- * Ensures `x` is a mutable reference, otherwise the function will `BAIL` with `S2N_ERR_NULL`
- */
-#define ENSURE_MUT( x )                             RESULT_ENSURE_MUT(x)
-
-/**
- * Ensures `x` is a mutable reference, otherwise the function will `BAIL_POSIX` with `S2N_ERR_NULL`
- */
-#define ENSURE_POSIX_MUT( x )                       POSIX_ENSURE_MUT(x)
-
-/**
- * Ensures `min <= n <= max`
- */
-#define ENSURE_INCLUSIVE_RANGE( min , n , max )     RESULT_ENSURE_INCLUSIVE_RANGE((min), (n), (max))
-
-/**
- * Ensures `min < n < max`
- */
-#define ENSURE_EXCLUSIVE_RANGE( min , n , max )     RESULT_ENSURE_EXCLUSIVE_RANGE((min), (n), (max))
-
-/**
- * Ensures the `result` is `S2N_RESULT_OK`, otherwise the function will return an error signal
- */
-#define PRECONDITION( result )                      RESULT_PRECONDITION(result)
-
-/**
- * Ensures the `result` is `S2N_RESULT_OK`, otherwise the function will return an error signal
- */
-#define POSTCONDITION( result )                     RESULT_POSTCONDITION(result)
-
-/**
- * Ensures the `result` is `S2N_RESULT_OK`, otherwise the function will return an error signal
- */
-#define PRECONDITION_POSIX( result )                POSIX_PRECONDITION(result)
-
-/**
- * Ensures the `result` is `S2N_RESULT_OK`, otherwise the function will return an error signal
- */
-#define POSTCONDITION_POSIX( result )               POSIX_POSTCONDITION(result)
-
-/**
- * Ensures the `condition` is `true`, otherwise the function will `BAIL` with an `error`.
- * When the code is built in debug mode, they are checked.
- * When the code is built in production mode, they are ignored.
- */
-#define DEBUG_ENSURE( condition, error )            RESULT_DEBUG_ENSURE((condition), (error))
-
-/**
- * Ensures the `condition` is `true`, otherwise the function will `BAIL_POSIX` with an `error`.
- * When the code is built in debug mode, they are checked.
- * When the code is built in production mode, they are ignored.
- */
-#define DEBUG_ENSURE_POSIX( condition, error )      POSIX_DEBUG_ENSURE((condition), (error))
-
-/**
- * Ensures `x` is not an error, otherwise the function will return an error signal
- *
- * Note: this currently accepts POSIX error signals but will transition to accept s2n_result
- */
-#define GUARD( x )                                  POSIX_GUARD(x)
-
-/**
- * Ensures `x` is not an error, otherwise the function will return `NULL`
- *
- * Note: this currently accepts POSIX error signals but will transition to accept s2n_result
- */
-#define GUARD_PTR( x )                              PTR_GUARD_POSIX(x)
-
-/**
- * Ensures `x` is not `NULL`, otherwise the function will return an error signal
- *
- * Note: this currently accepts POSIX error signals but will transition to accept s2n_result
- */
-#define GUARD_NONNULL( x )                          POSIX_GUARD_PTR(x)
-
-/**
- * Ensures `x` is not `NULL`, otherwise the function will return `NULL`
- */
-#define GUARD_NONNULL_PTR( x )                      PTR_GUARD(x)
-
-/**
- * Ensures `x` is not a OpenSSL error, otherwise the function will return an error signal
- *
- * Note: this currently accepts POSIX error signals but will transition to accept s2n_result
- */
-#define GUARD_OSSL( x, error )                      POSIX_GUARD_OSSL((x), (error))
-
-/**
- * Ensures `x` is ok, otherwise the function will return an `S2N_RESULT_ERROR`
- */
-#define GUARD_RESULT( x )                           RESULT_GUARD(x)
-
-/**
- * Ensures `x` is ok, otherwise the function will return `NULL`
- */
-#define GUARD_RESULT_PTR( x )                       PTR_GUARD_RESULT(x)
-
-/**
- * Ensures `x` is not `NULL`, otherwise the function will return an `S2N_RESULT_ERROR`
- */
-#define GUARD_RESULT_NONNULL( x )                   RESULT_GUARD_PTR(x)
-
-/**
- * Ensures `x` is not a OpenSSL error, otherwise the function will `BAIL` with `error`
- */
-/* TODO: use the OSSL error code in error reporting https://github.com/awslabs/s2n/issues/705 */
-#define GUARD_RESULT_OSSL( x , error )              RESULT_GUARD_OSSL((x), (error))
-
-/**
- * Ensures `x` is not a POSIX error, otherwise return a POSIX error
- */
-#define GUARD_POSIX( x )                            POSIX_GUARD(x)
-
-/**
- * Ensures `x` is not a POSIX error, otherwise the function will return `NULL`
- */
-#define GUARD_POSIX_PTR( x )                        PTR_GUARD_POSIX(x)
-
-/**
- * Ensures `x` is not `NULL`, otherwise the function will return a POSIX error (`-1`)
- */
-#define GUARD_POSIX_NONNULL( x )                    POSIX_GUARD_PTR(x)
-
-/**
- * Ensures `x` is not a OpenSSL error, otherwise the function will `BAIL` with `error`
- */
-/* TODO: use the OSSL error code in error reporting https://github.com/awslabs/s2n/issues/705 */
-#define GUARD_POSIX_OSSL( x , error )               POSIX_GUARD_OSSL((x), (error))
-
-/**
- * Ensures `x` is not a POSIX error, otherwise the function will return a `S2N_RESULT_ERROR`
- */
-#define GUARD_AS_RESULT( x )                        RESULT_GUARD_POSIX(x)
-
-/**
- * Ensures `x` is OK (S2N_RESULT), otherwise the function will return a POSIX error (`-1`)
- */
-#define GUARD_AS_POSIX( x )                         POSIX_GUARD_RESULT(x)
-
-/**
- * Performs a safe memcpy
- */
-#define CHECKED_MEMCPY( d , s , n )                 RESULT_CHECKED_MEMCPY((d), (s), (n))
-
-/**
- * Performs a safe memset
- */
-#define CHECKED_MEMSET( d , c , n )                 RESULT_CHECKED_MEMSET((d), (c), (n))
-
-/* `NULL` check a pointer */
-
-/* Note: this macro is replaced by POSIX_ENSURE_REF */
-#define notnull_check(ptr)                          POSIX_ENSURE_REF(ptr)
-/* Note: this macro is replaced by PTR_ENSURE_REF */
-#define notnull_check_ptr(ptr)                      PTR_ENSURE_REF(ptr)
-
-/* Range check a number */
-#define gte_check( n , min )                        POSIX_ENSURE_GTE((n), (min))
-#define lte_check( n , max )                        POSIX_ENSURE_LTE((n), (max))
-#define gt_check( n , min )                         POSIX_ENSURE_GT((n), (min))
-#define lt_check( n , max )                         POSIX_ENSURE_LT((n), (max))
-#define eq_check( a , b )                           POSIX_ENSURE_EQ((a), (b))
-#define ne_check( a , b )                           POSIX_ENSURE_NE((a), (b))
-#define inclusive_range_check( low, n, high )       POSIX_ENSURE_INCLUSIVE_RANGE((low), (n), (high))
-#define exclusive_range_check( low, n, high )       POSIX_ENSURE_EXCLUSIVE_RANGE((low), (n), (high))
-
-#define memcpy_check( d , s , n )                   POSIX_CHECKED_MEMCPY((d), (s), (n))
-/* This will fail to build if d is an array. Cast the array to a pointer first! */
-#define memset_check( d , c , n )                   POSIX_CHECKED_MEMSET((d), (c), (n))
-
-/* END COMPATIBILITY LAYER */