Adds macros to check readable/mutable references (#1991)

* Adds ENSURE macros to check readable and mutable references

Signed-off-by: Felipe R. Monteiro <felisous@amazon.com>

* Replaces ENSURE_NONNULL by ENSURE_REF (and variants)

Signed-off-by: Felipe R. Monteiro <felisous@amazon.com>

Author: feliperodri

crypto/s2n_certificate.c

@@ -512,6 +512,6 @@ s2n_pkey_type s2n_cert_chain_and_key_get_pkey_type(struct s2n_cert_chain_and_key
 
 s2n_cert_private_key *s2n_cert_chain_and_key_get_private_key(struct s2n_cert_chain_and_key *chain_and_key)
 {
-    ENSURE_PTR_NONNULL(chain_and_key);
+    ENSURE_REF_PTR(chain_and_key);
     return chain_and_key->private_key;
 }

crypto/s2n_ecc_evp.c

@@ -55,17 +55,17 @@ const struct s2n_ecc_named_curve s2n_ecc_curve_secp384r1 =
 
 #if EVP_APIS_SUPPORTED
 const struct s2n_ecc_named_curve s2n_ecc_curve_x25519 = {
-    .iana_id = TLS_EC_CURVE_ECDH_X25519, 
-    .libcrypto_nid = NID_X25519, 
-    .name = "x25519", 
+    .iana_id = TLS_EC_CURVE_ECDH_X25519,
+    .libcrypto_nid = NID_X25519,
+    .name = "x25519",
     .share_size = 32
 };
-#else 
+#else
 const struct s2n_ecc_named_curve s2n_ecc_curve_x25519 = {0};
 #endif
 
-/* All curves that s2n supports. New curves MUST be added here. 
- * This list is a super set of all the curves present in s2n_ecc_preferences list. 
+/* All curves that s2n supports. New curves MUST be added here.
+ * This list is a super set of all the curves present in s2n_ecc_preferences list.
  */
 const struct s2n_ecc_named_curve *const s2n_all_supported_curves_list[] = {
     &s2n_ecc_curve_secp256r1,
@@ -158,7 +158,7 @@ static int s2n_ecc_evp_compute_shared_secret(EVP_PKEY *own_key, EVP_PKEY *peer_p
     }
 
     size_t shared_secret_size;
-    
+
     DEFER_CLEANUP(EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new(own_key, NULL), EVP_PKEY_CTX_free_pointer);
     S2N_ERROR_IF(ctx == NULL, S2N_ERR_ECDHE_SHARED_SECRET);
 
@@ -177,7 +177,7 @@ static int s2n_ecc_evp_compute_shared_secret(EVP_PKEY *own_key, EVP_PKEY *peer_p
 
 int s2n_ecc_evp_generate_ephemeral_key(struct s2n_ecc_evp_params *ecc_evp_params) {
     notnull_check(ecc_evp_params->negotiated_curve);
-    S2N_ERROR_IF(ecc_evp_params->evp_pkey != NULL, S2N_ERR_ECDHE_GEN_KEY); 
+    S2N_ERROR_IF(ecc_evp_params->evp_pkey != NULL, S2N_ERR_ECDHE_GEN_KEY);
     S2N_ERROR_IF(s2n_ecc_evp_generate_own_key(ecc_evp_params->negotiated_curve, &ecc_evp_params->evp_pkey) != 0,
                  S2N_ERR_ECDHE_GEN_KEY);
     S2N_ERROR_IF(ecc_evp_params->evp_pkey == NULL, S2N_ERR_ECDHE_GEN_KEY);
@@ -198,15 +198,15 @@ int s2n_ecc_evp_compute_shared_secret_from_params(struct s2n_ecc_evp_params *pri
     return 0;
 }
 
-int s2n_ecc_evp_compute_shared_secret_as_server(struct s2n_ecc_evp_params *ecc_evp_params, 
+int s2n_ecc_evp_compute_shared_secret_as_server(struct s2n_ecc_evp_params *ecc_evp_params,
                                             struct s2n_stuffer *Yc_in, struct s2n_blob *shared_key) {
     notnull_check(ecc_evp_params->negotiated_curve);
-    notnull_check(ecc_evp_params->evp_pkey); 
+    notnull_check(ecc_evp_params->evp_pkey);
     notnull_check(Yc_in);
 
     uint8_t client_public_len;
     struct s2n_blob client_public_blob = {0};
-    
+
     DEFER_CLEANUP(EVP_PKEY *peer_key = EVP_PKEY_new(), EVP_PKEY_free_pointer);
     S2N_ERROR_IF(peer_key == NULL, S2N_ERR_BAD_MESSAGE);
     GUARD(s2n_stuffer_read_uint8(Yc_in, &client_public_len));
@@ -244,17 +244,17 @@ int s2n_ecc_evp_compute_shared_secret_as_server(struct s2n_ecc_evp_params *ecc_e
 
 }
 
-int s2n_ecc_evp_compute_shared_secret_as_client(struct s2n_ecc_evp_params *ecc_evp_params, 
+int s2n_ecc_evp_compute_shared_secret_as_client(struct s2n_ecc_evp_params *ecc_evp_params,
                                             struct s2n_stuffer *Yc_out, struct s2n_blob *shared_key) {
 
-    DEFER_CLEANUP(struct s2n_ecc_evp_params client_params = {0}, s2n_ecc_evp_params_free); 
+    DEFER_CLEANUP(struct s2n_ecc_evp_params client_params = {0}, s2n_ecc_evp_params_free);
 
     notnull_check(ecc_evp_params->negotiated_curve);
     client_params.negotiated_curve = ecc_evp_params->negotiated_curve;
     GUARD(s2n_ecc_evp_generate_own_key(client_params.negotiated_curve, &client_params.evp_pkey));
     S2N_ERROR_IF(client_params.evp_pkey == NULL, S2N_ERR_ECDHE_GEN_KEY);
 
-    if (s2n_ecc_evp_compute_shared_secret(client_params.evp_pkey, ecc_evp_params->evp_pkey, 
+    if (s2n_ecc_evp_compute_shared_secret(client_params.evp_pkey, ecc_evp_params->evp_pkey,
                                           ecc_evp_params->negotiated_curve->iana_id, shared_key) != S2N_SUCCESS) {
         S2N_ERROR(S2N_ERR_ECDHE_SHARED_SECRET);
     }
@@ -265,7 +265,7 @@ int s2n_ecc_evp_compute_shared_secret_as_client(struct s2n_ecc_evp_params *ecc_e
         S2N_ERROR(S2N_ERR_ECDHE_SERIALIZING);
     }
     return 0;
-    
+
 }
 
 #if (!EVP_APIS_SUPPORTED)
@@ -352,7 +352,7 @@ int s2n_ecc_evp_write_params_point(struct s2n_ecc_evp_params *ecc_evp_params, st
     if (size != ecc_evp_params->negotiated_curve->share_size) {
         OPENSSL_free(encoded_point);
         S2N_ERROR(S2N_ERR_ECDHE_SERIALIZING);
-    } 
+    }
     else {
         point_blob.data = s2n_stuffer_raw_write(out, ecc_evp_params->negotiated_curve->share_size);
         notnull_check(point_blob.data);

error/s2n_errno.h

@@ -283,18 +283,19 @@ extern __thread const char *s2n_debug_str;
  * Violations of the function contracts are undefined behaviour.
  */
 #ifdef CBMC
+#    define S2N_OBJECT_PTR_IS_READABLE(ptr) S2N_MEM_IS_READABLE((ptr), sizeof(*(ptr)))
+#    define S2N_OBJECT_PTR_IS_WRITABLE(ptr) S2N_MEM_IS_WRITABLE((ptr), sizeof(*(ptr)))
 #    define S2N_MEM_IS_READABLE(base, len) (((len) == 0) || __CPROVER_r_ok((base), (len)))
 #    define S2N_MEM_IS_WRITABLE(base, len) (((len) == 0) || __CPROVER_w_ok((base), (len)))
 #else
 /* the C runtime does not give a way to check these properties,
  * but we can at least check that the pointer is valid */
-#    define S2N_MEM_IS_READABLE(base, len) (((len) == 0) || (base))
-#    define S2N_MEM_IS_WRITABLE(base, len) (((len) == 0) || (base))
+#    define S2N_OBJECT_PTR_IS_READABLE(ptr) ((ptr) != NULL)
+#    define S2N_OBJECT_PTR_IS_WRITABLE(ptr) ((ptr) != NULL)
+#    define S2N_MEM_IS_READABLE(base, len) (((len) == 0) || (base) != NULL)
+#    define S2N_MEM_IS_WRITABLE(base, len) (((len) == 0) || (base) != NULL)
 #endif /* CBMC */
 
-#define S2N_OBJECT_PTR_IS_READABLE(ptr) S2N_MEM_IS_READABLE((ptr), sizeof(*(ptr)))
-#define S2N_OBJECT_PTR_IS_WRITABLE(ptr) S2N_MEM_IS_WRITABLE((ptr), sizeof(*(ptr)))
-
 #define S2N_IMPLIES(a, b) (!(a) || (b))
 
 /** Calculate and print stacktraces */

tls/s2n_async_pkey.c

@@ -94,7 +94,7 @@ DEFINE_POINTER_CLEANUP_FUNC(struct s2n_async_pkey_op *, s2n_async_pkey_op_free);
 
 static S2N_RESULT s2n_async_get_actions(s2n_async_pkey_op_type type, const struct s2n_async_pkey_op_actions **actions)
 {
-    ENSURE_NONNULL(actions);
+    ENSURE_REF(actions);
 
     switch (type) {
         case S2N_ASYNC_DECRYPT:
@@ -111,7 +111,7 @@ static S2N_RESULT s2n_async_get_actions(s2n_async_pkey_op_type type, const struc
 
 static S2N_RESULT s2n_async_pkey_op_allocate(struct s2n_async_pkey_op **op)
 {
-    ENSURE_NONNULL(op);
+    ENSURE_REF(op);
     ENSURE(*op == NULL, S2N_ERR_SAFETY);
 
     /* allocate memory */
@@ -130,10 +130,10 @@ static S2N_RESULT s2n_async_pkey_op_allocate(struct s2n_async_pkey_op **op)
 S2N_RESULT s2n_async_pkey_decrypt(struct s2n_connection *conn, struct s2n_blob *encrypted,
                                   struct s2n_blob *init_decrypted, s2n_async_pkey_decrypt_complete on_complete)
 {
-    ENSURE_NONNULL(conn);
-    ENSURE_NONNULL(encrypted);
-    ENSURE_NONNULL(init_decrypted);
-    ENSURE_NONNULL(on_complete);
+    ENSURE_REF(conn);
+    ENSURE_REF(encrypted);
+    ENSURE_REF(init_decrypted);
+    ENSURE_REF(on_complete);
 
     if (conn->config->async_pkey_cb) {
         GUARD_RESULT(s2n_async_pkey_decrypt_async(conn, encrypted, init_decrypted, on_complete));
@@ -147,10 +147,10 @@ S2N_RESULT s2n_async_pkey_decrypt(struct s2n_connection *conn, struct s2n_blob *
 S2N_RESULT s2n_async_pkey_decrypt_async(struct s2n_connection *conn, struct s2n_blob *encrypted,
                                         struct s2n_blob *init_decrypted, s2n_async_pkey_decrypt_complete on_complete)
 {
-    ENSURE_NONNULL(conn);
-    ENSURE_NONNULL(encrypted);
-    ENSURE_NONNULL(init_decrypted);
-    ENSURE_NONNULL(on_complete);
+    ENSURE_REF(conn);
+    ENSURE_REF(encrypted);
+    ENSURE_REF(init_decrypted);
+    ENSURE_REF(on_complete);
     ENSURE(conn->handshake.async_state == S2N_ASYNC_NOT_INVOKED, S2N_ERR_ASYNC_MORE_THAN_ONE);
 
     DEFER_CLEANUP(struct s2n_async_pkey_op *op = NULL, s2n_async_pkey_op_free_pointer);
@@ -185,10 +185,10 @@ S2N_RESULT s2n_async_pkey_decrypt_async(struct s2n_connection *conn, struct s2n_
 S2N_RESULT s2n_async_pkey_decrypt_sync(struct s2n_connection *conn, struct s2n_blob *encrypted,
                                        struct s2n_blob *init_decrypted, s2n_async_pkey_decrypt_complete on_complete)
 {
-    ENSURE_NONNULL(conn);
-    ENSURE_NONNULL(encrypted);
-    ENSURE_NONNULL(init_decrypted);
-    ENSURE_NONNULL(on_complete);
+    ENSURE_REF(conn);
+    ENSURE_REF(encrypted);
+    ENSURE_REF(init_decrypted);
+    ENSURE_REF(on_complete);
 
     const struct s2n_pkey *pkey = conn->handshake_params.our_chain_and_key->private_key;
 
@@ -201,9 +201,9 @@ S2N_RESULT s2n_async_pkey_decrypt_sync(struct s2n_connection *conn, struct s2n_b
 S2N_RESULT s2n_async_pkey_sign(struct s2n_connection *conn, s2n_signature_algorithm sig_alg,
                                struct s2n_hash_state *digest, s2n_async_pkey_sign_complete on_complete)
 {
-    ENSURE_NONNULL(conn);
-    ENSURE_NONNULL(digest);
-    ENSURE_NONNULL(on_complete);
+    ENSURE_REF(conn);
+    ENSURE_REF(digest);
+    ENSURE_REF(on_complete);
 
     if (conn->config->async_pkey_cb) {
         GUARD_RESULT(s2n_async_pkey_sign_async(conn, sig_alg, digest, on_complete));
@@ -217,9 +217,9 @@ S2N_RESULT s2n_async_pkey_sign(struct s2n_connection *conn, s2n_signature_algori
 S2N_RESULT s2n_async_pkey_sign_async(struct s2n_connection *conn, s2n_signature_algorithm sig_alg,
                                      struct s2n_hash_state *digest, s2n_async_pkey_sign_complete on_complete)
 {
-    ENSURE_NONNULL(conn);
-    ENSURE_NONNULL(digest);
-    ENSURE_NONNULL(on_complete);
+    ENSURE_REF(conn);
+    ENSURE_REF(digest);
+    ENSURE_REF(on_complete);
     ENSURE(conn->handshake.async_state == S2N_ASYNC_NOT_INVOKED, S2N_ERR_ASYNC_MORE_THAN_ONE);
 
     DEFER_CLEANUP(struct s2n_async_pkey_op *op = NULL, s2n_async_pkey_op_free_pointer);
@@ -255,9 +255,9 @@ S2N_RESULT s2n_async_pkey_sign_async(struct s2n_connection *conn, s2n_signature_
 S2N_RESULT s2n_async_pkey_sign_sync(struct s2n_connection *conn, s2n_signature_algorithm sig_alg,
                                     struct s2n_hash_state *digest, s2n_async_pkey_sign_complete on_complete)
 {
-    ENSURE_NONNULL(conn);
-    ENSURE_NONNULL(digest);
-    ENSURE_NONNULL(on_complete);
+    ENSURE_REF(conn);
+    ENSURE_REF(digest);
+    ENSURE_REF(on_complete);
 
     const struct s2n_pkey *pkey = conn->handshake_params.our_chain_and_key->private_key;
     DEFER_CLEANUP(struct s2n_blob signed_content = { 0 }, s2n_free);
@@ -274,8 +274,8 @@ S2N_RESULT s2n_async_pkey_sign_sync(struct s2n_connection *conn, s2n_signature_a
 
 int s2n_async_pkey_op_perform(struct s2n_async_pkey_op *op, s2n_cert_private_key *key)
 {
-    ENSURE_POSIX_NONNULL(op);
-    ENSURE_POSIX_NONNULL(key);
+    ENSURE_POSIX_REF(op);
+    ENSURE_POSIX_REF(key);
     ENSURE_POSIX(!op->complete, S2N_ERR_ASYNC_ALREADY_PERFORMED);
 
     const struct s2n_async_pkey_op_actions *actions = NULL;
@@ -290,8 +290,8 @@ int s2n_async_pkey_op_perform(struct s2n_async_pkey_op *op, s2n_cert_private_key
 
 int s2n_async_pkey_op_apply(struct s2n_async_pkey_op *op, struct s2n_connection *conn)
 {
-    ENSURE_POSIX_NONNULL(op);
-    ENSURE_POSIX_NONNULL(conn);
+    ENSURE_POSIX_REF(op);
+    ENSURE_POSIX_REF(conn);
     ENSURE_POSIX(op->complete, S2N_ERR_ASYNC_NOT_PERFORMED);
     ENSURE_POSIX(!op->applied, S2N_ERR_ASYNC_ALREADY_APPLIED);
     /* We could have just used op->conn and removed a conn argument, but we want caller
@@ -318,7 +318,7 @@ int s2n_async_pkey_op_apply(struct s2n_async_pkey_op *op, struct s2n_connection
 
 int s2n_async_pkey_op_free(struct s2n_async_pkey_op *op)
 {
-    ENSURE_POSIX_NONNULL(op);
+    ENSURE_POSIX_REF(op);
     const struct s2n_async_pkey_op_actions *actions = NULL;
     GUARD_AS_POSIX(s2n_async_get_actions(op->type, &actions));
 
@@ -332,8 +332,8 @@ int s2n_async_pkey_op_free(struct s2n_async_pkey_op *op)
 
 S2N_RESULT s2n_async_pkey_decrypt_perform(struct s2n_async_pkey_op *op, s2n_cert_private_key *pkey)
 {
-    ENSURE_NONNULL(op);
-    ENSURE_NONNULL(pkey);
+    ENSURE_REF(op);
+    ENSURE_REF(pkey);
 
     struct s2n_async_pkey_decrypt_data *decrypt = &op->op.decrypt;
 
@@ -344,8 +344,8 @@ S2N_RESULT s2n_async_pkey_decrypt_perform(struct s2n_async_pkey_op *op, s2n_cert
 
 S2N_RESULT s2n_async_pkey_decrypt_apply(struct s2n_async_pkey_op *op, struct s2n_connection *conn)
 {
-    ENSURE_NONNULL(op);
-    ENSURE_NONNULL(conn);
+    ENSURE_REF(op);
+    ENSURE_REF(conn);
 
     struct s2n_async_pkey_decrypt_data *decrypt = &op->op.decrypt;
 
@@ -356,7 +356,7 @@ S2N_RESULT s2n_async_pkey_decrypt_apply(struct s2n_async_pkey_op *op, struct s2n
 
 S2N_RESULT s2n_async_pkey_decrypt_free(struct s2n_async_pkey_op *op)
 {
-    ENSURE_NONNULL(op);
+    ENSURE_REF(op);
 
     struct s2n_async_pkey_decrypt_data *decrypt = &op->op.decrypt;
 
@@ -370,8 +370,8 @@ S2N_RESULT s2n_async_pkey_decrypt_free(struct s2n_async_pkey_op *op)
 
 S2N_RESULT s2n_async_pkey_sign_perform(struct s2n_async_pkey_op *op, s2n_cert_private_key *pkey)
 {
-    ENSURE_NONNULL(op);
-    ENSURE_NONNULL(pkey);
+    ENSURE_REF(op);
+    ENSURE_REF(pkey);
 
     struct s2n_async_pkey_sign_data *sign = &op->op.sign;
 
@@ -385,8 +385,8 @@ S2N_RESULT s2n_async_pkey_sign_perform(struct s2n_async_pkey_op *op, s2n_cert_pr
 
 S2N_RESULT s2n_async_pkey_sign_apply(struct s2n_async_pkey_op *op, struct s2n_connection *conn)
 {
-    ENSURE_NONNULL(op);
-    ENSURE_NONNULL(conn);
+    ENSURE_REF(op);
+    ENSURE_REF(conn);
 
     struct s2n_async_pkey_sign_data *sign = &op->op.sign;
 
@@ -397,7 +397,7 @@ S2N_RESULT s2n_async_pkey_sign_apply(struct s2n_async_pkey_op *op, struct s2n_co
 
 S2N_RESULT s2n_async_pkey_sign_free(struct s2n_async_pkey_op *op)
 {
-    ENSURE_NONNULL(op);
+    ENSURE_REF(op);
 
     struct s2n_async_pkey_sign_data *sign = &op->op.sign;
 
@@ -406,4 +406,3 @@ S2N_RESULT s2n_async_pkey_sign_free(struct s2n_async_pkey_op *op)
 
     return S2N_RESULT_OK;
 }
-