Clang for Windows does not like OPENSSL_COMPILE_ASSERT inside a function in C++. It complains that the struct is unused. I think we worked around this in C previously by making it expand to C11 _Static_assert when available. But libssl is now C++ and assumes a C++11-capable compiler. Use real static_assert. Bug: 132 Change-Id: I6aceb95360244bd2c80d194b80676483abb60519 Reviewed-on: https://boringssl-review.googlesource.com/17924 Reviewed-by: Adam Langley <agl@google.com>kris/onging/CECPQ3_patch15
@@ -122,7 +122,6 @@ | |||
#include <openssl/evp.h> | |||
#include <openssl/mem.h> | |||
#include <openssl/rand.h> | |||
#include <openssl/type_check.h> | |||
#include "../crypto/internal.h" | |||
#include "internal.h" | |||
@@ -538,9 +537,9 @@ int dtls1_finish_message(SSL *ssl, CBB *cbb, uint8_t **out_msg, | |||
* it takes ownership of |data| and releases it with |OPENSSL_free| when | |||
* done. */ | |||
static int add_outgoing(SSL *ssl, int is_ccs, uint8_t *data, size_t len) { | |||
OPENSSL_COMPILE_ASSERT(SSL_MAX_HANDSHAKE_FLIGHT < | |||
(1 << 8 * sizeof(ssl->d1->outgoing_messages_len)), | |||
outgoing_messages_len_is_too_small); | |||
static_assert(SSL_MAX_HANDSHAKE_FLIGHT < | |||
(1 << 8 * sizeof(ssl->d1->outgoing_messages_len)), | |||
"outgoing_messages_len is too small"); | |||
if (ssl->d1->outgoing_messages_len >= SSL_MAX_HANDSHAKE_FLIGHT) { | |||
assert(0); | |||
OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR); | |||
@@ -1512,8 +1512,8 @@ static int ssl3_send_client_certificate(SSL_HANDSHAKE *hs) { | |||
return 1; | |||
} | |||
OPENSSL_COMPILE_ASSERT(sizeof(size_t) >= sizeof(unsigned), | |||
SIZE_T_IS_SMALLER_THAN_UNSIGNED); | |||
static_assert(sizeof(size_t) >= sizeof(unsigned), | |||
"size_t is smaller than unsigned"); | |||
static int ssl3_send_client_key_exchange(SSL_HANDSHAKE *hs) { | |||
SSL *const ssl = hs->ssl; | |||
@@ -20,7 +20,6 @@ | |||
#include <openssl/aead.h> | |||
#include <openssl/err.h> | |||
#include <openssl/rand.h> | |||
#include <openssl/type_check.h> | |||
#include "../crypto/internal.h" | |||
#include "internal.h" | |||
@@ -78,8 +77,8 @@ SSL_AEAD_CTX *SSL_AEAD_CTX_new(enum evp_aead_direction_t direction, | |||
} | |||
assert(EVP_AEAD_nonce_length(aead) <= EVP_AEAD_MAX_NONCE_LENGTH); | |||
OPENSSL_COMPILE_ASSERT(EVP_AEAD_MAX_NONCE_LENGTH < 256, | |||
variable_nonce_len_doesnt_fit_in_uint8_t); | |||
static_assert(EVP_AEAD_MAX_NONCE_LENGTH < 256, | |||
"variable_nonce_len doesn't fit in uint8_t"); | |||
aead_ctx->variable_nonce_len = (uint8_t)EVP_AEAD_nonce_length(aead); | |||
if (mac_key_len == 0) { | |||
assert(fixed_iv_len <= sizeof(aead_ctx->fixed_nonce)); | |||
@@ -22,16 +22,17 @@ | |||
#include <openssl/bio.h> | |||
#include <openssl/err.h> | |||
#include <openssl/mem.h> | |||
#include <openssl/type_check.h> | |||
#include "../crypto/internal.h" | |||
#include "internal.h" | |||
OPENSSL_COMPILE_ASSERT(0xffff <= INT_MAX, uint16_fits_in_int); | |||
/* BIO uses int instead of size_t. No lengths will exceed uint16_t, so this will | |||
* not overflow. */ | |||
static_assert(0xffff <= INT_MAX, "uint16_t does not fit in int"); | |||
OPENSSL_COMPILE_ASSERT((SSL3_ALIGN_PAYLOAD & (SSL3_ALIGN_PAYLOAD - 1)) == 0, | |||
align_to_a_power_of_two); | |||
static_assert((SSL3_ALIGN_PAYLOAD & (SSL3_ALIGN_PAYLOAD - 1)) == 0, | |||
"SSL3_ALIGN_PAYLOAD must be a power of 2"); | |||
/* ensure_buffer ensures |buf| has capacity at least |cap|, aligned such that | |||
* data written after |header_len| is aligned to a |SSL3_ALIGN_PAYLOAD|-byte | |||
@@ -142,9 +143,9 @@ int ssl_read_buffer_extend_to(SSL *ssl, size_t len) { | |||
ssl_read_buffer_discard(ssl); | |||
if (SSL_is_dtls(ssl)) { | |||
OPENSSL_COMPILE_ASSERT( | |||
static_assert( | |||
DTLS1_RT_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH <= 0xffff, | |||
dtls_read_buffer_too_large); | |||
"DTLS read buffer is too large"); | |||
/* The |len| parameter is ignored in DTLS. */ | |||
len = DTLS1_RT_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH; | |||
@@ -203,15 +204,16 @@ int ssl_write_buffer_is_pending(const SSL *ssl) { | |||
return ssl->s3->write_buffer.len > 0; | |||
} | |||
OPENSSL_COMPILE_ASSERT(SSL3_RT_HEADER_LENGTH * 2 + | |||
SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD * 2 + | |||
SSL3_RT_MAX_PLAIN_LENGTH <= 0xffff, | |||
maximum_tls_write_buffer_too_large); | |||
static_assert(SSL3_RT_HEADER_LENGTH * 2 + | |||
SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD * 2 + | |||
SSL3_RT_MAX_PLAIN_LENGTH <= | |||
0xffff, | |||
"maximum TLS write buffer is too large"); | |||
OPENSSL_COMPILE_ASSERT(DTLS1_RT_HEADER_LENGTH + | |||
SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD + | |||
SSL3_RT_MAX_PLAIN_LENGTH <= 0xffff, | |||
maximum_dtls_write_buffer_too_large); | |||
static_assert(DTLS1_RT_HEADER_LENGTH + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD + | |||
SSL3_RT_MAX_PLAIN_LENGTH <= | |||
0xffff, | |||
"maximum DTLS write buffer is too large"); | |||
int ssl_write_buffer_init(SSL *ssl, uint8_t **out_ptr, size_t max_len) { | |||
SSL3_BUFFER *buf = &ssl->s3->write_buffer; | |||
@@ -173,9 +173,9 @@ OPENSSL_DECLARE_ERROR_REASON(SSL, NO_CIPHERS_SPECIFIED) | |||
/* Some error codes are special. Ensure the make_errors.go script never | |||
* regresses this. */ | |||
OPENSSL_COMPILE_ASSERT(SSL_R_TLSV1_ALERT_NO_RENEGOTIATION == | |||
SSL_AD_NO_RENEGOTIATION + SSL_AD_REASON_OFFSET, | |||
ssl_alert_reason_code_mismatch); | |||
static_assert(SSL_R_TLSV1_ALERT_NO_RENEGOTIATION == | |||
SSL_AD_NO_RENEGOTIATION + SSL_AD_REASON_OFFSET, | |||
"alert reason code mismatch"); | |||
/* kMaxHandshakeSize is the maximum size, in bytes, of a handshake message. */ | |||
static const size_t kMaxHandshakeSize = (1u << 24) - 1; | |||
@@ -1083,7 +1083,7 @@ static int set_session_id_context(CERT *cert, const uint8_t *sid_ctx, | |||
return 0; | |||
} | |||
OPENSSL_COMPILE_ASSERT(sizeof(cert->sid_ctx) < 256, sid_ctx_too_large); | |||
static_assert(sizeof(cert->sid_ctx) < 256, "sid_ctx too large"); | |||
cert->sid_ctx_length = (uint8_t)sid_ctx_len; | |||
OPENSSL_memcpy(cert->sid_ctx, sid_ctx, sid_ctx_len); | |||
return 1; | |||
@@ -64,7 +64,6 @@ | |||
#include <openssl/err.h> | |||
#include <openssl/evp.h> | |||
#include <openssl/mem.h> | |||
#include <openssl/type_check.h> | |||
#include "internal.h" | |||
#include "../crypto/internal.h" | |||
@@ -271,8 +270,8 @@ int SSL_set_private_key_digest_prefs(SSL *ssl, const int *digest_nids, | |||
size_t num_digests) { | |||
OPENSSL_free(ssl->cert->sigalgs); | |||
OPENSSL_COMPILE_ASSERT(sizeof(int) >= 2 * sizeof(uint16_t), | |||
digest_list_conversion_cannot_overflow); | |||
static_assert(sizeof(int) >= 2 * sizeof(uint16_t), | |||
"sigalgs allocation may overflow"); | |||
ssl->cert->num_sigalgs = 0; | |||
ssl->cert->sigalgs = | |||
@@ -121,7 +121,6 @@ | |||
#include <openssl/mem.h> | |||
#include <openssl/nid.h> | |||
#include <openssl/rand.h> | |||
#include <openssl/type_check.h> | |||
#include "internal.h" | |||
#include "../crypto/internal.h" | |||
@@ -2639,12 +2638,12 @@ static const struct tls_extension kExtensions[] = { | |||
#define kNumExtensions (sizeof(kExtensions) / sizeof(struct tls_extension)) | |||
OPENSSL_COMPILE_ASSERT(kNumExtensions <= | |||
sizeof(((SSL_HANDSHAKE *)NULL)->extensions.sent) * 8, | |||
too_many_extensions_for_sent_bitset); | |||
OPENSSL_COMPILE_ASSERT( | |||
kNumExtensions <= sizeof(((SSL_HANDSHAKE *)NULL)->extensions.received) * 8, | |||
too_many_extensions_for_received_bitset); | |||
static_assert(kNumExtensions <= | |||
sizeof(((SSL_HANDSHAKE *)NULL)->extensions.sent) * 8, | |||
"too many extensions for sent bitset"); | |||
static_assert(kNumExtensions <= | |||
sizeof(((SSL_HANDSHAKE *)NULL)->extensions.received) * 8, | |||
"too many extensions for received bitset"); | |||
static const struct tls_extension *tls_extension_find(uint32_t *out_index, | |||
uint16_t value) { | |||
@@ -2960,8 +2959,8 @@ static int ssl_scan_serverhello_tlsext(SSL_HANDSHAKE *hs, CBS *cbs, | |||
continue; | |||
} | |||
OPENSSL_COMPILE_ASSERT(kNumExtensions <= sizeof(hs->extensions.sent) * 8, | |||
too_many_bits); | |||
static_assert(kNumExtensions <= sizeof(hs->extensions.sent) * 8, | |||
"too many bits"); | |||
if (!(hs->extensions.sent & (1u << ext_index)) && | |||
type != TLSEXT_TYPE_renegotiate) { | |||
@@ -3486,9 +3485,9 @@ int tls1_record_handshake_hashes_for_channel_id(SSL_HANDSHAKE *hs) { | |||
return -1; | |||
} | |||
OPENSSL_COMPILE_ASSERT( | |||
static_assert( | |||
sizeof(hs->new_session->original_handshake_hash) == EVP_MAX_MD_SIZE, | |||
original_handshake_hash_is_too_small); | |||
"original_handshake_hash is too small"); | |||
size_t digest_len; | |||
if (!SSL_TRANSCRIPT_get_hash(&hs->transcript, | |||
@@ -3497,7 +3496,8 @@ int tls1_record_handshake_hashes_for_channel_id(SSL_HANDSHAKE *hs) { | |||
return -1; | |||
} | |||
OPENSSL_COMPILE_ASSERT(EVP_MAX_MD_SIZE <= 0xff, max_md_size_is_too_large); | |||
static_assert(EVP_MAX_MD_SIZE <= 0xff, | |||
"EVP_MAX_MD_SIZE does not fit in uint8_t"); | |||
hs->new_session->original_handshake_hash_len = (uint8_t)digest_len; | |||
return 1; | |||