1 2 /* 3 * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. 4 * 5 * Licensed under the Apache License, Version 2.0 (the "License"). 6 * You may not use this file except in compliance with the License. 7 * A copy of the License is located at 8 * 9 * http://aws.amazon.com/apache2.0 10 * 11 * or in the "license" file accompanying this file. This file is distributed 12 * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either 13 * express or implied. See the License for the specific language governing 14 * permissions and limitations under the License. 15 */ 16 17 #pragma once 18 19 /** 20 * DO NOT DIRECTLY MODIFY THIS FILE: 21 * 22 * The code in this file is generated from scripts/s2n_safety_macros.py and any modifications 23 * should be in there. 24 */ 25 26 #include "error/s2n_errno.h" 27 #include "utils/s2n_ensure.h" 28 #include "utils/s2n_result.h" 29 30 /** 31 * The goal of s2n_safety is to provide helpers to perform common 32 * checks, which help with code readability. 33 */ 34 35 /* Success signal value for OpenSSL functions */ 36 #define _OSSL_SUCCESS 1 37 38 /** 39 * Sets the global `s2n_errno` to `error` and returns with an `S2N_RESULT_ERROR` 40 */ 41 #define RESULT_BAIL(error) do { _S2N_ERROR((error)); return S2N_RESULT_ERROR; } while (0) 42 43 /** 44 * Ensures the `condition` is `true`, otherwise the function will `RESULT_BAIL` with `error` 45 */ 46 #define RESULT_ENSURE(condition, error) __S2N_ENSURE((condition), RESULT_BAIL(error)) 47 48 /** 49 * Ensures the `condition` is `true`, otherwise the function will `RESULT_BAIL` with `error` 50 * 51 * NOTE: The condition will _only_ be checked when the code is compiled in debug mode. 52 * In release mode, the check is removed. 53 */ 54 #define RESULT_DEBUG_ENSURE(condition, error) __S2N_ENSURE_DEBUG((condition), RESULT_BAIL(error)) 55 56 /** 57 * Ensures `s2n_result_is_ok(result)`, otherwise the function will `RESULT_BAIL` with `error` 58 * 59 * This can be useful for overriding the global `s2n_errno` 60 */ 61 #define RESULT_ENSURE_OK(result, error) __S2N_ENSURE(s2n_result_is_ok(result), RESULT_BAIL(error)) 62 63 /** 64 * Ensures `a` is greater than or equal to `b`, otherwise the function will `RESULT_BAIL` with a `S2N_ERR_SAFETY` error 65 */ 66 #define RESULT_ENSURE_GTE(a, b) __S2N_ENSURE((a) >= (b), RESULT_BAIL(S2N_ERR_SAFETY)) 67 68 /** 69 * Ensures `a` is less than or equal to `b`, otherwise the function will `RESULT_BAIL` with a `S2N_ERR_SAFETY` error 70 */ 71 #define RESULT_ENSURE_LTE(a, b) __S2N_ENSURE((a) <= (b), RESULT_BAIL(S2N_ERR_SAFETY)) 72 73 /** 74 * Ensures `a` is greater than `b`, otherwise the function will `RESULT_BAIL` with a `S2N_ERR_SAFETY` error 75 */ 76 #define RESULT_ENSURE_GT(a, b) __S2N_ENSURE((a) > (b), RESULT_BAIL(S2N_ERR_SAFETY)) 77 78 /** 79 * Ensures `a` is less than `b`, otherwise the function will `RESULT_BAIL` with a `S2N_ERR_SAFETY` error 80 */ 81 #define RESULT_ENSURE_LT(a, b) __S2N_ENSURE((a) < (b), RESULT_BAIL(S2N_ERR_SAFETY)) 82 83 /** 84 * Ensures `a` is equal to `b`, otherwise the function will `RESULT_BAIL` with a `S2N_ERR_SAFETY` error 85 */ 86 #define RESULT_ENSURE_EQ(a, b) __S2N_ENSURE((a) == (b), RESULT_BAIL(S2N_ERR_SAFETY)) 87 88 /** 89 * Ensures `a` is not equal to `b`, otherwise the function will `RESULT_BAIL` with a `S2N_ERR_SAFETY` error 90 */ 91 #define RESULT_ENSURE_NE(a, b) __S2N_ENSURE((a) != (b), RESULT_BAIL(S2N_ERR_SAFETY)) 92 93 /** 94 * Ensures `min <= n <= max`, otherwise the function will `RESULT_BAIL` with `S2N_ERR_SAFETY` 95 */ 96 #define RESULT_ENSURE_INCLUSIVE_RANGE(min, n, max) \ 97 do { \ 98 __typeof(n) __tmp_n = ( n ); \ 99 __typeof(n) __tmp_min = ( min ); \ 100 __typeof(n) __tmp_max = ( max ); \ 101 RESULT_ENSURE_GTE(__tmp_n, __tmp_min); \ 102 RESULT_ENSURE_LTE(__tmp_n, __tmp_max); \ 103 } while(0) 104 105 /** 106 * Ensures `min < n < max`, otherwise the function will `RESULT_BAIL` with `S2N_ERR_SAFETY` 107 */ 108 #define RESULT_ENSURE_EXCLUSIVE_RANGE(min, n, max) \ 109 do { \ 110 __typeof(n) __tmp_n = ( n ); \ 111 __typeof(n) __tmp_min = ( min ); \ 112 __typeof(n) __tmp_max = ( max ); \ 113 RESULT_ENSURE_GT(__tmp_n, __tmp_min); \ 114 RESULT_ENSURE_LT(__tmp_n, __tmp_max); \ 115 } while(0) 116 117 /** 118 * Ensures `x` is a readable reference, otherwise the function will `RESULT_BAIL` with `S2N_ERR_NULL` 119 */ 120 #define RESULT_ENSURE_REF(x) __S2N_ENSURE(S2N_OBJECT_PTR_IS_READABLE(x), RESULT_BAIL(S2N_ERR_NULL)) 121 122 /** 123 * Ensures `x` is a mutable reference, otherwise the function will `RESULT_BAIL` with `S2N_ERR_NULL` 124 */ 125 #define RESULT_ENSURE_MUT(x) __S2N_ENSURE(S2N_OBJECT_PTR_IS_WRITABLE(x), RESULT_BAIL(S2N_ERR_NULL)) 126 127 /** 128 * Ensures the `result` is `S2N_RESULT_OK`, otherwise the function will return an error signal 129 * 130 * `RESULT_PRECONDITION` should be used at the beginning of a function to make assertions about 131 * the provided arguments. By default, it is functionally equivalent to `RESULT_GUARD_RESULT(result)` 132 * but can be altered by a testing environment to provide additional guarantees. 133 */ 134 #define RESULT_PRECONDITION(result) RESULT_GUARD_RESULT(__S2N_ENSURE_PRECONDITION((result))) 135 136 /** 137 * Ensures the `result` is `S2N_RESULT_OK`, otherwise the function will return an error signal 138 * 139 * NOTE: The condition will _only_ be checked when the code is compiled in debug mode. 140 * In release mode, the check is removed. 141 * 142 * `RESULT_POSTCONDITION` should be used at the end of a function to make assertions about 143 * the resulting state. In debug mode, it is functionally equivalent to `RESULT_GUARD_RESULT(result)`. 144 * In production builds, it becomes a no-op. This can also be altered by a testing environment 145 * to provide additional guarantees. 146 */ 147 #define RESULT_POSTCONDITION(result) RESULT_GUARD_RESULT(__S2N_ENSURE_POSTCONDITION((result))) 148 149 /** 150 * Performs a safer memcpy. 151 * 152 * The following checks are performed: 153 * 154 * * `destination` is non-null 155 * * `source` is non-null 156 * 157 * Callers will still need to ensure the following: 158 * 159 * * The size of the data pointed to by both the `destination` and `source` parameters, 160 * shall be at least `len` bytes. 161 */ 162 #define RESULT_CHECKED_MEMCPY(destination, source, len) __S2N_ENSURE_SAFE_MEMCPY((destination), (source), (len), RESULT_GUARD_PTR) 163 164 /** 165 * Performs a safer memset 166 * 167 * The following checks are performed: 168 * 169 * * `destination` is non-null 170 * 171 * Callers will still need to ensure the following: 172 * 173 * * The size of the data pointed to by the `destination` parameter shall be at least 174 * `len` bytes. 175 */ 176 #define RESULT_CHECKED_MEMSET(destination, value, len) __S2N_ENSURE_SAFE_MEMSET((destination), (value), (len), RESULT_ENSURE_REF) 177 178 /** 179 * Ensures `s2n_result_is_ok(result)`, otherwise the function will return `S2N_RESULT_ERROR` 180 */ 181 #define RESULT_GUARD(result) __S2N_ENSURE(s2n_result_is_ok(result), return S2N_RESULT_ERROR) 182 183 /** 184 * Ensures `result == _OSSL_SUCCESS`, otherwise the function will `RESULT_BAIL` with `error` 185 */ 186 #define RESULT_GUARD_OSSL(result, error) __S2N_ENSURE((result) == _OSSL_SUCCESS, RESULT_BAIL(error)) 187 188 /** 189 * Ensures `s2n_result_is_ok(result)`, otherwise the function will return `S2N_RESULT_ERROR` 190 */ 191 #define RESULT_GUARD_RESULT(result) __S2N_ENSURE(s2n_result_is_ok(result), return S2N_RESULT_ERROR) 192 193 /** 194 * Ensures `(result) >= S2N_SUCCESS`, otherwise the function will return `S2N_RESULT_ERROR` 195 */ 196 #define RESULT_GUARD_POSIX(result) __S2N_ENSURE((result) >= S2N_SUCCESS, return S2N_RESULT_ERROR) 197 198 /** 199 * Ensures `(result) != NULL`, otherwise the function will return `S2N_RESULT_ERROR` 200 */ 201 #define RESULT_GUARD_PTR(result) __S2N_ENSURE((result) != NULL, return S2N_RESULT_ERROR) 202 203 /** 204 * Sets the global `s2n_errno` to `error` and returns with an `S2N_FAILURE` 205 */ 206 #define POSIX_BAIL(error) do { _S2N_ERROR((error)); return S2N_FAILURE; } while (0) 207 208 /** 209 * Ensures the `condition` is `true`, otherwise the function will `POSIX_BAIL` with `error` 210 */ 211 #define POSIX_ENSURE(condition, error) __S2N_ENSURE((condition), POSIX_BAIL(error)) 212 213 /** 214 * Ensures the `condition` is `true`, otherwise the function will `POSIX_BAIL` with `error` 215 * 216 * NOTE: The condition will _only_ be checked when the code is compiled in debug mode. 217 * In release mode, the check is removed. 218 */ 219 #define POSIX_DEBUG_ENSURE(condition, error) __S2N_ENSURE_DEBUG((condition), POSIX_BAIL(error)) 220 221 /** 222 * Ensures `(result) >= S2N_SUCCESS`, otherwise the function will `POSIX_BAIL` with `error` 223 * 224 * This can be useful for overriding the global `s2n_errno` 225 */ 226 #define POSIX_ENSURE_OK(result, error) __S2N_ENSURE((result) >= S2N_SUCCESS, POSIX_BAIL(error)) 227 228 /** 229 * Ensures `a` is greater than or equal to `b`, otherwise the function will `POSIX_BAIL` with a `S2N_ERR_SAFETY` error 230 */ 231 #define POSIX_ENSURE_GTE(a, b) __S2N_ENSURE((a) >= (b), POSIX_BAIL(S2N_ERR_SAFETY)) 232 233 /** 234 * Ensures `a` is less than or equal to `b`, otherwise the function will `POSIX_BAIL` with a `S2N_ERR_SAFETY` error 235 */ 236 #define POSIX_ENSURE_LTE(a, b) __S2N_ENSURE((a) <= (b), POSIX_BAIL(S2N_ERR_SAFETY)) 237 238 /** 239 * Ensures `a` is greater than `b`, otherwise the function will `POSIX_BAIL` with a `S2N_ERR_SAFETY` error 240 */ 241 #define POSIX_ENSURE_GT(a, b) __S2N_ENSURE((a) > (b), POSIX_BAIL(S2N_ERR_SAFETY)) 242 243 /** 244 * Ensures `a` is less than `b`, otherwise the function will `POSIX_BAIL` with a `S2N_ERR_SAFETY` error 245 */ 246 #define POSIX_ENSURE_LT(a, b) __S2N_ENSURE((a) < (b), POSIX_BAIL(S2N_ERR_SAFETY)) 247 248 /** 249 * Ensures `a` is equal to `b`, otherwise the function will `POSIX_BAIL` with a `S2N_ERR_SAFETY` error 250 */ 251 #define POSIX_ENSURE_EQ(a, b) __S2N_ENSURE((a) == (b), POSIX_BAIL(S2N_ERR_SAFETY)) 252 253 /** 254 * Ensures `a` is not equal to `b`, otherwise the function will `POSIX_BAIL` with a `S2N_ERR_SAFETY` error 255 */ 256 #define POSIX_ENSURE_NE(a, b) __S2N_ENSURE((a) != (b), POSIX_BAIL(S2N_ERR_SAFETY)) 257 258 /** 259 * Ensures `min <= n <= max`, otherwise the function will `POSIX_BAIL` with `S2N_ERR_SAFETY` 260 */ 261 #define POSIX_ENSURE_INCLUSIVE_RANGE(min, n, max) \ 262 do { \ 263 __typeof(n) __tmp_n = ( n ); \ 264 __typeof(n) __tmp_min = ( min ); \ 265 __typeof(n) __tmp_max = ( max ); \ 266 POSIX_ENSURE_GTE(__tmp_n, __tmp_min); \ 267 POSIX_ENSURE_LTE(__tmp_n, __tmp_max); \ 268 } while(0) 269 270 /** 271 * Ensures `min < n < max`, otherwise the function will `POSIX_BAIL` with `S2N_ERR_SAFETY` 272 */ 273 #define POSIX_ENSURE_EXCLUSIVE_RANGE(min, n, max) \ 274 do { \ 275 __typeof(n) __tmp_n = ( n ); \ 276 __typeof(n) __tmp_min = ( min ); \ 277 __typeof(n) __tmp_max = ( max ); \ 278 POSIX_ENSURE_GT(__tmp_n, __tmp_min); \ 279 POSIX_ENSURE_LT(__tmp_n, __tmp_max); \ 280 } while(0) 281 282 /** 283 * Ensures `x` is a readable reference, otherwise the function will `POSIX_BAIL` with `S2N_ERR_NULL` 284 */ 285 #define POSIX_ENSURE_REF(x) __S2N_ENSURE(S2N_OBJECT_PTR_IS_READABLE(x), POSIX_BAIL(S2N_ERR_NULL)) 286 287 /** 288 * Ensures `x` is a mutable reference, otherwise the function will `POSIX_BAIL` with `S2N_ERR_NULL` 289 */ 290 #define POSIX_ENSURE_MUT(x) __S2N_ENSURE(S2N_OBJECT_PTR_IS_WRITABLE(x), POSIX_BAIL(S2N_ERR_NULL)) 291 292 /** 293 * Ensures the `result` is `S2N_RESULT_OK`, otherwise the function will return an error signal 294 * 295 * `POSIX_PRECONDITION` should be used at the beginning of a function to make assertions about 296 * the provided arguments. By default, it is functionally equivalent to `POSIX_GUARD_RESULT(result)` 297 * but can be altered by a testing environment to provide additional guarantees. 298 */ 299 #define POSIX_PRECONDITION(result) POSIX_GUARD_RESULT(__S2N_ENSURE_PRECONDITION((result))) 300 301 /** 302 * Ensures the `result` is `S2N_RESULT_OK`, otherwise the function will return an error signal 303 * 304 * NOTE: The condition will _only_ be checked when the code is compiled in debug mode. 305 * In release mode, the check is removed. 306 * 307 * `POSIX_POSTCONDITION` should be used at the end of a function to make assertions about 308 * the resulting state. In debug mode, it is functionally equivalent to `POSIX_GUARD_RESULT(result)`. 309 * In production builds, it becomes a no-op. This can also be altered by a testing environment 310 * to provide additional guarantees. 311 */ 312 #define POSIX_POSTCONDITION(result) POSIX_GUARD_RESULT(__S2N_ENSURE_POSTCONDITION((result))) 313 314 /** 315 * Performs a safer memcpy. 316 * 317 * The following checks are performed: 318 * 319 * * `destination` is non-null 320 * * `source` is non-null 321 * 322 * Callers will still need to ensure the following: 323 * 324 * * The size of the data pointed to by both the `destination` and `source` parameters, 325 * shall be at least `len` bytes. 326 */ 327 #define POSIX_CHECKED_MEMCPY(destination, source, len) __S2N_ENSURE_SAFE_MEMCPY((destination), (source), (len), POSIX_GUARD_PTR) 328 329 /** 330 * Performs a safer memset 331 * 332 * The following checks are performed: 333 * 334 * * `destination` is non-null 335 * 336 * Callers will still need to ensure the following: 337 * 338 * * The size of the data pointed to by the `destination` parameter shall be at least 339 * `len` bytes. 340 */ 341 #define POSIX_CHECKED_MEMSET(destination, value, len) __S2N_ENSURE_SAFE_MEMSET((destination), (value), (len), POSIX_ENSURE_REF) 342 343 /** 344 * Ensures `(result) >= S2N_SUCCESS`, otherwise the function will return `S2N_FAILURE` 345 */ 346 #define POSIX_GUARD(result) __S2N_ENSURE((result) >= S2N_SUCCESS, return S2N_FAILURE) 347 348 /** 349 * Ensures `result == _OSSL_SUCCESS`, otherwise the function will `POSIX_BAIL` with `error` 350 */ 351 #define POSIX_GUARD_OSSL(result, error) __S2N_ENSURE((result) == _OSSL_SUCCESS, POSIX_BAIL(error)) 352 353 /** 354 * Ensures `s2n_result_is_ok(result)`, otherwise the function will return `S2N_FAILURE` 355 */ 356 #define POSIX_GUARD_RESULT(result) __S2N_ENSURE(s2n_result_is_ok(result), return S2N_FAILURE) 357 358 /** 359 * Ensures `(result) >= S2N_SUCCESS`, otherwise the function will return `S2N_FAILURE` 360 */ 361 #define POSIX_GUARD_POSIX(result) __S2N_ENSURE((result) >= S2N_SUCCESS, return S2N_FAILURE) 362 363 /** 364 * Ensures `(result) != NULL`, otherwise the function will return `S2N_FAILURE` 365 */ 366 #define POSIX_GUARD_PTR(result) __S2N_ENSURE((result) != NULL, return S2N_FAILURE) 367 368 /** 369 * Sets the global `s2n_errno` to `error` and returns with an `NULL` 370 */ 371 #define PTR_BAIL(error) do { _S2N_ERROR((error)); return NULL; } while (0) 372 373 /** 374 * Ensures the `condition` is `true`, otherwise the function will `PTR_BAIL` with `error` 375 */ 376 #define PTR_ENSURE(condition, error) __S2N_ENSURE((condition), PTR_BAIL(error)) 377 378 /** 379 * Ensures the `condition` is `true`, otherwise the function will `PTR_BAIL` with `error` 380 * 381 * NOTE: The condition will _only_ be checked when the code is compiled in debug mode. 382 * In release mode, the check is removed. 383 */ 384 #define PTR_DEBUG_ENSURE(condition, error) __S2N_ENSURE_DEBUG((condition), PTR_BAIL(error)) 385 386 /** 387 * Ensures `(result) != NULL`, otherwise the function will `PTR_BAIL` with `error` 388 * 389 * This can be useful for overriding the global `s2n_errno` 390 */ 391 #define PTR_ENSURE_OK(result, error) __S2N_ENSURE((result) != NULL, PTR_BAIL(error)) 392 393 /** 394 * Ensures `a` is greater than or equal to `b`, otherwise the function will `PTR_BAIL` with a `S2N_ERR_SAFETY` error 395 */ 396 #define PTR_ENSURE_GTE(a, b) __S2N_ENSURE((a) >= (b), PTR_BAIL(S2N_ERR_SAFETY)) 397 398 /** 399 * Ensures `a` is less than or equal to `b`, otherwise the function will `PTR_BAIL` with a `S2N_ERR_SAFETY` error 400 */ 401 #define PTR_ENSURE_LTE(a, b) __S2N_ENSURE((a) <= (b), PTR_BAIL(S2N_ERR_SAFETY)) 402 403 /** 404 * Ensures `a` is greater than `b`, otherwise the function will `PTR_BAIL` with a `S2N_ERR_SAFETY` error 405 */ 406 #define PTR_ENSURE_GT(a, b) __S2N_ENSURE((a) > (b), PTR_BAIL(S2N_ERR_SAFETY)) 407 408 /** 409 * Ensures `a` is less than `b`, otherwise the function will `PTR_BAIL` with a `S2N_ERR_SAFETY` error 410 */ 411 #define PTR_ENSURE_LT(a, b) __S2N_ENSURE((a) < (b), PTR_BAIL(S2N_ERR_SAFETY)) 412 413 /** 414 * Ensures `a` is equal to `b`, otherwise the function will `PTR_BAIL` with a `S2N_ERR_SAFETY` error 415 */ 416 #define PTR_ENSURE_EQ(a, b) __S2N_ENSURE((a) == (b), PTR_BAIL(S2N_ERR_SAFETY)) 417 418 /** 419 * Ensures `a` is not equal to `b`, otherwise the function will `PTR_BAIL` with a `S2N_ERR_SAFETY` error 420 */ 421 #define PTR_ENSURE_NE(a, b) __S2N_ENSURE((a) != (b), PTR_BAIL(S2N_ERR_SAFETY)) 422 423 /** 424 * Ensures `min <= n <= max`, otherwise the function will `PTR_BAIL` with `S2N_ERR_SAFETY` 425 */ 426 #define PTR_ENSURE_INCLUSIVE_RANGE(min, n, max) \ 427 do { \ 428 __typeof(n) __tmp_n = ( n ); \ 429 __typeof(n) __tmp_min = ( min ); \ 430 __typeof(n) __tmp_max = ( max ); \ 431 PTR_ENSURE_GTE(__tmp_n, __tmp_min); \ 432 PTR_ENSURE_LTE(__tmp_n, __tmp_max); \ 433 } while(0) 434 435 /** 436 * Ensures `min < n < max`, otherwise the function will `PTR_BAIL` with `S2N_ERR_SAFETY` 437 */ 438 #define PTR_ENSURE_EXCLUSIVE_RANGE(min, n, max) \ 439 do { \ 440 __typeof(n) __tmp_n = ( n ); \ 441 __typeof(n) __tmp_min = ( min ); \ 442 __typeof(n) __tmp_max = ( max ); \ 443 PTR_ENSURE_GT(__tmp_n, __tmp_min); \ 444 PTR_ENSURE_LT(__tmp_n, __tmp_max); \ 445 } while(0) 446 447 /** 448 * Ensures `x` is a readable reference, otherwise the function will `PTR_BAIL` with `S2N_ERR_NULL` 449 */ 450 #define PTR_ENSURE_REF(x) __S2N_ENSURE(S2N_OBJECT_PTR_IS_READABLE(x), PTR_BAIL(S2N_ERR_NULL)) 451 452 /** 453 * Ensures `x` is a mutable reference, otherwise the function will `PTR_BAIL` with `S2N_ERR_NULL` 454 */ 455 #define PTR_ENSURE_MUT(x) __S2N_ENSURE(S2N_OBJECT_PTR_IS_WRITABLE(x), PTR_BAIL(S2N_ERR_NULL)) 456 457 /** 458 * Ensures the `result` is `S2N_RESULT_OK`, otherwise the function will return an error signal 459 * 460 * `PTR_PRECONDITION` should be used at the beginning of a function to make assertions about 461 * the provided arguments. By default, it is functionally equivalent to `PTR_GUARD_RESULT(result)` 462 * but can be altered by a testing environment to provide additional guarantees. 463 */ 464 #define PTR_PRECONDITION(result) PTR_GUARD_RESULT(__S2N_ENSURE_PRECONDITION((result))) 465 466 /** 467 * Ensures the `result` is `S2N_RESULT_OK`, otherwise the function will return an error signal 468 * 469 * NOTE: The condition will _only_ be checked when the code is compiled in debug mode. 470 * In release mode, the check is removed. 471 * 472 * `PTR_POSTCONDITION` should be used at the end of a function to make assertions about 473 * the resulting state. In debug mode, it is functionally equivalent to `PTR_GUARD_RESULT(result)`. 474 * In production builds, it becomes a no-op. This can also be altered by a testing environment 475 * to provide additional guarantees. 476 */ 477 #define PTR_POSTCONDITION(result) PTR_GUARD_RESULT(__S2N_ENSURE_POSTCONDITION((result))) 478 479 /** 480 * Performs a safer memcpy. 481 * 482 * The following checks are performed: 483 * 484 * * `destination` is non-null 485 * * `source` is non-null 486 * 487 * Callers will still need to ensure the following: 488 * 489 * * The size of the data pointed to by both the `destination` and `source` parameters, 490 * shall be at least `len` bytes. 491 */ 492 #define PTR_CHECKED_MEMCPY(destination, source, len) __S2N_ENSURE_SAFE_MEMCPY((destination), (source), (len), PTR_GUARD_PTR) 493 494 /** 495 * Performs a safer memset 496 * 497 * The following checks are performed: 498 * 499 * * `destination` is non-null 500 * 501 * Callers will still need to ensure the following: 502 * 503 * * The size of the data pointed to by the `destination` parameter shall be at least 504 * `len` bytes. 505 */ 506 #define PTR_CHECKED_MEMSET(destination, value, len) __S2N_ENSURE_SAFE_MEMSET((destination), (value), (len), PTR_ENSURE_REF) 507 508 /** 509 * Ensures `(result) != NULL`, otherwise the function will return `NULL` 510 */ 511 #define PTR_GUARD(result) __S2N_ENSURE((result) != NULL, return NULL) 512 513 /** 514 * Ensures `result == _OSSL_SUCCESS`, otherwise the function will `PTR_BAIL` with `error` 515 */ 516 #define PTR_GUARD_OSSL(result, error) __S2N_ENSURE((result) == _OSSL_SUCCESS, PTR_BAIL(error)) 517 518 /** 519 * Ensures `s2n_result_is_ok(result)`, otherwise the function will return `NULL` 520 */ 521 #define PTR_GUARD_RESULT(result) __S2N_ENSURE(s2n_result_is_ok(result), return NULL) 522 523 /** 524 * Ensures `(result) >= S2N_SUCCESS`, otherwise the function will return `NULL` 525 */ 526 #define PTR_GUARD_POSIX(result) __S2N_ENSURE((result) >= S2N_SUCCESS, return NULL) 527 528 /** 529 * Ensures `(result) != NULL`, otherwise the function will return `NULL` 530 */ 531 #define PTR_GUARD_PTR(result) __S2N_ENSURE((result) != NULL, return NULL) 532 533