From b4868034dd60ce0a19f230c6394aceb0bb8ca77b Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Thu, 6 Dec 2018 17:36:34 +0000 Subject: [PATCH 01/35] Add initial options and support for parameter validation This function adds the additional config.h option of MBEDTLS_CHECK_PARAMS which allows additional validation of parameters passed to the library. --- include/mbedtls/config.h | 22 ++++++++++++++++++++++ include/mbedtls/platform_util.h | 28 ++++++++++++++++++++++++++++ library/platform_util.c | 9 +++++++++ 3 files changed, 59 insertions(+) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 87a81c9ea..a8a8f7568 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -256,6 +256,25 @@ */ //#define MBEDTLS_DEPRECATED_REMOVED +/** + * \def MBEDTLS_CHECK_PARAMS + * + * This configuration controls whether the library validates parameters passed + * to it. + * + * Application code that deals with 3rd party input may wish to enable such + * validation, whilst code on closed systems, such as embedded systems, where + * the input is controlled and predictable, may wish to disable it entirely to + * reduce the code size of the library. + * + * When the symbol is not defined, no parameter validation except that required + * to ensure the integrity or security of the library are performed. + * + * When the symbol is defined, all parameters will be validated, and an error + * code returned where appropriate. + */ +#define MBEDTLS_CHECK_PARAMS + /* \} name SECTION: System support */ /** @@ -2996,6 +3015,9 @@ //#define MBEDTLS_PLATFORM_NV_SEED_READ_MACRO mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */ //#define MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */ +//#define MBEDTLS_PARAM_FAILED(x) mbedtls_param_failed( #x ) /**< Default parameter validation callback to use. Can be undefined */ + + /* SSL Cache options */ //#define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT 86400 /**< 1 day */ //#define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES 50 /**< Maximum entries in cache */ diff --git a/include/mbedtls/platform_util.h b/include/mbedtls/platform_util.h index 164a1a05f..4a2efde50 100644 --- a/include/mbedtls/platform_util.h +++ b/include/mbedtls/platform_util.h @@ -41,6 +41,34 @@ extern "C" { #endif +#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) && \ + !defined(MBEDTLS_PARAM_FAILED) +#define MBEDTLS_PARAM_FAILED( cond, file, line ) \ + mbedtls_param_failed( cond, file, line ) + +/** + * \brief User supplied callback function for parameter validation failure. + * + * When the MBEDTLS_CHECK_PARAMS option is enabled, the library + * provides additional validation of all input parameters to + * confirm that they conform to what the interface can accept. + * For example - NULL paramater checks. + * + * These checks are designed to check programmatic issues in the + * application software using Mbed TLS, or catch other runtime + * errors which may be due to issues in the application software. + * + * This function will be called unless an alternative function is + * defined through the MBEDTLS_PARAM_FAILURE function. + * + * This function can return, and the operation will be aborted, or + * alternatively, through use of setjmp()/longjmp() can resume + * execution in the application code. + */ +void mbedtls_param_failed( char* failure_condition, char* file, int line ); + +#endif /* MBEDTLS_CHECK_PARAMS && MBEDTLS_PLATFORM_C && !MBEDTLS_PARAM_FAILED */ + /** * \brief Securely zeroize a buffer * diff --git a/library/platform_util.c b/library/platform_util.c index ca5fe4fb8..61ed926ff 100644 --- a/library/platform_util.c +++ b/library/platform_util.c @@ -35,6 +35,7 @@ #endif #include "mbedtls/platform_util.h" +#include "mbedtls/platform.h" #include "mbedtls/threading.h" #include @@ -133,3 +134,11 @@ struct tm *mbedtls_platform_gmtime_r( const mbedtls_time_t *tt, #endif /* _WIN32 && !EFIX64 && !EFI32 */ } #endif /* MBEDTLS_HAVE_TIME_DATE && MBEDTLS_PLATFORM_GMTIME_R_ALT */ + +#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) && \ + defined(MBEDTLS_DEBUG_INVALID_PARAMS) +void mbedtls_param_failed( char* failure_condition ) +{ + mbedtls_printf("%s:%i: Input param failed - %s\n", __FILE__, __LINE__, failure_condition ); +} +#endif From 5201e414aa19aab1d3bf11283bbe761f4eb64b92 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Thu, 6 Dec 2018 17:40:14 +0000 Subject: [PATCH 02/35] Add optional parameter validation to the AES module This adds additional and optional parameter validation to the AES module that can be used by enabling the MBEDTLS_CHECK_PARAMS config.h option. --- include/mbedtls/aes.h | 20 ++++++++++++++++++++ library/aes.c | 26 ++++++++++++++++++-------- 2 files changed, 38 insertions(+), 8 deletions(-) diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h index cfb20c4fc..35c222918 100644 --- a/include/mbedtls/aes.h +++ b/include/mbedtls/aes.h @@ -67,6 +67,26 @@ /* MBEDTLS_ERR_AES_HW_ACCEL_FAILED is deprecated and should not be used. */ #define MBEDTLS_ERR_AES_HW_ACCEL_FAILED -0x0025 /**< AES hardware accelerator failed. */ +#if defined( MBEDTLS_CHECK_PARAMS ) +#define MBEDTLS_AES_VALIDATE_RET( cond ) do{ if( !(cond) ) { \ + MBEDTLS_PARAM_FAILED( #cond, \ + __FILE__, \ + __LINE__ ); \ + return MBEDTLS_ERR_AES_BAD_INPUT_DATA;} \ + } while(0); + +#define MBEDTLS_AES_VALIDATE( cond ) do{ if( !(cond) ) { \ + MBEDTLS_PARAM_FAILED( #cond, \ + __FILE__, \ + __LINE__ ); \ + return; } \ + } while(0); +#else +/* No validation of parameters will be performed */ +#define MBEDTLS_AES_VALIDATE_RET( cond ) +#define MBEDTLS_AES_VALIDATE( cond) +#endif + #if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ !defined(inline) && !defined(__cplusplus) #define inline __inline diff --git a/library/aes.c b/library/aes.c index 3de571e69..7a364a0f6 100644 --- a/library/aes.c +++ b/library/aes.c @@ -511,6 +511,8 @@ static void aes_gen_tables( void ) void mbedtls_aes_init( mbedtls_aes_context *ctx ) { + MBEDTLS_AES_VALIDATE( ctx != NULL ); + memset( ctx, 0, sizeof( mbedtls_aes_context ) ); } @@ -525,12 +527,16 @@ void mbedtls_aes_free( mbedtls_aes_context *ctx ) #if defined(MBEDTLS_CIPHER_MODE_XTS) void mbedtls_aes_xts_init( mbedtls_aes_xts_context *ctx ) { + MBEDTLS_AES_VALIDATE( ctx != NULL ); + mbedtls_aes_init( &ctx->crypt ); mbedtls_aes_init( &ctx->tweak ); } void mbedtls_aes_xts_free( mbedtls_aes_xts_context *ctx ) { + MBEDTLS_AES_VALIDATE( ctx != NULL ); + mbedtls_aes_free( &ctx->crypt ); mbedtls_aes_free( &ctx->tweak ); } @@ -546,14 +552,7 @@ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key, unsigned int i; uint32_t *RK; -#if !defined(MBEDTLS_AES_ROM_TABLES) - if( aes_init_done == 0 ) - { - aes_gen_tables(); - aes_init_done = 1; - - } -#endif + MBEDTLS_AES_VALIDATE_RET( ctx != NULL && key != NULL ); switch( keybits ) { @@ -563,6 +562,15 @@ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key, default : return( MBEDTLS_ERR_AES_INVALID_KEY_LENGTH ); } +#if !defined(MBEDTLS_AES_ROM_TABLES) + if( aes_init_done == 0 ) + { + aes_gen_tables(); + aes_init_done = 1; + + } +#endif + #if defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_PADLOCK_ALIGN16) if( aes_padlock_ace == -1 ) aes_padlock_ace = mbedtls_padlock_has_support( MBEDTLS_PADLOCK_ACE ); @@ -662,6 +670,8 @@ int mbedtls_aes_setkey_dec( mbedtls_aes_context *ctx, const unsigned char *key, uint32_t *RK; uint32_t *SK; + MBEDTLS_AES_VALIDATE_RET( ctx != NULL && key != NULL ); + mbedtls_aes_init( &cty ); #if defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_PADLOCK_ALIGN16) From a646345e3fb61573154c98f703ff1b5dc8cd57e2 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Thu, 6 Dec 2018 17:41:56 +0000 Subject: [PATCH 03/35] Add additional parameter validation tests for the AES module This adds additional tests to validate the AES module parameter validation checks which are enabled using the MBEDTLS_CHECK_PARAMS option. --- tests/suites/helpers.function | 185 +++++++++++++++++++++++++- tests/suites/test_suite_aes.function | 35 ++++- tests/suites/test_suite_aes.rest.data | 4 + 3 files changed, 213 insertions(+), 11 deletions(-) diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function index 32b1b790d..4c105ed3c 100644 --- a/tests/suites/helpers.function +++ b/tests/suites/helpers.function @@ -23,6 +23,11 @@ #include "mbedtls/memory_buffer_alloc.h" #endif +#if defined(MBEDTLS_CHECK_PARAMS) +#include +#define MBEDTLS_PARAM_FAILED(x) mbedtls_param_failed( #x ) +#endif + #ifdef _MSC_VER #include typedef UINT8 uint8_t; @@ -69,15 +74,166 @@ typedef struct data_tag /*----------------------------------------------------------------------------*/ /* Macros */ -#define TEST_ASSERT( TEST ) \ - do { \ - if( ! (TEST) ) \ - { \ - test_fail( #TEST, __LINE__, __FILE__ ); \ - goto exit; \ - } \ +#if defined(MBEDTLS_CHECK_PARAMS) + +/** + * \brief This macro tests the expression passed to it as a test step or + * individual test in a test case. + * + * It allows a library function to return a value and return an error + * code that can be tested. + * + * When MBEDTLS_CHECK_PARAMS is enabled, calls to the parameter failure + * callback, MBEDTLS_PARAM_FAIL, will be assumed to be a test failure. + * + * This macro is not suitable for negative parameter validation tests, + * as it assumes the test step will not create an error. + * + * \param TEST The test expression to be tested. + */ +#define TEST_ASSERT( TEST ) \ + do { \ + if ( setjmp( param_fail_jmp ) == 0 ) \ + { \ + if( ! (TEST) ) \ + { \ + test_fail( #TEST, __LINE__, __FILE__ ); \ + goto exit; \ + } \ + } \ + else \ + { \ + test_fail( #TEST, __LINE__, __FILE__ ); \ + goto exit; \ + } \ + memset( param_fail_jmp, 0, sizeof(jmp_buf) ); \ } while( 0 ) +/** + * \brief This macro tests and individual function call as a test step or + * individual test in a test case. + * + * It does not require a library function to return a value, and cannot + tets a return error code that can be tested. + * + * When MBEDTLS_CHECK_PARAMS is enabled, calls to the parameter failure + * callback, MBEDTLS_PARAM_FAIL, will be assumed to be a test failure. + * + * This macro is not suitable for negative parameter validation tests + * as it assumes the test step will not create an error. + * + * \param TEST The test statement to be executed. + */ +#define TEST_FN( TEST ) \ + do { \ + if ( setjmp( param_fail_jmp ) == 0 ) \ + { \ + TEST; \ + } \ + else \ + { \ + test_fail( #TEST, __LINE__, __FILE__ ); \ + goto exit; \ + } \ + memset( param_fail_jmp, 0, sizeof(jmp_buf) ); \ + } while( 0 ) + +/** + * \brief This macro tests the statement passed to it as a test step or + * individual test in a test case. The macro assumes the test will fail + * and will generate an error. + * + * It allows a library function to return a value and tests the return + * code on return to confirm the given error code was returned. + * + * When MBEDTLS_CHECK_PARAMS is enabled, calls to the parameter failure + * callback, MBEDTLS_PARAM_FAIL, are assumed to indicate the + * expected failure, and the test will pass. + * + * This macro is intended for negative parameter validation tests, + * where the failing function may return an error value or call + * MBEDTLS_PARAM_FAIL to indicate the error. + * + * \param PARAM_ERROR_VALUE The expected error code. + * + * \param TEST The test expression to be tested. + */ +#define TEST_INVALID_PARAM_RET( PARAM_ERR_VALUE, TEST ) \ + do { \ + if ( setjmp( param_fail_jmp ) == 0 ) \ + { \ + if( (TEST) != PARAM_ERR_VALUE) \ + { \ + test_fail( #TEST, __LINE__, __FILE__ ); \ + goto exit; \ + } \ + } \ + memset( param_fail_jmp, 0, sizeof(jmp_buf) ); \ + } while( 0 ) + +/** + * \brief This macro tests the statement passed to it as a test step or + * individual test in a test case. The macro assumes the test will fail + * and will generate an error. + * + * It assumes the library function under test cannot return a value and + * assumes errors can only be indicated byt calls to + * MBEDTLS_PARAM_FAIL. + * + * When MBEDTLS_CHECK_PARAMS is enabled, calls to the parameter failure + * callback, MBEDTLS_PARAM_FAIL, are assumed to indicate the + * expected failure. If MBEDTLS_CHECK_PARAMS is not enabled, no test + * can be made. + * + * This macro is intended for negative parameter validation tests, + * where the failing function can only return an error by calling + * MBEDTLS_PARAM_FAIL to indicate the error. + * + * \param TEST The test expression to be tested. + */ +#define TEST_INVALID_PARAM( TEST ) \ + do { \ + if ( setjmp( param_fail_jmp ) == 0 ) \ + { \ + TEST; \ + test_fail( #TEST, __LINE__, __FILE__ ); \ + goto exit; \ + } \ + memset( param_fail_jmp, 0, sizeof(jmp_buf) ); \ + } while( 0 ) + +#else + +#define TEST_ASSERT( TEST ) \ + do { \ + if( ! (TEST) ) \ + { \ + test_fail( #TEST, __LINE__, __FILE__ ); \ + goto exit; \ + } \ + } while( 0 ) + +#define TEST_FN( TEST ) \ + do { \ + TEST; \ + } while( 0 ) + +#define TEST_INVALID_PARAM_RET( PARAM_ERR_VALUE, TEST ) \ + do { \ + if( (TEST) != (PARAM_ERR_VALUE) ) \ + { \ + test_fail( #TEST, __LINE__, __FILE__ ); \ + goto exit; \ + } \ + } while( 0 ) + +#define TEST_INVALID_PARAM( TEST ) \ + do { \ + TEST; \ + } while( 0 ) + +#endif /* !defined( MBEDTLS_CHECK_PARAMS ) */ + #define assert(a) if( !( a ) ) \ { \ mbedtls_fprintf( stderr, "Assertion Failed at %s:%d - %s\n", \ @@ -126,6 +282,10 @@ test_info; mbedtls_platform_context platform_ctx; #endif +#if defined(MBEDTLS_CHECK_PARAMS) +jmp_buf param_fail_jmp; +#endif + /*----------------------------------------------------------------------------*/ /* Helper flags for complex dependencies */ @@ -159,6 +319,17 @@ static void platform_teardown() #endif /* MBEDTLS_PLATFORM_C */ } +#if defined(MBEDTLS_CHECK_PARAMS) +void mbedtls_param_failed( char* failure_condition, char* file, int line ) +{ + (void)failure_condition; + (void)file; + (void)line; + + longjmp( param_fail_jmp, 1 ); +} +#endif + #if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__)) static int redirect_output( FILE** out_stream, const char* path ) { diff --git a/tests/suites/test_suite_aes.function b/tests/suites/test_suite_aes.function index a797e699c..24b5e4d6e 100644 --- a/tests/suites/test_suite_aes.function +++ b/tests/suites/test_suite_aes.function @@ -15,8 +15,8 @@ void aes_encrypt_ecb( data_t * key_str, data_t * src_str, mbedtls_aes_context ctx; memset(output, 0x00, 100); - mbedtls_aes_init( &ctx ); + TEST_FN( mbedtls_aes_init( &ctx ) ); TEST_ASSERT( mbedtls_aes_setkey_enc( &ctx, key_str->x, key_str->len * 8 ) == setkey_result ); if( setkey_result == 0 ) @@ -39,8 +39,8 @@ void aes_decrypt_ecb( data_t * key_str, data_t * src_str, mbedtls_aes_context ctx; memset(output, 0x00, 100); - mbedtls_aes_init( &ctx ); + TEST_FN( mbedtls_aes_init( &ctx ) ); TEST_ASSERT( mbedtls_aes_setkey_dec( &ctx, key_str->x, key_str->len * 8 ) == setkey_result ); if( setkey_result == 0 ) @@ -64,8 +64,8 @@ void aes_encrypt_cbc( data_t * key_str, data_t * iv_str, mbedtls_aes_context ctx; memset(output, 0x00, 100); - mbedtls_aes_init( &ctx ); + TEST_FN( mbedtls_aes_init( &ctx ) ); mbedtls_aes_setkey_enc( &ctx, key_str->x, key_str->len * 8 ); TEST_ASSERT( mbedtls_aes_crypt_cbc( &ctx, MBEDTLS_AES_ENCRYPT, src_str->len, iv_str->x, src_str->x, output ) == cbc_result ); @@ -91,7 +91,6 @@ void aes_decrypt_cbc( data_t * key_str, data_t * iv_str, memset(output, 0x00, 100); mbedtls_aes_init( &ctx ); - mbedtls_aes_setkey_dec( &ctx, key_str->x, key_str->len * 8 ); TEST_ASSERT( mbedtls_aes_crypt_cbc( &ctx, MBEDTLS_AES_DECRYPT, src_str->len, iv_str->x, src_str->x, output ) == cbc_result ); if( cbc_result == 0) @@ -372,6 +371,34 @@ exit: } /* END_CASE */ +/* BEGIN_CASE */ +void aes_invalid_param( ) +{ + mbedtls_aes_context dummy_ctx; + const unsigned char key[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06 }; + + TEST_INVALID_PARAM( mbedtls_aes_init( NULL ) ); + + /* mbedtls_aes_setkey_enc() */ + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, + mbedtls_aes_setkey_enc( NULL, key, 128 ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, + mbedtls_aes_setkey_enc( &dummy_ctx, NULL, 128 ) ); + + /* mbedtls_aes_setkey_dec() */ + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, + mbedtls_aes_setkey_dec( NULL, key, 128 ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, + mbedtls_aes_setkey_dec( &dummy_ctx, NULL, 128 ) ); + + +exit: + return; +} +/* END_CASE */ + /* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */ void aes_selftest( ) { diff --git a/tests/suites/test_suite_aes.rest.data b/tests/suites/test_suite_aes.rest.data index bbb222f10..3ec916ded 100644 --- a/tests/suites/test_suite_aes.rest.data +++ b/tests/suites/test_suite_aes.rest.data @@ -10,6 +10,10 @@ aes_encrypt_cbc:"000000000000000000000000000000000000000000000000000000000000000 AES-256-CBC Decrypt (Invalid input length) aes_decrypt_cbc:"0000000000000000000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"623a52fcea5d443e48d9181ab32c74":"":MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH +AES - Invalid parameters +depends_on:MBEDTLS_CHECK_PARAMS +aes_invalid_param: + AES Selftest depends_on:MBEDTLS_SELF_TEST aes_selftest: From 63cb97e562c19bde01ec603ac8598903ac180529 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Thu, 6 Dec 2018 17:43:31 +0000 Subject: [PATCH 04/35] Add handlers for parameter validation in the sample programs The sample programs require an additional handler function of mbedtls_param_failed() to handle any failed parameter validation checks enabled by the MBEDTLS_CHECK_PARAMS config.h option. --- programs/aes/aescrypt2.c | 11 +++++++++++ programs/aes/crypt_and_hash.c | 10 ++++++++++ programs/pkey/dh_client.c | 9 +++++++++ programs/pkey/dh_genprime.c | 8 ++++++++ programs/pkey/dh_server.c | 9 +++++++++ programs/pkey/ecdh_curve25519.c | 8 ++++++++ programs/pkey/ecdsa.c | 8 ++++++++ programs/pkey/gen_key.c | 9 +++++++++ programs/pkey/key_app.c | 9 +++++++++ programs/pkey/key_app_writer.c | 9 +++++++++ programs/pkey/pk_decrypt.c | 9 +++++++++ programs/pkey/pk_encrypt.c | 9 +++++++++ programs/pkey/pk_sign.c | 8 ++++++++ programs/pkey/pk_verify.c | 8 ++++++++ programs/pkey/rsa_decrypt.c | 9 +++++++++ programs/pkey/rsa_encrypt.c | 9 +++++++++ programs/pkey/rsa_genkey.c | 9 +++++++++ programs/pkey/rsa_sign_pss.c | 8 ++++++++ programs/pkey/rsa_verify_pss.c | 8 ++++++++ programs/random/gen_random_ctr_drbg.c | 9 +++++++++ programs/ssl/dtls_client.c | 8 ++++++++ programs/ssl/dtls_server.c | 8 ++++++++ programs/ssl/mini_client.c | 8 ++++++++ programs/ssl/ssl_client1.c | 8 ++++++++ programs/ssl/ssl_client2.c | 8 ++++++++ programs/ssl/ssl_fork_server.c | 8 ++++++++ programs/ssl/ssl_mail_client.c | 8 ++++++++ programs/ssl/ssl_server.c | 8 ++++++++ programs/ssl/ssl_server2.c | 8 ++++++++ programs/test/benchmark.c | 8 ++++++++ programs/test/selftest.c | 8 ++++++++ programs/test/ssl_cert_test.c | 8 ++++++++ programs/x509/cert_app.c | 8 ++++++++ programs/x509/cert_req.c | 8 ++++++++ programs/x509/cert_write.c | 8 ++++++++ programs/x509/crl_app.c | 8 ++++++++ programs/x509/req_app.c | 8 ++++++++ 37 files changed, 312 insertions(+) diff --git a/programs/aes/aescrypt2.c b/programs/aes/aescrypt2.c index 5725eb0f3..522bfdacf 100644 --- a/programs/aes/aescrypt2.c +++ b/programs/aes/aescrypt2.c @@ -78,6 +78,16 @@ int main( void ) return( 0 ); } #else + +#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) +void mbedtls_param_failed( char* failure_condition, char* file, int line ) +{ + mbedtls_printf("%s:%i: Input param failed - %s\n", file, line, + failure_condition ); + mbedtls_exit( MBEDTLS_EXIT_FAILURE ); +} +#endif + int main( int argc, char *argv[] ) { int ret = 0; @@ -109,6 +119,7 @@ int main( int argc, char *argv[] ) off_t filesize, offset; #endif + mbedtls_aes_init( NULL ); mbedtls_aes_init( &aes_ctx ); mbedtls_md_init( &sha_ctx ); diff --git a/programs/aes/crypt_and_hash.c b/programs/aes/crypt_and_hash.c index 88b852b4b..542b37ef8 100644 --- a/programs/aes/crypt_and_hash.c +++ b/programs/aes/crypt_and_hash.c @@ -80,6 +80,16 @@ int main( void ) return( 0 ); } #else + +#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) +void mbedtls_param_failed( char* failure_condition, char* file, int line ) +{ + mbedtls_printf("%s:%i: Input param failed - %s\n", file, line, + failure_condition ); + mbedtls_exit( MBEDTLS_EXIT_FAILURE ); +} +#endif + int main( int argc, char *argv[] ) { int ret = 1, i, n; diff --git a/programs/pkey/dh_client.c b/programs/pkey/dh_client.c index 3dadf48e6..36ff8c093 100644 --- a/programs/pkey/dh_client.c +++ b/programs/pkey/dh_client.c @@ -70,6 +70,15 @@ int main( void ) return( 0 ); } #else + +#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) +void mbedtls_param_failed( char* failure_condition, char* file, int line ) +{ + mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_exit( MBEDTLS_EXIT_FAILURE ); +} +#endif + int main( void ) { FILE *f; diff --git a/programs/pkey/dh_genprime.c b/programs/pkey/dh_genprime.c index 360e3554a..9a37d5d09 100644 --- a/programs/pkey/dh_genprime.c +++ b/programs/pkey/dh_genprime.c @@ -68,6 +68,14 @@ int main( void ) */ #define GENERATOR "4" +#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) +void mbedtls_param_failed( char* failure_condition, char* file, int line ) +{ + mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_exit( MBEDTLS_EXIT_FAILURE ); +} +#endif + int main( int argc, char **argv ) { int ret = 1; diff --git a/programs/pkey/dh_server.c b/programs/pkey/dh_server.c index c4e2c391e..24f66ea69 100644 --- a/programs/pkey/dh_server.c +++ b/programs/pkey/dh_server.c @@ -70,6 +70,15 @@ int main( void ) return( 0 ); } #else + +#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) +void mbedtls_param_failed( char* failure_condition, char* file, int line ) +{ + mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_exit( MBEDTLS_EXIT_FAILURE ); +} +#endif + int main( void ) { FILE *f; diff --git a/programs/pkey/ecdh_curve25519.c b/programs/pkey/ecdh_curve25519.c index 7fbf1678f..0d8db09d0 100644 --- a/programs/pkey/ecdh_curve25519.c +++ b/programs/pkey/ecdh_curve25519.c @@ -52,6 +52,14 @@ int main( void ) #include "mbedtls/ctr_drbg.h" #include "mbedtls/ecdh.h" +#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) +void mbedtls_param_failed( char* failure_condition, char* file, int line ) +{ + mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_exit( MBEDTLS_EXIT_FAILURE ); +} +#endif + int main( int argc, char *argv[] ) { int ret = 1; diff --git a/programs/pkey/ecdsa.c b/programs/pkey/ecdsa.c index c653df9e4..c38b16ec0 100644 --- a/programs/pkey/ecdsa.c +++ b/programs/pkey/ecdsa.c @@ -99,6 +99,14 @@ static void dump_pubkey( const char *title, mbedtls_ecdsa_context *key ) #define dump_pubkey( a, b ) #endif +#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) +void mbedtls_param_failed( char* failure_condition, char* file, int line ) +{ + mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_exit( MBEDTLS_EXIT_FAILURE ); +} +#endif + int main( int argc, char *argv[] ) { int ret = 1; diff --git a/programs/pkey/gen_key.c b/programs/pkey/gen_key.c index 31abb0cb8..98936c950 100644 --- a/programs/pkey/gen_key.c +++ b/programs/pkey/gen_key.c @@ -135,6 +135,15 @@ int main( void ) return( 0 ); } #else + +#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) +void mbedtls_param_failed( char* failure_condition, char* file, int line ) +{ + mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_exit( MBEDTLS_EXIT_FAILURE ); +} +#endif + /* * global options */ diff --git a/programs/pkey/key_app.c b/programs/pkey/key_app.c index 027b95f9d..845d600b5 100644 --- a/programs/pkey/key_app.c +++ b/programs/pkey/key_app.c @@ -73,6 +73,15 @@ int main( void ) return( 0 ); } #else + +#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) +void mbedtls_param_failed( char* failure_condition, char* file, int line ) +{ + mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_exit( MBEDTLS_EXIT_FAILURE ); +} +#endif + /* * global options */ diff --git a/programs/pkey/key_app_writer.c b/programs/pkey/key_app_writer.c index cd0c23064..70c2440a9 100644 --- a/programs/pkey/key_app_writer.c +++ b/programs/pkey/key_app_writer.c @@ -96,6 +96,15 @@ int main( void ) return( 0 ); } #else + +#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) +void mbedtls_param_failed( char* failure_condition, char* file, int line ) +{ + mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_exit( MBEDTLS_EXIT_FAILURE ); +} +#endif + /* * global options */ diff --git a/programs/pkey/pk_decrypt.c b/programs/pkey/pk_decrypt.c index 1d8c959a0..3f08fe1d2 100644 --- a/programs/pkey/pk_decrypt.c +++ b/programs/pkey/pk_decrypt.c @@ -59,6 +59,15 @@ int main( void ) return( 0 ); } #else + +#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) +void mbedtls_param_failed( char* failure_condition, char* file, int line ) +{ + mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_exit( MBEDTLS_EXIT_FAILURE ); +} +#endif + int main( int argc, char *argv[] ) { FILE *f; diff --git a/programs/pkey/pk_encrypt.c b/programs/pkey/pk_encrypt.c index 22dedba10..231381808 100644 --- a/programs/pkey/pk_encrypt.c +++ b/programs/pkey/pk_encrypt.c @@ -59,6 +59,15 @@ int main( void ) return( 0 ); } #else + +#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) +void mbedtls_param_failed( char* failure_condition, char* file, int line ) +{ + mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_exit( MBEDTLS_EXIT_FAILURE ); +} +#endif + int main( int argc, char *argv[] ) { FILE *f; diff --git a/programs/pkey/pk_sign.c b/programs/pkey/pk_sign.c index 7ec46752a..dcfc0fc48 100644 --- a/programs/pkey/pk_sign.c +++ b/programs/pkey/pk_sign.c @@ -59,6 +59,14 @@ int main( void ) #include #include +#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) +void mbedtls_param_failed( char* failure_condition, char* file, int line ) +{ + mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_exit( MBEDTLS_EXIT_FAILURE ); +} +#endif + int main( int argc, char *argv[] ) { FILE *f; diff --git a/programs/pkey/pk_verify.c b/programs/pkey/pk_verify.c index 3c7709f9d..75ecf5296 100644 --- a/programs/pkey/pk_verify.c +++ b/programs/pkey/pk_verify.c @@ -55,6 +55,14 @@ int main( void ) #include #include +#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) +void mbedtls_param_failed( char* failure_condition, char* file, int line ) +{ + mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_exit( MBEDTLS_EXIT_FAILURE ); +} +#endif + int main( int argc, char *argv[] ) { FILE *f; diff --git a/programs/pkey/rsa_decrypt.c b/programs/pkey/rsa_decrypt.c index 0a252d2ad..a5fd48274 100644 --- a/programs/pkey/rsa_decrypt.c +++ b/programs/pkey/rsa_decrypt.c @@ -58,6 +58,15 @@ int main( void ) return( 0 ); } #else + +#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) +void mbedtls_param_failed( char* failure_condition, char* file, int line ) +{ + mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_exit( MBEDTLS_EXIT_FAILURE ); +} +#endif + int main( int argc, char *argv[] ) { FILE *f; diff --git a/programs/pkey/rsa_encrypt.c b/programs/pkey/rsa_encrypt.c index 411657a07..86de8dfbb 100644 --- a/programs/pkey/rsa_encrypt.c +++ b/programs/pkey/rsa_encrypt.c @@ -58,6 +58,15 @@ int main( void ) return( 0 ); } #else + +#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) +void mbedtls_param_failed( char* failure_condition, char* file, int line ) +{ + mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_exit( MBEDTLS_EXIT_FAILURE ); +} +#endif + int main( int argc, char *argv[] ) { FILE *f; diff --git a/programs/pkey/rsa_genkey.c b/programs/pkey/rsa_genkey.c index 3359e1407..77d9d8e74 100644 --- a/programs/pkey/rsa_genkey.c +++ b/programs/pkey/rsa_genkey.c @@ -62,6 +62,15 @@ int main( void ) return( 0 ); } #else + +#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) +void mbedtls_param_failed( char* failure_condition, char* file, int line ) +{ + mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_exit( MBEDTLS_EXIT_FAILURE ); +} +#endif + int main( void ) { int ret = 1; diff --git a/programs/pkey/rsa_sign_pss.c b/programs/pkey/rsa_sign_pss.c index b0b0f7ecf..57c096d5c 100644 --- a/programs/pkey/rsa_sign_pss.c +++ b/programs/pkey/rsa_sign_pss.c @@ -60,6 +60,14 @@ int main( void ) #include #include +#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) +void mbedtls_param_failed( char* failure_condition, char* file, int line ) +{ + mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_exit( MBEDTLS_EXIT_FAILURE ); +} +#endif + int main( int argc, char *argv[] ) { FILE *f; diff --git a/programs/pkey/rsa_verify_pss.c b/programs/pkey/rsa_verify_pss.c index 7c9c68f22..3e1507e04 100644 --- a/programs/pkey/rsa_verify_pss.c +++ b/programs/pkey/rsa_verify_pss.c @@ -59,6 +59,14 @@ int main( void ) #include #include +#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) +void mbedtls_param_failed( char* failure_condition, char* file, int line ) +{ + mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_exit( MBEDTLS_EXIT_FAILURE ); +} +#endif + int main( int argc, char *argv[] ) { FILE *f; diff --git a/programs/random/gen_random_ctr_drbg.c b/programs/random/gen_random_ctr_drbg.c index 5ade946a7..dfef8afa8 100644 --- a/programs/random/gen_random_ctr_drbg.c +++ b/programs/random/gen_random_ctr_drbg.c @@ -52,6 +52,15 @@ int main( void ) return( 0 ); } #else + +#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) +void mbedtls_param_failed( char* failure_condition, char* file, int line ) +{ + mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_exit( MBEDTLS_EXIT_FAILURE ); +} +#endif + int main( int argc, char *argv[] ) { FILE *f; diff --git a/programs/ssl/dtls_client.c b/programs/ssl/dtls_client.c index c29ab34a6..4d7177f91 100644 --- a/programs/ssl/dtls_client.c +++ b/programs/ssl/dtls_client.c @@ -79,6 +79,14 @@ int main( void ) #define DEBUG_LEVEL 0 +#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) +void mbedtls_param_failed( char* failure_condition, char* file, int line ) +{ + mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_exit( MBEDTLS_EXIT_FAILURE ); +} +#endif + static void my_debug( void *ctx, int level, const char *file, int line, const char *str ) diff --git a/programs/ssl/dtls_server.c b/programs/ssl/dtls_server.c index b4ad6b53a..0cee83414 100644 --- a/programs/ssl/dtls_server.c +++ b/programs/ssl/dtls_server.c @@ -88,6 +88,14 @@ int main( void ) #define READ_TIMEOUT_MS 10000 /* 5 seconds */ #define DEBUG_LEVEL 0 +#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) +void mbedtls_param_failed( char* failure_condition, char* file, int line ) +{ + mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_exit( MBEDTLS_EXIT_FAILURE ); +} +#endif + static void my_debug( void *ctx, int level, const char *file, int line, const char *str ) diff --git a/programs/ssl/mini_client.c b/programs/ssl/mini_client.c index 290455e9a..c44794703 100644 --- a/programs/ssl/mini_client.c +++ b/programs/ssl/mini_client.c @@ -168,6 +168,14 @@ enum exit_codes ssl_write_failed, }; +#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) +void mbedtls_param_failed( char* failure_condition, char* file, int line ) +{ + mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_exit( MBEDTLS_EXIT_FAILURE ); +} +#endif + int main( void ) { int ret = exit_ok; diff --git a/programs/ssl/ssl_client1.c b/programs/ssl/ssl_client1.c index bf7c0132a..a7e4513ac 100644 --- a/programs/ssl/ssl_client1.c +++ b/programs/ssl/ssl_client1.c @@ -70,6 +70,14 @@ int main( void ) #define DEBUG_LEVEL 1 +#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) +void mbedtls_param_failed( char* failure_condition, char* file, int line ) +{ + mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_exit( MBEDTLS_EXIT_FAILURE ); +} +#endif + static void my_debug( void *ctx, int level, const char *file, int line, const char *str ) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 15c778d31..098c138fe 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -314,6 +314,14 @@ int main( void ) #define ALPN_LIST_SIZE 10 #define CURVE_LIST_SIZE 20 +#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) +void mbedtls_param_failed( char* failure_condition, char* file, int line ) +{ + mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_exit( MBEDTLS_EXIT_FAILURE ); +} +#endif + /* * global options */ diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c index 1c3a80600..3304b6bb1 100644 --- a/programs/ssl/ssl_fork_server.c +++ b/programs/ssl/ssl_fork_server.c @@ -86,6 +86,14 @@ int main( void ) #define DEBUG_LEVEL 0 +#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) +void mbedtls_param_failed( char* failure_condition, char* file, int line ) +{ + mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_exit( MBEDTLS_EXIT_FAILURE ); +} +#endif + static void my_debug( void *ctx, int level, const char *file, int line, const char *str ) diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c index 16cedfe94..6bf6cde68 100644 --- a/programs/ssl/ssl_mail_client.c +++ b/programs/ssl/ssl_mail_client.c @@ -141,6 +141,14 @@ int main( void ) " force_ciphersuite= default: all enabled\n"\ " acceptable ciphersuite names:\n" +#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) +void mbedtls_param_failed( char* failure_condition, char* file, int line ) +{ + mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_exit( MBEDTLS_EXIT_FAILURE ); +} +#endif + /* * global options */ diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c index dcdafbb86..044193d86 100644 --- a/programs/ssl/ssl_server.c +++ b/programs/ssl/ssl_server.c @@ -80,6 +80,14 @@ int main( void ) #define DEBUG_LEVEL 0 +#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) +void mbedtls_param_failed( char* failure_condition, char* file, int line ) +{ + mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_exit( MBEDTLS_EXIT_FAILURE ); +} +#endif + static void my_debug( void *ctx, int level, const char *file, int line, const char *str ) diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index efda65d23..fffd98c7d 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -426,6 +426,14 @@ int main( void ) (out_be)[(i) + 7] = (unsigned char)( ( (in_le) >> 0 ) & 0xFF ); \ } +#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) +void mbedtls_param_failed( char* failure_condition, char* file, int line ) +{ + mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_exit( MBEDTLS_EXIT_FAILURE ); +} +#endif + /* * global options */ diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c index dd4303b89..ff1f4d1ba 100644 --- a/programs/test/benchmark.c +++ b/programs/test/benchmark.c @@ -254,6 +254,14 @@ typedef struct { rsa, dhm, ecdsa, ecdh; } todo_list; +#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) +void mbedtls_param_failed( char* failure_condition, char* file, int line ) +{ + mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_exit( MBEDTLS_EXIT_FAILURE ); +} +#endif + int main( int argc, char *argv[] ) { int i; diff --git a/programs/test/selftest.c b/programs/test/selftest.c index f923a43f5..6dc0f7fb8 100644 --- a/programs/test/selftest.c +++ b/programs/test/selftest.c @@ -77,6 +77,14 @@ #include "mbedtls/memory_buffer_alloc.h" #endif +#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) +void mbedtls_param_failed( char* failure_condition, char* file, int line ) +{ + mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_exit( MBEDTLS_EXIT_FAILURE ); +} +#endif + static int test_snprintf( size_t n, const char ref_buf[10], int ref_ret ) { int ret; diff --git a/programs/test/ssl_cert_test.c b/programs/test/ssl_cert_test.c index fd3526f7f..fd713f50f 100644 --- a/programs/test/ssl_cert_test.c +++ b/programs/test/ssl_cert_test.c @@ -81,6 +81,14 @@ const char *client_private_keys[MAX_CLIENT_CERTS] = "cert_digest.key" }; +#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) +void mbedtls_param_failed( char* failure_condition, char* file, int line ) +{ + mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_exit( MBEDTLS_EXIT_FAILURE ); +} +#endif + int main( void ) { int ret = 1, i; diff --git a/programs/x509/cert_app.c b/programs/x509/cert_app.c index c57ecca03..16c3d9f6f 100644 --- a/programs/x509/cert_app.c +++ b/programs/x509/cert_app.c @@ -99,6 +99,14 @@ int main( void ) " permissive=%%d default: 0 (disabled)\n" \ "\n" +#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) +void mbedtls_param_failed( char* failure_condition, char* file, int line ) +{ + mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_exit( MBEDTLS_EXIT_FAILURE ); +} +#endif + /* * global options */ diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c index 8c56287b6..a5560702e 100644 --- a/programs/x509/cert_req.c +++ b/programs/x509/cert_req.c @@ -100,6 +100,14 @@ int main( void ) " SHA384, SHA512\n" \ "\n" +#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) +void mbedtls_param_failed( char* failure_condition, char* file, int line ) +{ + mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_exit( MBEDTLS_EXIT_FAILURE ); +} +#endif + /* * global options */ diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c index 3842ebce4..fe60fbe89 100644 --- a/programs/x509/cert_write.c +++ b/programs/x509/cert_write.c @@ -153,6 +153,14 @@ int main( void ) " object_signing_ca\n" \ "\n" +#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) +void mbedtls_param_failed( char* failure_condition, char* file, int line ) +{ + mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_exit( MBEDTLS_EXIT_FAILURE ); +} +#endif + /* * global options */ diff --git a/programs/x509/crl_app.c b/programs/x509/crl_app.c index f8316835f..89adbdb7a 100644 --- a/programs/x509/crl_app.c +++ b/programs/x509/crl_app.c @@ -60,6 +60,14 @@ int main( void ) " filename=%%s default: crl.pem\n" \ "\n" +#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) +void mbedtls_param_failed( char* failure_condition, char* file, int line ) +{ + mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_exit( MBEDTLS_EXIT_FAILURE ); +} +#endif + /* * global options */ diff --git a/programs/x509/req_app.c b/programs/x509/req_app.c index 0f20c85f5..fc1da0d73 100644 --- a/programs/x509/req_app.c +++ b/programs/x509/req_app.c @@ -60,6 +60,14 @@ int main( void ) " filename=%%s default: cert.req\n" \ "\n" +#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) +void mbedtls_param_failed( char* failure_condition, char* file, int line ) +{ + mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_exit( MBEDTLS_EXIT_FAILURE ); +} +#endif + /* * global options */ From 747f5fe3e23217f8d51e47f4dd8584d2432007dc Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Fri, 7 Dec 2018 16:53:57 +0000 Subject: [PATCH 05/35] Add disabling of gcc 'clobbered' warning With gcc, use of setjmp() was triggering warnings about use of auto variables being clobbered. --- tests/suites/helpers.function | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function index 4c105ed3c..2d1f6922e 100644 --- a/tests/suites/helpers.function +++ b/tests/suites/helpers.function @@ -26,8 +26,13 @@ #if defined(MBEDTLS_CHECK_PARAMS) #include #define MBEDTLS_PARAM_FAILED(x) mbedtls_param_failed( #x ) + +#if defined(__GNUC__) && !defined(__clang__) +#pragma GCC diagnostic ignored "-Wno-uninitialized" #endif +#endif /* MBEDTLS_CHECK_PARAMS */ + #ifdef _MSC_VER #include typedef UINT8 uint8_t; From 6542f6c597b8c03a5f40850244976fb2aedc7e5a Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Sun, 9 Dec 2018 22:09:59 +0000 Subject: [PATCH 06/35] Change the use of setjmp/longjmp in parameter failure callback Change the use of setjmp and longjmp in signalling parameter validation failures when using the MBEDTLS_CHECK_PARAMS config.h option. This change allows all calls which might result in a call to the parameter validation failure handler to always be caught, even without use of the new macros, by placing a setjmp() in the outer function which calls the test function, which the handler can jump to. This has several benefits: * it allows us to remove the clang compiler warning (-Wclobbered) caused by local auto variables being in the same function as the call to setjmp. * removes the need to wrap all function calls in the test functions with the TEST_ASSERT() macro. Now all parameter validation function calls should be caught. --- tests/suites/helpers.function | 163 +++++++++++++------------------- tests/suites/host_test.function | 1 + tests/suites/main_test.function | 34 ++++++- 3 files changed, 97 insertions(+), 101 deletions(-) diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function index 2d1f6922e..3ae547184 100644 --- a/tests/suites/helpers.function +++ b/tests/suites/helpers.function @@ -27,10 +27,6 @@ #include #define MBEDTLS_PARAM_FAILED(x) mbedtls_param_failed( #x ) -#if defined(__GNUC__) && !defined(__clang__) -#pragma GCC diagnostic ignored "-Wno-uninitialized" -#endif - #endif /* MBEDTLS_CHECK_PARAMS */ #ifdef _MSC_VER @@ -75,12 +71,19 @@ typedef struct data_tag #define DISPATCH_UNSUPPORTED_SUITE -5 /* Test suite not supported by the build */ +typedef enum +{ + PARAMFAIL_TESTSTATE_IDLE = 0, /* No parameter failure call test */ + PARAMFAIL_TESTSTATE_PENDING, /* Test call to the parameter failure + * is pending */ + PARAMFAIL_TESTSTATE_CALLED /* The test call to the parameter + * failure function has been made */ +} paramfail_test_state_t; + /*----------------------------------------------------------------------------*/ /* Macros */ -#if defined(MBEDTLS_CHECK_PARAMS) - /** * \brief This macro tests the expression passed to it as a test step or * individual test in a test case. @@ -96,53 +99,17 @@ typedef struct data_tag * * \param TEST The test expression to be tested. */ -#define TEST_ASSERT( TEST ) \ - do { \ - if ( setjmp( param_fail_jmp ) == 0 ) \ - { \ - if( ! (TEST) ) \ - { \ - test_fail( #TEST, __LINE__, __FILE__ ); \ - goto exit; \ - } \ - } \ - else \ - { \ - test_fail( #TEST, __LINE__, __FILE__ ); \ - goto exit; \ - } \ - memset( param_fail_jmp, 0, sizeof(jmp_buf) ); \ - } while( 0 ) - -/** - * \brief This macro tests and individual function call as a test step or - * individual test in a test case. - * - * It does not require a library function to return a value, and cannot - tets a return error code that can be tested. - * - * When MBEDTLS_CHECK_PARAMS is enabled, calls to the parameter failure - * callback, MBEDTLS_PARAM_FAIL, will be assumed to be a test failure. - * - * This macro is not suitable for negative parameter validation tests - * as it assumes the test step will not create an error. - * - * \param TEST The test statement to be executed. - */ -#define TEST_FN( TEST ) \ - do { \ - if ( setjmp( param_fail_jmp ) == 0 ) \ - { \ - TEST; \ - } \ - else \ - { \ - test_fail( #TEST, __LINE__, __FILE__ ); \ - goto exit; \ - } \ - memset( param_fail_jmp, 0, sizeof(jmp_buf) ); \ + +#define TEST_ASSERT( TEST ) \ + do { \ + if( ! (TEST) ) \ + { \ + test_fail( #TEST, __LINE__, __FILE__ ); \ + goto exit; \ + } \ } while( 0 ) +#if defined(MBEDTLS_CHECK_PARAMS) /** * \brief This macro tests the statement passed to it as a test step or * individual test in a test case. The macro assumes the test will fail @@ -163,18 +130,16 @@ typedef struct data_tag * * \param TEST The test expression to be tested. */ -#define TEST_INVALID_PARAM_RET( PARAM_ERR_VALUE, TEST ) \ - do { \ - if ( setjmp( param_fail_jmp ) == 0 ) \ - { \ - if( (TEST) != PARAM_ERR_VALUE) \ - { \ - test_fail( #TEST, __LINE__, __FILE__ ); \ - goto exit; \ - } \ - } \ - memset( param_fail_jmp, 0, sizeof(jmp_buf) ); \ - } while( 0 ) +#define TEST_INVALID_PARAM_RET( PARAM_ERR_VALUE, TEST ) \ + do { \ + test_info.paramfail_test_state = PARAMFAIL_TESTSTATE_PENDING; \ + if( (TEST) != (PARAM_ERR_VALUE) && \ + test_info.paramfail_test_state != PARAMFAIL_TESTSTATE_CALLED ) \ + { \ + test_fail( #TEST, __LINE__, __FILE__ ); \ + goto exit; \ + } \ + } while( 0 ) /** * \brief This macro tests the statement passed to it as a test step or @@ -196,33 +161,20 @@ typedef struct data_tag * * \param TEST The test expression to be tested. */ -#define TEST_INVALID_PARAM( TEST ) \ - do { \ - if ( setjmp( param_fail_jmp ) == 0 ) \ - { \ - TEST; \ - test_fail( #TEST, __LINE__, __FILE__ ); \ - goto exit; \ - } \ - memset( param_fail_jmp, 0, sizeof(jmp_buf) ); \ +#define TEST_INVALID_PARAM( TEST ) \ + do { \ + memcpy(jmp_tmp, param_fail_jmp, sizeof(jmp_buf)); \ + if ( setjmp( param_fail_jmp ) == 0 ) \ + { \ + TEST; \ + test_fail( #TEST, __LINE__, __FILE__ ); \ + goto exit; \ + } \ + memcpy(param_fail_jmp, jmp_tmp, sizeof(jmp_buf)); \ } while( 0 ) #else -#define TEST_ASSERT( TEST ) \ - do { \ - if( ! (TEST) ) \ - { \ - test_fail( #TEST, __LINE__, __FILE__ ); \ - goto exit; \ - } \ - } while( 0 ) - -#define TEST_FN( TEST ) \ - do { \ - TEST; \ - } while( 0 ) - #define TEST_INVALID_PARAM_RET( PARAM_ERR_VALUE, TEST ) \ do { \ if( (TEST) != (PARAM_ERR_VALUE) ) \ @@ -273,9 +225,9 @@ typedef struct data_tag /*----------------------------------------------------------------------------*/ /* Global variables */ - static struct { + paramfail_test_state_t paramfail_test_state; int failed; const char *test; const char *filename; @@ -289,6 +241,7 @@ mbedtls_platform_context platform_ctx; #if defined(MBEDTLS_CHECK_PARAMS) jmp_buf param_fail_jmp; +jmp_buf jmp_tmp; #endif /*----------------------------------------------------------------------------*/ @@ -308,6 +261,15 @@ jmp_buf param_fail_jmp; /*----------------------------------------------------------------------------*/ /* Helper Functions */ + +static void test_fail( const char *test, int line_no, const char* filename ) +{ + test_info.failed = 1; + test_info.test = test; + test_info.line_no = line_no; + test_info.filename = filename; +} + static int platform_setup() { int ret = 0; @@ -327,11 +289,22 @@ static void platform_teardown() #if defined(MBEDTLS_CHECK_PARAMS) void mbedtls_param_failed( char* failure_condition, char* file, int line ) { - (void)failure_condition; - (void)file; - (void)line; + /* If we are testing the callback function... */ + if ( test_info.paramfail_test_state == PARAMFAIL_TESTSTATE_PENDING ) + { + test_info.paramfail_test_state = PARAMFAIL_TESTSTATE_CALLED; + } + else + { + /* ...else we treat this as an error */ - longjmp( param_fail_jmp, 1 ); + /* Record the location of the failure, but not as a failure yet, in case + * it was part of the test */ + test_fail( failure_condition, line, file ); + test_info.failed = 0; + + longjmp( param_fail_jmp, 1 ); + } } #endif @@ -623,14 +596,6 @@ static int rnd_pseudo_rand( void *rng_state, unsigned char *output, size_t len ) return( 0 ); } -static void test_fail( const char *test, int line_no, const char* filename ) -{ - test_info.failed = 1; - test_info.test = test; - test_info.line_no = line_no; - test_info.filename = filename; -} - int hexcmp( uint8_t * a, uint8_t * b, uint32_t a_len, uint32_t b_len ) { int ret = 0; diff --git a/tests/suites/host_test.function b/tests/suites/host_test.function index b354af473..3c4303208 100644 --- a/tests/suites/host_test.function +++ b/tests/suites/host_test.function @@ -546,6 +546,7 @@ int execute_tests( int argc , const char ** argv ) if( unmet_dep_count == 0 ) { test_info.failed = 0; + test_info.paramfail_test_state = PARAMFAIL_TESTSTATE_IDLE; #if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__)) /* Suppress all output from the library unless we're verbose diff --git a/tests/suites/main_test.function b/tests/suites/main_test.function index 2ba919ce0..ca4783dcf 100644 --- a/tests/suites/main_test.function +++ b/tests/suites/main_test.function @@ -134,9 +134,39 @@ $dispatch_code #line $line_no "suites/main_test.function" }; +/** + * \brief Execute the test function. + * + * This is a wrapper function around the test function execution + * to allow the setjmp() call used to catch any calls to the + * parameter failure callback, to be used. Calls to setjmp() + * can invalidate the state of any local auto variables. + * + * \param fp Function pointer to the test function + * \param params Parameters to pass + * + */ +void execute_function_ptr(TestWrapper_t fp, void **params) +{ +#if defined(MBEDTLS_CHECK_PARAMS) + if ( setjmp( param_fail_jmp ) == 0 ) + { + fp( params ); + } + else + { + /* Unexpected parameter validation error */ + test_info.failed = 1; + } + + memset( param_fail_jmp, 0, sizeof(jmp_buf) ); +#else + fp( params ); +#endif +} /** - * \brief Dispatches test functions based on function index. + * \brief Dispatches test functions based on function index. * * \param exp_id Test function index. * @@ -153,7 +183,7 @@ int dispatch_test( int func_idx, void ** params ) { fp = test_funcs[func_idx]; if ( fp ) - fp( params ); + execute_function_ptr(fp, params); else ret = DISPATCH_UNSUPPORTED_SUITE; } From 249b3d6efe776929288f088c2ee487c90db0957b Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Sun, 9 Dec 2018 22:18:46 +0000 Subject: [PATCH 07/35] Remove use of the macro TEST_FN from the AES test suite The TEST_FN macro is now redundant and no longer necessary. --- tests/suites/test_suite_aes.function | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/tests/suites/test_suite_aes.function b/tests/suites/test_suite_aes.function index 24b5e4d6e..062234b50 100644 --- a/tests/suites/test_suite_aes.function +++ b/tests/suites/test_suite_aes.function @@ -16,7 +16,7 @@ void aes_encrypt_ecb( data_t * key_str, data_t * src_str, memset(output, 0x00, 100); - TEST_FN( mbedtls_aes_init( &ctx ) ); + mbedtls_aes_init( &ctx ); TEST_ASSERT( mbedtls_aes_setkey_enc( &ctx, key_str->x, key_str->len * 8 ) == setkey_result ); if( setkey_result == 0 ) @@ -40,7 +40,7 @@ void aes_decrypt_ecb( data_t * key_str, data_t * src_str, memset(output, 0x00, 100); - TEST_FN( mbedtls_aes_init( &ctx ) ); + mbedtls_aes_init( &ctx ); TEST_ASSERT( mbedtls_aes_setkey_dec( &ctx, key_str->x, key_str->len * 8 ) == setkey_result ); if( setkey_result == 0 ) @@ -65,7 +65,7 @@ void aes_encrypt_cbc( data_t * key_str, data_t * iv_str, memset(output, 0x00, 100); - TEST_FN( mbedtls_aes_init( &ctx ) ); + mbedtls_aes_init( &ctx ); mbedtls_aes_setkey_enc( &ctx, key_str->x, key_str->len * 8 ); TEST_ASSERT( mbedtls_aes_crypt_cbc( &ctx, MBEDTLS_AES_ENCRYPT, src_str->len, iv_str->x, src_str->x, output ) == cbc_result ); @@ -393,7 +393,6 @@ void aes_invalid_param( ) TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, mbedtls_aes_setkey_dec( &dummy_ctx, NULL, 128 ) ); - exit: return; } From 4c37db6d879dedb9812bfa6ebb34b32e532815ab Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Sun, 9 Dec 2018 22:42:11 +0000 Subject: [PATCH 08/35] Remove the library provided function of MBEDTLS_PARAM_FAILED The function called through the macro MBEDTLS_PARAM_FAILED() must be supplied by users and makes no sense as a library function, apart from debug and test. --- include/mbedtls/platform_util.h | 5 ++--- library/platform_util.c | 8 -------- 2 files changed, 2 insertions(+), 11 deletions(-) diff --git a/include/mbedtls/platform_util.h b/include/mbedtls/platform_util.h index 4a2efde50..d09957152 100644 --- a/include/mbedtls/platform_util.h +++ b/include/mbedtls/platform_util.h @@ -41,8 +41,7 @@ extern "C" { #endif -#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) && \ - !defined(MBEDTLS_PARAM_FAILED) +#if defined( MBEDTLS_CHECK_PARAMS ) && !defined(MBEDTLS_PARAM_FAILED) #define MBEDTLS_PARAM_FAILED( cond, file, line ) \ mbedtls_param_failed( cond, file, line ) @@ -67,7 +66,7 @@ extern "C" { */ void mbedtls_param_failed( char* failure_condition, char* file, int line ); -#endif /* MBEDTLS_CHECK_PARAMS && MBEDTLS_PLATFORM_C && !MBEDTLS_PARAM_FAILED */ +#endif /* MBEDTLS_CHECK_PARAMS && !MBEDTLS_PARAM_FAILED */ /** * \brief Securely zeroize a buffer diff --git a/library/platform_util.c b/library/platform_util.c index 61ed926ff..756e22679 100644 --- a/library/platform_util.c +++ b/library/platform_util.c @@ -134,11 +134,3 @@ struct tm *mbedtls_platform_gmtime_r( const mbedtls_time_t *tt, #endif /* _WIN32 && !EFIX64 && !EFI32 */ } #endif /* MBEDTLS_HAVE_TIME_DATE && MBEDTLS_PLATFORM_GMTIME_R_ALT */ - -#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) && \ - defined(MBEDTLS_DEBUG_INVALID_PARAMS) -void mbedtls_param_failed( char* failure_condition ) -{ - mbedtls_printf("%s:%i: Input param failed - %s\n", __FILE__, __LINE__, failure_condition ); -} -#endif From 2c21073789fb98945157b688180e7f3524f7f6a3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 10 Dec 2018 11:48:49 +0100 Subject: [PATCH 09/35] Remove leftover from testing --- programs/aes/aescrypt2.c | 1 - 1 file changed, 1 deletion(-) diff --git a/programs/aes/aescrypt2.c b/programs/aes/aescrypt2.c index 522bfdacf..a5691d73f 100644 --- a/programs/aes/aescrypt2.c +++ b/programs/aes/aescrypt2.c @@ -119,7 +119,6 @@ int main( int argc, char *argv[] ) off_t filesize, offset; #endif - mbedtls_aes_init( NULL ); mbedtls_aes_init( &aes_ctx ); mbedtls_md_init( &sha_ctx ); From 8e661bf6a8773b8f5928b063981e79f6c84a3974 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 10 Dec 2018 12:41:46 +0100 Subject: [PATCH 10/35] Fix arity of the PARAM_FAILED() macro and function It was inconsistent between files: sometimes 3 arguments, sometimes one. Align to 1 argument for the macro and 3 for the function, because: - we don't need 3 arguments for the macro, it can add __FILE__ and __LINE__ in its expansion, while the function needs them as parameters to be correct; - people who re-defined the macro should have flexibility, and 3 arguments can give the impression they they don't have as much as they actually do; - the design document has the macro with 1 argument, so let's stick to that. --- include/mbedtls/aes.h | 8 ++------ include/mbedtls/config.h | 2 +- include/mbedtls/platform_util.h | 5 ++--- tests/suites/helpers.function | 2 +- 4 files changed, 6 insertions(+), 11 deletions(-) diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h index 35c222918..62c1f9234 100644 --- a/include/mbedtls/aes.h +++ b/include/mbedtls/aes.h @@ -69,16 +69,12 @@ #if defined( MBEDTLS_CHECK_PARAMS ) #define MBEDTLS_AES_VALIDATE_RET( cond ) do{ if( !(cond) ) { \ - MBEDTLS_PARAM_FAILED( #cond, \ - __FILE__, \ - __LINE__ ); \ + MBEDTLS_PARAM_FAILED( #cond ); \ return MBEDTLS_ERR_AES_BAD_INPUT_DATA;} \ } while(0); #define MBEDTLS_AES_VALIDATE( cond ) do{ if( !(cond) ) { \ - MBEDTLS_PARAM_FAILED( #cond, \ - __FILE__, \ - __LINE__ ); \ + MBEDTLS_PARAM_FAILED( #cond ); \ return; } \ } while(0); #else diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index a8a8f7568..25f6c8c28 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -3015,7 +3015,7 @@ //#define MBEDTLS_PLATFORM_NV_SEED_READ_MACRO mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */ //#define MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */ -//#define MBEDTLS_PARAM_FAILED(x) mbedtls_param_failed( #x ) /**< Default parameter validation callback to use. Can be undefined */ +//#define MBEDTLS_PARAM_FAILED(x) mbedtls_param_failed( #x, __FILE__, __LINE__ ) /**< Default parameter validation callback to use. Can be undefined */ /* SSL Cache options */ diff --git a/include/mbedtls/platform_util.h b/include/mbedtls/platform_util.h index d09957152..6aada21c9 100644 --- a/include/mbedtls/platform_util.h +++ b/include/mbedtls/platform_util.h @@ -42,8 +42,8 @@ extern "C" { #endif #if defined( MBEDTLS_CHECK_PARAMS ) && !defined(MBEDTLS_PARAM_FAILED) -#define MBEDTLS_PARAM_FAILED( cond, file, line ) \ - mbedtls_param_failed( cond, file, line ) +#define MBEDTLS_PARAM_FAILED( cond ) \ + mbedtls_param_failed( cond, __FILE__, __LINE__ ) /** * \brief User supplied callback function for parameter validation failure. @@ -65,7 +65,6 @@ extern "C" { * execution in the application code. */ void mbedtls_param_failed( char* failure_condition, char* file, int line ); - #endif /* MBEDTLS_CHECK_PARAMS && !MBEDTLS_PARAM_FAILED */ /** diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function index 3ae547184..4b9513f9d 100644 --- a/tests/suites/helpers.function +++ b/tests/suites/helpers.function @@ -25,7 +25,7 @@ #if defined(MBEDTLS_CHECK_PARAMS) #include -#define MBEDTLS_PARAM_FAILED(x) mbedtls_param_failed( #x ) +#define MBEDTLS_PARAM_FAILED(x) mbedtls_param_failed( #x, __FILE__, __LINE__ ) #endif /* MBEDTLS_CHECK_PARAMS */ From 3ef6a6dc5c9104235c11b22449b644740814b949 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 10 Dec 2018 14:31:45 +0100 Subject: [PATCH 11/35] Fix const-ness in mbedtls_param_failed() The previous prototype gave warnings are the strings produced by #cond and __FILE__ are const, so we shouldn't implicitly cast them to non-const. While at it modifying most example programs: - include the header that has the function declaration, so that the definition can be checked to match by the compiler - fix whitespace - make it work even if PLATFORM_C is not defined: - CHECK_PARAMS is not documented as depending on PLATFORM_C and there is no reason why it should - so, remove the corresponding #if defined in each program... - and add missing #defines for mbedtls_exit when needed The result has been tested (make all test with -Werror) with the following configurations: - full with CHECK_PARAMS with PLATFORM_C - full with CHECK_PARAMS without PLATFORM_C - full without CHECK_PARAMS without PLATFORM_C - full without CHECK_PARAMS with PLATFORM_C Additionally, it has been manually tested that adding mbedtls_aes_init( NULL ); near the normal call to mbedtls_aes_init() in programs/aes/aescrypt2.c has the expected effect when running the program. --- include/mbedtls/platform_util.h | 4 +++- programs/aes/aescrypt2.c | 12 ++++++---- programs/aes/crypt_and_hash.c | 12 ++++++---- programs/hash/generic_sum.c | 14 +++++++++++ programs/hash/hello.c | 14 +++++++++++ programs/pkey/dh_client.c | 11 ++++++--- programs/pkey/dh_genprime.c | 11 ++++++--- programs/pkey/dh_server.c | 11 ++++++--- programs/pkey/ecdh_curve25519.c | 11 ++++++--- programs/pkey/ecdsa.c | 11 ++++++--- programs/pkey/gen_key.c | 11 ++++++--- programs/pkey/key_app.c | 11 ++++++--- programs/pkey/key_app_writer.c | 11 ++++++--- programs/pkey/mpi_demo.c | 14 +++++++++++ programs/pkey/pk_decrypt.c | 11 ++++++--- programs/pkey/pk_encrypt.c | 11 ++++++--- programs/pkey/pk_sign.c | 11 ++++++--- programs/pkey/pk_verify.c | 11 ++++++--- programs/pkey/rsa_decrypt.c | 10 +++++--- programs/pkey/rsa_encrypt.c | 10 +++++--- programs/pkey/rsa_genkey.c | 11 ++++++--- programs/pkey/rsa_sign.c | 13 ++++++++++ programs/pkey/rsa_sign_pss.c | 11 ++++++--- programs/pkey/rsa_verify.c | 13 ++++++++++ programs/pkey/rsa_verify_pss.c | 11 ++++++--- programs/random/gen_entropy.c | 14 +++++++++++ programs/random/gen_random_ctr_drbg.c | 11 ++++++--- programs/random/gen_random_havege.c | 14 +++++++++++ programs/ssl/dtls_client.c | 13 +++++++--- programs/ssl/dtls_server.c | 13 +++++++--- programs/ssl/mini_client.c | 34 ++++++++++++++------------- programs/ssl/ssl_client1.c | 11 ++++++--- programs/ssl/ssl_client2.c | 13 +++++++--- programs/ssl/ssl_fork_server.c | 11 ++++++--- programs/ssl/ssl_mail_client.c | 11 ++++++--- programs/ssl/ssl_pthread_server.c | 16 +++++++++++++ programs/ssl/ssl_server.c | 13 +++++++--- programs/ssl/ssl_server2.c | 13 +++++++--- programs/test/benchmark.c | 14 ++++++++--- programs/test/selftest.c | 10 +++++--- programs/test/ssl_cert_test.c | 11 ++++++--- programs/util/pem2der.c | 14 +++++++++++ programs/x509/cert_app.c | 11 ++++++--- programs/x509/cert_req.c | 10 +++++--- programs/x509/cert_write.c | 11 ++++++--- programs/x509/crl_app.c | 11 ++++++--- programs/x509/req_app.c | 11 ++++++--- tests/suites/helpers.function | 4 +++- 48 files changed, 447 insertions(+), 128 deletions(-) diff --git a/include/mbedtls/platform_util.h b/include/mbedtls/platform_util.h index 6aada21c9..e8fab66a4 100644 --- a/include/mbedtls/platform_util.h +++ b/include/mbedtls/platform_util.h @@ -64,7 +64,9 @@ extern "C" { * alternatively, through use of setjmp()/longjmp() can resume * execution in the application code. */ -void mbedtls_param_failed( char* failure_condition, char* file, int line ); +void mbedtls_param_failed( const char* failure_condition, + const char* file, + int line ); #endif /* MBEDTLS_CHECK_PARAMS && !MBEDTLS_PARAM_FAILED */ /** diff --git a/programs/aes/aescrypt2.c b/programs/aes/aescrypt2.c index a5691d73f..bdeac3afc 100644 --- a/programs/aes/aescrypt2.c +++ b/programs/aes/aescrypt2.c @@ -37,6 +37,7 @@ #include #define mbedtls_fprintf fprintf #define mbedtls_printf printf +#define mbedtls_exit exit #define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS #define MBEDTLS_EXIT_FAILURE EXIT_FAILURE #endif /* MBEDTLS_PLATFORM_C */ @@ -79,11 +80,14 @@ int main( void ) } #else -#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) -void mbedtls_param_failed( char* failure_condition, char* file, int line ) +#if defined(MBEDTLS_CHECK_PARAMS) +#include "mbedtls/platform_util.h" +void mbedtls_param_failed( const char *failure_condition, + const char *file, + int line ) { - mbedtls_printf("%s:%i: Input param failed - %s\n", file, line, - failure_condition ); + mbedtls_printf( "%s:%i: Input param failed - %s\n", + file, line, failure_condition ); mbedtls_exit( MBEDTLS_EXIT_FAILURE ); } #endif diff --git a/programs/aes/crypt_and_hash.c b/programs/aes/crypt_and_hash.c index 542b37ef8..f58e6166d 100644 --- a/programs/aes/crypt_and_hash.c +++ b/programs/aes/crypt_and_hash.c @@ -38,6 +38,7 @@ #include #define mbedtls_fprintf fprintf #define mbedtls_printf printf +#define mbedtls_exit exit #define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS #define MBEDTLS_EXIT_FAILURE EXIT_FAILURE #endif /* MBEDTLS_PLATFORM_C */ @@ -81,11 +82,14 @@ int main( void ) } #else -#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) -void mbedtls_param_failed( char* failure_condition, char* file, int line ) +#if defined(MBEDTLS_CHECK_PARAMS) +#include "mbedtls/platform_util.h" +void mbedtls_param_failed( const char *failure_condition, + const char *file, + int line ) { - mbedtls_printf("%s:%i: Input param failed - %s\n", file, line, - failure_condition ); + mbedtls_printf( "%s:%i: Input param failed - %s\n", + file, line, failure_condition ); mbedtls_exit( MBEDTLS_EXIT_FAILURE ); } #endif diff --git a/programs/hash/generic_sum.c b/programs/hash/generic_sum.c index bbe8d92a2..4b7fe37be 100644 --- a/programs/hash/generic_sum.c +++ b/programs/hash/generic_sum.c @@ -32,6 +32,7 @@ #include #define mbedtls_fprintf fprintf #define mbedtls_printf printf +#define mbedtls_exit exit #define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS #define MBEDTLS_EXIT_FAILURE EXIT_FAILURE #endif /* MBEDTLS_PLATFORM_C */ @@ -50,6 +51,19 @@ int main( void ) return( 0 ); } #else + +#if defined(MBEDTLS_CHECK_PARAMS) +#include "mbedtls/platform_util.h" +void mbedtls_param_failed( const char *failure_condition, + const char *file, + int line ) +{ + mbedtls_printf( "%s:%i: Input param failed - %s\n", + file, line, failure_condition ); + mbedtls_exit( MBEDTLS_EXIT_FAILURE ); +} +#endif + static int generic_wrapper( const mbedtls_md_info_t *md_info, char *filename, unsigned char *sum ) { int ret = mbedtls_md_file( md_info, filename, sum ); diff --git a/programs/hash/hello.c b/programs/hash/hello.c index 2e8c2244d..6046f868c 100644 --- a/programs/hash/hello.c +++ b/programs/hash/hello.c @@ -31,6 +31,7 @@ #include #include #define mbedtls_printf printf +#define mbedtls_exit exit #define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS #define MBEDTLS_EXIT_FAILURE EXIT_FAILURE #endif @@ -46,6 +47,19 @@ int main( void ) return( 0 ); } #else + +#if defined(MBEDTLS_CHECK_PARAMS) +#include "mbedtls/platform_util.h" +void mbedtls_param_failed( const char *failure_condition, + const char *file, + int line ) +{ + mbedtls_printf( "%s:%i: Input param failed - %s\n", + file, line, failure_condition ); + mbedtls_exit( MBEDTLS_EXIT_FAILURE ); +} +#endif + int main( void ) { int i, ret; diff --git a/programs/pkey/dh_client.c b/programs/pkey/dh_client.c index 36ff8c093..1dce31aa7 100644 --- a/programs/pkey/dh_client.c +++ b/programs/pkey/dh_client.c @@ -32,6 +32,7 @@ #include #define mbedtls_printf printf #define mbedtls_time_t time_t +#define mbedtls_exit exit #define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS #define MBEDTLS_EXIT_FAILURE EXIT_FAILURE #endif /* MBEDTLS_PLATFORM_C */ @@ -71,10 +72,14 @@ int main( void ) } #else -#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) -void mbedtls_param_failed( char* failure_condition, char* file, int line ) +#if defined(MBEDTLS_CHECK_PARAMS) +#include "mbedtls/platform_util.h" +void mbedtls_param_failed( const char *failure_condition, + const char *file, + int line ) { - mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_printf( "%s:%i: Input param failed - %s\n", + file, line, failure_condition ); mbedtls_exit( MBEDTLS_EXIT_FAILURE ); } #endif diff --git a/programs/pkey/dh_genprime.c b/programs/pkey/dh_genprime.c index 9a37d5d09..cca43ca59 100644 --- a/programs/pkey/dh_genprime.c +++ b/programs/pkey/dh_genprime.c @@ -32,6 +32,7 @@ #include #define mbedtls_printf printf #define mbedtls_time_t time_t +#define mbedtls_exit exit #define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS #define MBEDTLS_EXIT_FAILURE EXIT_FAILURE #endif /* MBEDTLS_PLATFORM_C */ @@ -68,10 +69,14 @@ int main( void ) */ #define GENERATOR "4" -#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) -void mbedtls_param_failed( char* failure_condition, char* file, int line ) +#if defined(MBEDTLS_CHECK_PARAMS) +#include "mbedtls/platform_util.h" +void mbedtls_param_failed( const char *failure_condition, + const char *file, + int line ) { - mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_printf( "%s:%i: Input param failed - %s\n", + file, line, failure_condition ); mbedtls_exit( MBEDTLS_EXIT_FAILURE ); } #endif diff --git a/programs/pkey/dh_server.c b/programs/pkey/dh_server.c index 24f66ea69..a797e6070 100644 --- a/programs/pkey/dh_server.c +++ b/programs/pkey/dh_server.c @@ -32,6 +32,7 @@ #include #define mbedtls_printf printf #define mbedtls_time_t time_t +#define mbedtls_exit exit #define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS #define MBEDTLS_EXIT_FAILURE EXIT_FAILURE #endif /* MBEDTLS_PLATFORM_C */ @@ -71,10 +72,14 @@ int main( void ) } #else -#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) -void mbedtls_param_failed( char* failure_condition, char* file, int line ) +#if defined(MBEDTLS_CHECK_PARAMS) +#include "mbedtls/platform_util.h" +void mbedtls_param_failed( const char *failure_condition, + const char *file, + int line ) { - mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_printf( "%s:%i: Input param failed - %s\n", + file, line, failure_condition ); mbedtls_exit( MBEDTLS_EXIT_FAILURE ); } #endif diff --git a/programs/pkey/ecdh_curve25519.c b/programs/pkey/ecdh_curve25519.c index 0d8db09d0..9267c7ef5 100644 --- a/programs/pkey/ecdh_curve25519.c +++ b/programs/pkey/ecdh_curve25519.c @@ -31,6 +31,7 @@ #include #include #define mbedtls_printf printf +#define mbedtls_exit exit #define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS #define MBEDTLS_EXIT_FAILURE EXIT_FAILURE #endif /* MBEDTLS_PLATFORM_C */ @@ -52,10 +53,14 @@ int main( void ) #include "mbedtls/ctr_drbg.h" #include "mbedtls/ecdh.h" -#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) -void mbedtls_param_failed( char* failure_condition, char* file, int line ) +#if defined(MBEDTLS_CHECK_PARAMS) +#include "mbedtls/platform_util.h" +void mbedtls_param_failed( const char *failure_condition, + const char *file, + int line ) { - mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_printf( "%s:%i: Input param failed - %s\n", + file, line, failure_condition ); mbedtls_exit( MBEDTLS_EXIT_FAILURE ); } #endif diff --git a/programs/pkey/ecdsa.c b/programs/pkey/ecdsa.c index c38b16ec0..4471a201e 100644 --- a/programs/pkey/ecdsa.c +++ b/programs/pkey/ecdsa.c @@ -31,6 +31,7 @@ #include #include #define mbedtls_printf printf +#define mbedtls_exit exit #define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS #define MBEDTLS_EXIT_FAILURE EXIT_FAILURE #endif /* MBEDTLS_PLATFORM_C */ @@ -99,10 +100,14 @@ static void dump_pubkey( const char *title, mbedtls_ecdsa_context *key ) #define dump_pubkey( a, b ) #endif -#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) -void mbedtls_param_failed( char* failure_condition, char* file, int line ) +#if defined(MBEDTLS_CHECK_PARAMS) +#include "mbedtls/platform_util.h" +void mbedtls_param_failed( const char *failure_condition, + const char *file, + int line ) { - mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_printf( "%s:%i: Input param failed - %s\n", + file, line, failure_condition ); mbedtls_exit( MBEDTLS_EXIT_FAILURE ); } #endif diff --git a/programs/pkey/gen_key.c b/programs/pkey/gen_key.c index 98936c950..35fc1498f 100644 --- a/programs/pkey/gen_key.c +++ b/programs/pkey/gen_key.c @@ -31,6 +31,7 @@ #include #include #define mbedtls_printf printf +#define mbedtls_exit exit #define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS #define MBEDTLS_EXIT_FAILURE EXIT_FAILURE #endif /* MBEDTLS_PLATFORM_C */ @@ -136,10 +137,14 @@ int main( void ) } #else -#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) -void mbedtls_param_failed( char* failure_condition, char* file, int line ) +#if defined(MBEDTLS_CHECK_PARAMS) +#include "mbedtls/platform_util.h" +void mbedtls_param_failed( const char *failure_condition, + const char *file, + int line ) { - mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_printf( "%s:%i: Input param failed - %s\n", + file, line, failure_condition ); mbedtls_exit( MBEDTLS_EXIT_FAILURE ); } #endif diff --git a/programs/pkey/key_app.c b/programs/pkey/key_app.c index 845d600b5..0bd61e481 100644 --- a/programs/pkey/key_app.c +++ b/programs/pkey/key_app.c @@ -31,6 +31,7 @@ #include #include #define mbedtls_printf printf +#define mbedtls_exit exit #define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS #define MBEDTLS_EXIT_FAILURE EXIT_FAILURE #endif /* MBEDTLS_PLATFORM_C */ @@ -74,10 +75,14 @@ int main( void ) } #else -#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) -void mbedtls_param_failed( char* failure_condition, char* file, int line ) +#if defined(MBEDTLS_CHECK_PARAMS) +#include "mbedtls/platform_util.h" +void mbedtls_param_failed( const char *failure_condition, + const char *file, + int line ) { - mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_printf( "%s:%i: Input param failed - %s\n", + file, line, failure_condition ); mbedtls_exit( MBEDTLS_EXIT_FAILURE ); } #endif diff --git a/programs/pkey/key_app_writer.c b/programs/pkey/key_app_writer.c index 70c2440a9..500e258a3 100644 --- a/programs/pkey/key_app_writer.c +++ b/programs/pkey/key_app_writer.c @@ -31,6 +31,7 @@ #include #include #define mbedtls_printf printf +#define mbedtls_exit exit #define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS #define MBEDTLS_EXIT_FAILURE EXIT_FAILURE #endif /* MBEDTLS_PLATFORM_C */ @@ -97,10 +98,14 @@ int main( void ) } #else -#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) -void mbedtls_param_failed( char* failure_condition, char* file, int line ) +#if defined(MBEDTLS_CHECK_PARAMS) +#include "mbedtls/platform_util.h" +void mbedtls_param_failed( const char *failure_condition, + const char *file, + int line ) { - mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_printf( "%s:%i: Input param failed - %s\n", + file, line, failure_condition ); mbedtls_exit( MBEDTLS_EXIT_FAILURE ); } #endif diff --git a/programs/pkey/mpi_demo.c b/programs/pkey/mpi_demo.c index 365bdc480..80573c0ed 100644 --- a/programs/pkey/mpi_demo.c +++ b/programs/pkey/mpi_demo.c @@ -31,6 +31,7 @@ #include #include #define mbedtls_printf printf +#define mbedtls_exit exit #define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS #define MBEDTLS_EXIT_FAILURE EXIT_FAILURE #endif /* MBEDTLS_PLATFORM_C */ @@ -48,6 +49,19 @@ int main( void ) return( 0 ); } #else + +#if defined(MBEDTLS_CHECK_PARAMS) +#include "mbedtls/platform_util.h" +void mbedtls_param_failed( const char *failure_condition, + const char *file, + int line ) +{ + mbedtls_printf( "%s:%i: Input param failed - %s\n", + file, line, failure_condition ); + mbedtls_exit( MBEDTLS_EXIT_FAILURE ); +} +#endif + int main( void ) { int ret = 1; diff --git a/programs/pkey/pk_decrypt.c b/programs/pkey/pk_decrypt.c index 3f08fe1d2..978f39ef1 100644 --- a/programs/pkey/pk_decrypt.c +++ b/programs/pkey/pk_decrypt.c @@ -31,6 +31,7 @@ #include #include #define mbedtls_printf printf +#define mbedtls_exit exit #define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS #define MBEDTLS_EXIT_FAILURE EXIT_FAILURE #endif /* MBEDTLS_PLATFORM_C */ @@ -60,10 +61,14 @@ int main( void ) } #else -#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) -void mbedtls_param_failed( char* failure_condition, char* file, int line ) +#if defined(MBEDTLS_CHECK_PARAMS) +#include "mbedtls/platform_util.h" +void mbedtls_param_failed( const char *failure_condition, + const char *file, + int line ) { - mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_printf( "%s:%i: Input param failed - %s\n", + file, line, failure_condition ); mbedtls_exit( MBEDTLS_EXIT_FAILURE ); } #endif diff --git a/programs/pkey/pk_encrypt.c b/programs/pkey/pk_encrypt.c index 231381808..806c59aae 100644 --- a/programs/pkey/pk_encrypt.c +++ b/programs/pkey/pk_encrypt.c @@ -32,6 +32,7 @@ #include #define mbedtls_fprintf fprintf #define mbedtls_printf printf +#define mbedtls_exit exit #define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS #define MBEDTLS_EXIT_FAILURE EXIT_FAILURE #endif /* MBEDTLS_PLATFORM_C */ @@ -60,10 +61,14 @@ int main( void ) } #else -#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) -void mbedtls_param_failed( char* failure_condition, char* file, int line ) +#if defined(MBEDTLS_CHECK_PARAMS) +#include "mbedtls/platform_util.h" +void mbedtls_param_failed( const char *failure_condition, + const char *file, + int line ) { - mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_printf( "%s:%i: Input param failed - %s\n", + file, line, failure_condition ); mbedtls_exit( MBEDTLS_EXIT_FAILURE ); } #endif diff --git a/programs/pkey/pk_sign.c b/programs/pkey/pk_sign.c index dcfc0fc48..7354082f1 100644 --- a/programs/pkey/pk_sign.c +++ b/programs/pkey/pk_sign.c @@ -32,6 +32,7 @@ #include #define mbedtls_snprintf snprintf #define mbedtls_printf printf +#define mbedtls_exit exit #define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS #define MBEDTLS_EXIT_FAILURE EXIT_FAILURE #endif /* MBEDTLS_PLATFORM_C */ @@ -59,10 +60,14 @@ int main( void ) #include #include -#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) -void mbedtls_param_failed( char* failure_condition, char* file, int line ) +#if defined(MBEDTLS_CHECK_PARAMS) +#include "mbedtls/platform_util.h" +void mbedtls_param_failed( const char *failure_condition, + const char *file, + int line ) { - mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_printf( "%s:%i: Input param failed - %s\n", + file, line, failure_condition ); mbedtls_exit( MBEDTLS_EXIT_FAILURE ); } #endif diff --git a/programs/pkey/pk_verify.c b/programs/pkey/pk_verify.c index 75ecf5296..9fcf029b8 100644 --- a/programs/pkey/pk_verify.c +++ b/programs/pkey/pk_verify.c @@ -32,6 +32,7 @@ #include #define mbedtls_snprintf snprintf #define mbedtls_printf printf +#define mbedtls_exit exit #define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS #define MBEDTLS_EXIT_FAILURE EXIT_FAILURE #endif /* MBEDTLS_PLATFORM_C */ @@ -55,10 +56,14 @@ int main( void ) #include #include -#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) -void mbedtls_param_failed( char* failure_condition, char* file, int line ) +#if defined(MBEDTLS_CHECK_PARAMS) +#include "mbedtls/platform_util.h" +void mbedtls_param_failed( const char *failure_condition, + const char *file, + int line ) { - mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_printf( "%s:%i: Input param failed - %s\n", + file, line, failure_condition ); mbedtls_exit( MBEDTLS_EXIT_FAILURE ); } #endif diff --git a/programs/pkey/rsa_decrypt.c b/programs/pkey/rsa_decrypt.c index a5fd48274..dc8a9200d 100644 --- a/programs/pkey/rsa_decrypt.c +++ b/programs/pkey/rsa_decrypt.c @@ -59,10 +59,14 @@ int main( void ) } #else -#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) -void mbedtls_param_failed( char* failure_condition, char* file, int line ) +#if defined(MBEDTLS_CHECK_PARAMS) +#include "mbedtls/platform_util.h" +void mbedtls_param_failed( const char *failure_condition, + const char *file, + int line ) { - mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_printf( "%s:%i: Input param failed - %s\n", + file, line, failure_condition ); mbedtls_exit( MBEDTLS_EXIT_FAILURE ); } #endif diff --git a/programs/pkey/rsa_encrypt.c b/programs/pkey/rsa_encrypt.c index 86de8dfbb..e9effe806 100644 --- a/programs/pkey/rsa_encrypt.c +++ b/programs/pkey/rsa_encrypt.c @@ -59,10 +59,14 @@ int main( void ) } #else -#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) -void mbedtls_param_failed( char* failure_condition, char* file, int line ) +#if defined(MBEDTLS_CHECK_PARAMS) +#include "mbedtls/platform_util.h" +void mbedtls_param_failed( const char *failure_condition, + const char *file, + int line ) { - mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_printf( "%s:%i: Input param failed - %s\n", + file, line, failure_condition ); mbedtls_exit( MBEDTLS_EXIT_FAILURE ); } #endif diff --git a/programs/pkey/rsa_genkey.c b/programs/pkey/rsa_genkey.c index 77d9d8e74..81867ee9e 100644 --- a/programs/pkey/rsa_genkey.c +++ b/programs/pkey/rsa_genkey.c @@ -31,6 +31,7 @@ #include #include #define mbedtls_printf printf +#define mbedtls_exit exit #define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS #define MBEDTLS_EXIT_FAILURE EXIT_FAILURE #endif /* MBEDTLS_PLATFORM_C */ @@ -63,10 +64,14 @@ int main( void ) } #else -#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) -void mbedtls_param_failed( char* failure_condition, char* file, int line ) +#if defined(MBEDTLS_CHECK_PARAMS) +#include "mbedtls/platform_util.h" +void mbedtls_param_failed( const char *failure_condition, + const char *file, + int line ) { - mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_printf( "%s:%i: Input param failed - %s\n", + file, line, failure_condition ); mbedtls_exit( MBEDTLS_EXIT_FAILURE ); } #endif diff --git a/programs/pkey/rsa_sign.c b/programs/pkey/rsa_sign.c index b16fe5d22..f01487202 100644 --- a/programs/pkey/rsa_sign.c +++ b/programs/pkey/rsa_sign.c @@ -33,6 +33,7 @@ #define mbedtls_fprintf fprintf #define mbedtls_printf printf #define mbedtls_snprintf snprintf +#define mbedtls_exit exit #define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS #define MBEDTLS_EXIT_FAILURE EXIT_FAILURE #endif /* MBEDTLS_PLATFORM_C */ @@ -55,6 +56,18 @@ int main( void ) #include #include +#if defined(MBEDTLS_CHECK_PARAMS) +#include "mbedtls/platform_util.h" +void mbedtls_param_failed( const char *failure_condition, + const char *file, + int line ) +{ + mbedtls_printf( "%s:%i: Input param failed - %s\n", + file, line, failure_condition ); + mbedtls_exit( MBEDTLS_EXIT_FAILURE ); +} +#endif + int main( int argc, char *argv[] ) { FILE *f; diff --git a/programs/pkey/rsa_sign_pss.c b/programs/pkey/rsa_sign_pss.c index 57c096d5c..ad03a91bb 100644 --- a/programs/pkey/rsa_sign_pss.c +++ b/programs/pkey/rsa_sign_pss.c @@ -32,6 +32,7 @@ #include #define mbedtls_snprintf snprintf #define mbedtls_printf printf +#define mbedtls_exit exit #define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS #define MBEDTLS_EXIT_FAILURE EXIT_FAILURE #endif /* MBEDTLS_PLATFORM_C */ @@ -60,10 +61,14 @@ int main( void ) #include #include -#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) -void mbedtls_param_failed( char* failure_condition, char* file, int line ) +#if defined(MBEDTLS_CHECK_PARAMS) +#include "mbedtls/platform_util.h" +void mbedtls_param_failed( const char *failure_condition, + const char *file, + int line ) { - mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_printf( "%s:%i: Input param failed - %s\n", + file, line, failure_condition ); mbedtls_exit( MBEDTLS_EXIT_FAILURE ); } #endif diff --git a/programs/pkey/rsa_verify.c b/programs/pkey/rsa_verify.c index 6f88345f2..5d1c0851e 100644 --- a/programs/pkey/rsa_verify.c +++ b/programs/pkey/rsa_verify.c @@ -32,6 +32,7 @@ #include #define mbedtls_printf printf #define mbedtls_snprintf snprintf +#define mbedtls_exit exit #define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS #define MBEDTLS_EXIT_FAILURE EXIT_FAILURE #endif /* MBEDTLS_PLATFORM_C */ @@ -54,6 +55,18 @@ int main( void ) #include #include +#if defined(MBEDTLS_CHECK_PARAMS) +#include "mbedtls/platform_util.h" +void mbedtls_param_failed( const char *failure_condition, + const char *file, + int line ) +{ + mbedtls_printf( "%s:%i: Input param failed - %s\n", + file, line, failure_condition ); + mbedtls_exit( MBEDTLS_EXIT_FAILURE ); +} +#endif + int main( int argc, char *argv[] ) { FILE *f; diff --git a/programs/pkey/rsa_verify_pss.c b/programs/pkey/rsa_verify_pss.c index 3e1507e04..34122ca4f 100644 --- a/programs/pkey/rsa_verify_pss.c +++ b/programs/pkey/rsa_verify_pss.c @@ -32,6 +32,7 @@ #include #define mbedtls_snprintf snprintf #define mbedtls_printf printf +#define mbedtls_exit exit #define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS #define MBEDTLS_EXIT_FAILURE EXIT_FAILURE #endif /* MBEDTLS_PLATFORM_C */ @@ -59,10 +60,14 @@ int main( void ) #include #include -#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) -void mbedtls_param_failed( char* failure_condition, char* file, int line ) +#if defined(MBEDTLS_CHECK_PARAMS) +#include "mbedtls/platform_util.h" +void mbedtls_param_failed( const char *failure_condition, + const char *file, + int line ) { - mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_printf( "%s:%i: Input param failed - %s\n", + file, line, failure_condition ); mbedtls_exit( MBEDTLS_EXIT_FAILURE ); } #endif diff --git a/programs/random/gen_entropy.c b/programs/random/gen_entropy.c index a1eb3868a..3b350ede2 100644 --- a/programs/random/gen_entropy.c +++ b/programs/random/gen_entropy.c @@ -32,6 +32,7 @@ #include #define mbedtls_fprintf fprintf #define mbedtls_printf printf +#define mbedtls_exit exit #define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS #define MBEDTLS_EXIT_FAILURE EXIT_FAILURE #endif /* MBEDTLS_PLATFORM_C */ @@ -49,6 +50,19 @@ int main( void ) return( 0 ); } #else + +#if defined(MBEDTLS_CHECK_PARAMS) +#include "mbedtls/platform_util.h" +void mbedtls_param_failed( const char *failure_condition, + const char *file, + int line ) +{ + mbedtls_printf( "%s:%i: Input param failed - %s\n", + file, line, failure_condition ); + mbedtls_exit( MBEDTLS_EXIT_FAILURE ); +} +#endif + int main( int argc, char *argv[] ) { FILE *f; diff --git a/programs/random/gen_random_ctr_drbg.c b/programs/random/gen_random_ctr_drbg.c index dfef8afa8..a50402f19 100644 --- a/programs/random/gen_random_ctr_drbg.c +++ b/programs/random/gen_random_ctr_drbg.c @@ -32,6 +32,7 @@ #include #define mbedtls_fprintf fprintf #define mbedtls_printf printf +#define mbedtls_exit exit #define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS #define MBEDTLS_EXIT_FAILURE EXIT_FAILURE #endif /* MBEDTLS_PLATFORM_C */ @@ -53,10 +54,14 @@ int main( void ) } #else -#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) -void mbedtls_param_failed( char* failure_condition, char* file, int line ) +#if defined(MBEDTLS_CHECK_PARAMS) +#include "mbedtls/platform_util.h" +void mbedtls_param_failed( const char *failure_condition, + const char *file, + int line ) { - mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_printf( "%s:%i: Input param failed - %s\n", + file, line, failure_condition ); mbedtls_exit( MBEDTLS_EXIT_FAILURE ); } #endif diff --git a/programs/random/gen_random_havege.c b/programs/random/gen_random_havege.c index 3fb3f0196..ef888ff61 100644 --- a/programs/random/gen_random_havege.c +++ b/programs/random/gen_random_havege.c @@ -32,6 +32,7 @@ #include #define mbedtls_fprintf fprintf #define mbedtls_printf printf +#define mbedtls_exit exit #define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS #define MBEDTLS_EXIT_FAILURE EXIT_FAILURE #endif /* MBEDTLS_PLATFORM_C */ @@ -50,6 +51,19 @@ int main( void ) return( 0 ); } #else + +#if defined(MBEDTLS_CHECK_PARAMS) +#include "mbedtls/platform_util.h" +void mbedtls_param_failed( const char *failure_condition, + const char *file, + int line ) +{ + mbedtls_printf( "%s:%i: Input param failed - %s\n", + file, line, failure_condition ); + mbedtls_exit( MBEDTLS_EXIT_FAILURE ); +} +#endif + int main( int argc, char *argv[] ) { FILE *f; diff --git a/programs/ssl/dtls_client.c b/programs/ssl/dtls_client.c index 4d7177f91..90db06ca9 100644 --- a/programs/ssl/dtls_client.c +++ b/programs/ssl/dtls_client.c @@ -31,6 +31,9 @@ #include #define mbedtls_printf printf #define mbedtls_fprintf fprintf +#define mbedtls_exit exit +#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS +#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE #endif #if !defined(MBEDTLS_SSL_CLI_C) || !defined(MBEDTLS_SSL_PROTO_DTLS) || \ @@ -79,10 +82,14 @@ int main( void ) #define DEBUG_LEVEL 0 -#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) -void mbedtls_param_failed( char* failure_condition, char* file, int line ) +#if defined(MBEDTLS_CHECK_PARAMS) +#include "mbedtls/platform_util.h" +void mbedtls_param_failed( const char *failure_condition, + const char *file, + int line ) { - mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_printf( "%s:%i: Input param failed - %s\n", + file, line, failure_condition ); mbedtls_exit( MBEDTLS_EXIT_FAILURE ); } #endif diff --git a/programs/ssl/dtls_server.c b/programs/ssl/dtls_server.c index 0cee83414..dd21fbf47 100644 --- a/programs/ssl/dtls_server.c +++ b/programs/ssl/dtls_server.c @@ -32,6 +32,9 @@ #define mbedtls_printf printf #define mbedtls_fprintf fprintf #define mbedtls_time_t time_t +#define mbedtls_exit exit +#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS +#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE #endif /* Uncomment out the following line to default to IPv4 and disable IPv6 */ @@ -88,10 +91,14 @@ int main( void ) #define READ_TIMEOUT_MS 10000 /* 5 seconds */ #define DEBUG_LEVEL 0 -#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) -void mbedtls_param_failed( char* failure_condition, char* file, int line ) +#if defined(MBEDTLS_CHECK_PARAMS) +#include "mbedtls/platform_util.h" +void mbedtls_param_failed( const char *failure_condition, + const char *file, + int line ) { - mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_printf( "%s:%i: Input param failed - %s\n", + file, line, failure_condition ); mbedtls_exit( MBEDTLS_EXIT_FAILURE ); } #endif diff --git a/programs/ssl/mini_client.c b/programs/ssl/mini_client.c index c44794703..ff3612885 100644 --- a/programs/ssl/mini_client.c +++ b/programs/ssl/mini_client.c @@ -26,6 +26,17 @@ #include MBEDTLS_CONFIG_FILE #endif +#if defined(MBEDTLS_PLATFORM_C) +#include "mbedtls/platform.h" +#else +#include +#include +#define mbedtls_printf printf +#define mbedtls_exit exit +#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS +#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE +#endif + /* * We're creating and connecting the socket "manually" rather than using the * NET module, in order to avoid the overhead of getaddrinfo() which tends to @@ -44,13 +55,6 @@ !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_SSL_CLI_C) || \ !defined(UNIX) -#if defined(MBEDTLS_PLATFORM_C) -#include "mbedtls/platform.h" -#else -#include -#define mbedtls_printf printf -#endif - int main( void ) { mbedtls_printf( "MBEDTLS_CTR_DRBG_C and/or MBEDTLS_ENTROPY_C and/or " @@ -60,12 +64,6 @@ int main( void ) } #else -#if defined(MBEDTLS_PLATFORM_C) -#include "mbedtls/platform.h" -#else -#include -#endif - #include #include "mbedtls/net_sockets.h" @@ -168,10 +166,14 @@ enum exit_codes ssl_write_failed, }; -#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) -void mbedtls_param_failed( char* failure_condition, char* file, int line ) +#if defined(MBEDTLS_CHECK_PARAMS) +#include "mbedtls/platform_util.h" +void mbedtls_param_failed( const char *failure_condition, + const char *file, + int line ) { - mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_printf( "%s:%i: Input param failed - %s\n", + file, line, failure_condition ); mbedtls_exit( MBEDTLS_EXIT_FAILURE ); } #endif diff --git a/programs/ssl/ssl_client1.c b/programs/ssl/ssl_client1.c index a7e4513ac..646909f11 100644 --- a/programs/ssl/ssl_client1.c +++ b/programs/ssl/ssl_client1.c @@ -34,6 +34,7 @@ #define mbedtls_time_t time_t #define mbedtls_fprintf fprintf #define mbedtls_printf printf +#define mbedtls_exit exit #define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS #define MBEDTLS_EXIT_FAILURE EXIT_FAILURE #endif /* MBEDTLS_PLATFORM_C */ @@ -70,10 +71,14 @@ int main( void ) #define DEBUG_LEVEL 1 -#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) -void mbedtls_param_failed( char* failure_condition, char* file, int line ) +#if defined(MBEDTLS_CHECK_PARAMS) +#include "mbedtls/platform_util.h" +void mbedtls_param_failed( const char *failure_condition, + const char *file, + int line ) { - mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_printf( "%s:%i: Input param failed - %s\n", + file, line, failure_condition ); mbedtls_exit( MBEDTLS_EXIT_FAILURE ); } #endif diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 098c138fe..1ce10b62e 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -35,6 +35,9 @@ #define mbedtls_printf printf #define mbedtls_fprintf fprintf #define mbedtls_snprintf snprintf +#define mbedtls_exit exit +#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS +#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE #endif #if !defined(MBEDTLS_ENTROPY_C) || \ @@ -314,10 +317,14 @@ int main( void ) #define ALPN_LIST_SIZE 10 #define CURVE_LIST_SIZE 20 -#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) -void mbedtls_param_failed( char* failure_condition, char* file, int line ) +#if defined(MBEDTLS_CHECK_PARAMS) +#include "mbedtls/platform_util.h" +void mbedtls_param_failed( const char *failure_condition, + const char *file, + int line ) { - mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_printf( "%s:%i: Input param failed - %s\n", + file, line, failure_condition ); mbedtls_exit( MBEDTLS_EXIT_FAILURE ); } #endif diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c index 3304b6bb1..b6f1cc4fd 100644 --- a/programs/ssl/ssl_fork_server.c +++ b/programs/ssl/ssl_fork_server.c @@ -33,6 +33,7 @@ #define mbedtls_fprintf fprintf #define mbedtls_printf printf #define mbedtls_time_t time_t +#define mbedtls_exit exit #define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS #define MBEDTLS_EXIT_FAILURE EXIT_FAILURE #endif /* MBEDTLS_PLATFORM_C */ @@ -86,10 +87,14 @@ int main( void ) #define DEBUG_LEVEL 0 -#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) -void mbedtls_param_failed( char* failure_condition, char* file, int line ) +#if defined(MBEDTLS_CHECK_PARAMS) +#include "mbedtls/platform_util.h" +void mbedtls_param_failed( const char *failure_condition, + const char *file, + int line ) { - mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_printf( "%s:%i: Input param failed - %s\n", + file, line, failure_condition ); mbedtls_exit( MBEDTLS_EXIT_FAILURE ); } #endif diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c index 6bf6cde68..bbe4c700b 100644 --- a/programs/ssl/ssl_mail_client.c +++ b/programs/ssl/ssl_mail_client.c @@ -39,6 +39,7 @@ #define mbedtls_time_t time_t #define mbedtls_fprintf fprintf #define mbedtls_printf printf +#define mbedtls_exit exit #define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS #define MBEDTLS_EXIT_FAILURE EXIT_FAILURE #endif /* MBEDTLS_PLATFORM_C */ @@ -141,10 +142,14 @@ int main( void ) " force_ciphersuite= default: all enabled\n"\ " acceptable ciphersuite names:\n" -#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) -void mbedtls_param_failed( char* failure_condition, char* file, int line ) +#if defined(MBEDTLS_CHECK_PARAMS) +#include "mbedtls/platform_util.h" +void mbedtls_param_failed( const char *failure_condition, + const char *file, + int line ) { - mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_printf( "%s:%i: Input param failed - %s\n", + file, line, failure_condition ); mbedtls_exit( MBEDTLS_EXIT_FAILURE ); } #endif diff --git a/programs/ssl/ssl_pthread_server.c b/programs/ssl/ssl_pthread_server.c index 9a05ad8fd..b5026959a 100644 --- a/programs/ssl/ssl_pthread_server.c +++ b/programs/ssl/ssl_pthread_server.c @@ -30,9 +30,13 @@ #include "mbedtls/platform.h" #else #include +#include #define mbedtls_fprintf fprintf #define mbedtls_printf printf #define mbedtls_snprintf snprintf +#define mbedtls_exit exit +#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS +#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE #endif #if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_CERTS_C) || \ @@ -77,6 +81,18 @@ int main( void ) #include "mbedtls/memory_buffer_alloc.h" #endif +#if defined(MBEDTLS_CHECK_PARAMS) +#include "mbedtls/platform_util.h" +void mbedtls_param_failed( const char *failure_condition, + const char *file, + int line ) +{ + mbedtls_printf( "%s:%i: Input param failed - %s\n", + file, line, failure_condition ); + mbedtls_exit( MBEDTLS_EXIT_FAILURE ); +} +#endif + #define HTTP_RESPONSE \ "HTTP/1.0 200 OK\r\nContent-Type: text/html\r\n\r\n" \ "

mbed TLS Test Server

\r\n" \ diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c index 044193d86..1852b2bad 100644 --- a/programs/ssl/ssl_server.c +++ b/programs/ssl/ssl_server.c @@ -34,6 +34,9 @@ #define mbedtls_time_t time_t #define mbedtls_fprintf fprintf #define mbedtls_printf printf +#define mbedtls_exit exit +#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS +#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE #endif #if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_CERTS_C) || \ @@ -80,10 +83,14 @@ int main( void ) #define DEBUG_LEVEL 0 -#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) -void mbedtls_param_failed( char* failure_condition, char* file, int line ) +#if defined(MBEDTLS_CHECK_PARAMS) +#include "mbedtls/platform_util.h" +void mbedtls_param_failed( const char *failure_condition, + const char *file, + int line ) { - mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_printf( "%s:%i: Input param failed - %s\n", + file, line, failure_condition ); mbedtls_exit( MBEDTLS_EXIT_FAILURE ); } #endif diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index fffd98c7d..d23a55eaf 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -36,6 +36,9 @@ #define mbedtls_calloc calloc #define mbedtls_fprintf fprintf #define mbedtls_printf printf +#define mbedtls_exit exit +#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS +#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE #endif #if !defined(MBEDTLS_ENTROPY_C) || \ @@ -426,10 +429,14 @@ int main( void ) (out_be)[(i) + 7] = (unsigned char)( ( (in_le) >> 0 ) & 0xFF ); \ } -#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) -void mbedtls_param_failed( char* failure_condition, char* file, int line ) +#if defined(MBEDTLS_CHECK_PARAMS) +#include "mbedtls/platform_util.h" +void mbedtls_param_failed( const char *failure_condition, + const char *file, + int line ) { - mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_printf( "%s:%i: Input param failed - %s\n", + file, line, failure_condition ); mbedtls_exit( MBEDTLS_EXIT_FAILURE ); } #endif diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c index ff1f4d1ba..8d7ecf7c9 100644 --- a/programs/test/benchmark.c +++ b/programs/test/benchmark.c @@ -29,10 +29,14 @@ #include "mbedtls/platform.h" #else #include +#include #define mbedtls_exit exit #define mbedtls_printf printf #define mbedtls_snprintf snprintf #define mbedtls_free free +#define mbedtls_exit exit +#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS +#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE #endif #if !defined(MBEDTLS_TIMING_C) @@ -254,10 +258,14 @@ typedef struct { rsa, dhm, ecdsa, ecdh; } todo_list; -#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) -void mbedtls_param_failed( char* failure_condition, char* file, int line ) +#if defined(MBEDTLS_CHECK_PARAMS) +#include "mbedtls/platform_util.h" +void mbedtls_param_failed( const char *failure_condition, + const char *file, + int line ) { - mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_printf( "%s:%i: Input param failed - %s\n", + file, line, failure_condition ); mbedtls_exit( MBEDTLS_EXIT_FAILURE ); } #endif diff --git a/programs/test/selftest.c b/programs/test/selftest.c index 6dc0f7fb8..9d3ea7ec0 100644 --- a/programs/test/selftest.c +++ b/programs/test/selftest.c @@ -77,10 +77,14 @@ #include "mbedtls/memory_buffer_alloc.h" #endif -#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) -void mbedtls_param_failed( char* failure_condition, char* file, int line ) +#if defined(MBEDTLS_CHECK_PARAMS) +#include "mbedtls/platform_util.h" +void mbedtls_param_failed( const char *failure_condition, + const char *file, + int line ) { - mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_printf( "%s:%i: Input param failed - %s\n", + file, line, failure_condition ); mbedtls_exit( MBEDTLS_EXIT_FAILURE ); } #endif diff --git a/programs/test/ssl_cert_test.c b/programs/test/ssl_cert_test.c index fd713f50f..fdf30ef40 100644 --- a/programs/test/ssl_cert_test.c +++ b/programs/test/ssl_cert_test.c @@ -32,6 +32,7 @@ #include #define mbedtls_snprintf snprintf #define mbedtls_printf printf +#define mbedtls_exit exit #define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS #define MBEDTLS_EXIT_FAILURE EXIT_FAILURE #endif /* MBEDTLS_PLATFORM_C */ @@ -81,10 +82,14 @@ const char *client_private_keys[MAX_CLIENT_CERTS] = "cert_digest.key" }; -#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) -void mbedtls_param_failed( char* failure_condition, char* file, int line ) +#if defined(MBEDTLS_CHECK_PARAMS) +#include "mbedtls/platform_util.h" +void mbedtls_param_failed( const char *failure_condition, + const char *file, + int line ) { - mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_printf( "%s:%i: Input param failed - %s\n", + file, line, failure_condition ); mbedtls_exit( MBEDTLS_EXIT_FAILURE ); } #endif diff --git a/programs/util/pem2der.c b/programs/util/pem2der.c index 73a9fb5e0..0cc9d0664 100644 --- a/programs/util/pem2der.c +++ b/programs/util/pem2der.c @@ -33,6 +33,7 @@ #define mbedtls_free free #define mbedtls_calloc calloc #define mbedtls_printf printf +#define mbedtls_exit exit #define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS #define MBEDTLS_EXIT_FAILURE EXIT_FAILURE #endif /* MBEDTLS_PLATFORM_C */ @@ -63,6 +64,19 @@ int main( void ) return( 0 ); } #else + +#if defined(MBEDTLS_CHECK_PARAMS) +#define mbedtls_exit exit +void mbedtls_param_failed( const char *failure_condition, + const char *file, + int line ) +{ + mbedtls_printf( "%s:%i: Input param failed - %s\n", + file, line, failure_condition ); + mbedtls_exit( MBEDTLS_EXIT_FAILURE ); +} +#endif + /* * global options */ diff --git a/programs/x509/cert_app.c b/programs/x509/cert_app.c index 16c3d9f6f..626c4d101 100644 --- a/programs/x509/cert_app.c +++ b/programs/x509/cert_app.c @@ -34,6 +34,7 @@ #define mbedtls_time_t time_t #define mbedtls_fprintf fprintf #define mbedtls_printf printf +#define mbedtls_exit exit #define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS #define MBEDTLS_EXIT_FAILURE EXIT_FAILURE #endif /* MBEDTLS_PLATFORM_C */ @@ -99,10 +100,14 @@ int main( void ) " permissive=%%d default: 0 (disabled)\n" \ "\n" -#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) -void mbedtls_param_failed( char* failure_condition, char* file, int line ) +#if defined(MBEDTLS_CHECK_PARAMS) +#define mbedtls_exit exit +void mbedtls_param_failed( const char *failure_condition, + const char *file, + int line ) { - mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_printf( "%s:%i: Input param failed - %s\n", + file, line, failure_condition ); mbedtls_exit( MBEDTLS_EXIT_FAILURE ); } #endif diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c index a5560702e..027050c07 100644 --- a/programs/x509/cert_req.c +++ b/programs/x509/cert_req.c @@ -31,6 +31,7 @@ #include #include #define mbedtls_printf printf +#define mbedtls_exit exit #define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS #define MBEDTLS_EXIT_FAILURE EXIT_FAILURE #endif /* MBEDTLS_PLATFORM_C */ @@ -100,10 +101,13 @@ int main( void ) " SHA384, SHA512\n" \ "\n" -#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) -void mbedtls_param_failed( char* failure_condition, char* file, int line ) +#if defined(MBEDTLS_CHECK_PARAMS) +void mbedtls_param_failed( const char *failure_condition, + const char *file, + int line ) { - mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_printf( "%s:%i: Input param failed - %s\n", + file, line, failure_condition ); mbedtls_exit( MBEDTLS_EXIT_FAILURE ); } #endif diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c index fe60fbe89..cd39108f2 100644 --- a/programs/x509/cert_write.c +++ b/programs/x509/cert_write.c @@ -31,6 +31,7 @@ #include #include #define mbedtls_printf printf +#define mbedtls_exit exit #define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS #define MBEDTLS_EXIT_FAILURE EXIT_FAILURE #endif /* MBEDTLS_PLATFORM_C */ @@ -153,10 +154,14 @@ int main( void ) " object_signing_ca\n" \ "\n" -#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) -void mbedtls_param_failed( char* failure_condition, char* file, int line ) +#if defined(MBEDTLS_CHECK_PARAMS) +#define mbedtls_exit exit +void mbedtls_param_failed( const char *failure_condition, + const char *file, + int line ) { - mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_printf( "%s:%i: Input param failed - %s\n", + file, line, failure_condition ); mbedtls_exit( MBEDTLS_EXIT_FAILURE ); } #endif diff --git a/programs/x509/crl_app.c b/programs/x509/crl_app.c index 89adbdb7a..a95157067 100644 --- a/programs/x509/crl_app.c +++ b/programs/x509/crl_app.c @@ -31,6 +31,7 @@ #include #include #define mbedtls_printf printf +#define mbedtls_exit exit #define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS #define MBEDTLS_EXIT_FAILURE EXIT_FAILURE #endif /* MBEDTLS_PLATFORM_C */ @@ -60,10 +61,14 @@ int main( void ) " filename=%%s default: crl.pem\n" \ "\n" -#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) -void mbedtls_param_failed( char* failure_condition, char* file, int line ) +#if defined(MBEDTLS_CHECK_PARAMS) +#define mbedtls_exit exit +void mbedtls_param_failed( const char *failure_condition, + const char *file, + int line ) { - mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_printf( "%s:%i: Input param failed - %s\n", + file, line, failure_condition ); mbedtls_exit( MBEDTLS_EXIT_FAILURE ); } #endif diff --git a/programs/x509/req_app.c b/programs/x509/req_app.c index fc1da0d73..04ad119f7 100644 --- a/programs/x509/req_app.c +++ b/programs/x509/req_app.c @@ -31,6 +31,7 @@ #include #include #define mbedtls_printf printf +#define mbedtls_exit exit #define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS #define MBEDTLS_EXIT_FAILURE EXIT_FAILURE #endif /* MBEDTLS_PLATFORM_C */ @@ -60,10 +61,14 @@ int main( void ) " filename=%%s default: cert.req\n" \ "\n" -#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) -void mbedtls_param_failed( char* failure_condition, char* file, int line ) +#if defined(MBEDTLS_CHECK_PARAMS) +#define mbedtls_exit exit +void mbedtls_param_failed( const char *failure_condition, + const char *file, + int line ) { - mbedtls_printf("%s:%i: Input param failed - %sn", file, line, failure_condition ); + mbedtls_printf( "%s:%i: Input param failed - %s\n", + file, line, failure_condition ); mbedtls_exit( MBEDTLS_EXIT_FAILURE ); } #endif diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function index 4b9513f9d..472df425b 100644 --- a/tests/suites/helpers.function +++ b/tests/suites/helpers.function @@ -287,7 +287,9 @@ static void platform_teardown() } #if defined(MBEDTLS_CHECK_PARAMS) -void mbedtls_param_failed( char* failure_condition, char* file, int line ) +void mbedtls_param_failed( const char *failure_condition, + const char *file, + int line ) { /* If we are testing the callback function... */ if ( test_info.paramfail_test_state == PARAMFAIL_TESTSTATE_PENDING ) From a2b0e27378f1613c45fd324e4cf74a54654b2ebe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 10 Dec 2018 15:23:58 +0100 Subject: [PATCH 12/35] Skip param validation tests if custom macro used The test framework for validation of parameters depends on the macro MBEDTLS_PARAM_FAILED() being set to its default value when building the library. So far the test framework attempted to define this macro but this was the wrong place - this definition wouldn't be picked by the library. Instead, a different approach is taken: skip those tests when the macro is defined in config.h, as in that case we have no way to know if it will indeed end up calling mbedtls_param_failed() as we need it to. This commit was tested by manually ensuring that aes_invalid_params: - passes (and is not skipped) in the default configuration - is skipped when MBEDTLS_PARAM_FAILED() is defined in config.h --- include/mbedtls/platform_util.h | 14 ++++++++-- tests/suites/helpers.function | 38 ++++++++------------------- tests/suites/test_suite_aes.function | 2 +- tests/suites/test_suite_aes.rest.data | 1 - 4 files changed, 24 insertions(+), 31 deletions(-) diff --git a/include/mbedtls/platform_util.h b/include/mbedtls/platform_util.h index e8fab66a4..a712764a6 100644 --- a/include/mbedtls/platform_util.h +++ b/include/mbedtls/platform_util.h @@ -41,7 +41,16 @@ extern "C" { #endif -#if defined( MBEDTLS_CHECK_PARAMS ) && !defined(MBEDTLS_PARAM_FAILED) +#if defined( MBEDTLS_CHECK_PARAMS ) + +#if defined(MBEDTLS_PARAM_FAILED) +/** An alternative definition of MBEDTLS_PARAM_FAILED has been set in config.h. + * + * This flag can be used to check whether it is safe to assume that + * MBEDTLS_PARAM_FAILED() will expand to a call to mbedtls_param_failed(). + */ +#define MBEDTLS_PARAM_FAILED_ALT +#else #define MBEDTLS_PARAM_FAILED( cond ) \ mbedtls_param_failed( cond, __FILE__, __LINE__ ) @@ -67,7 +76,8 @@ extern "C" { void mbedtls_param_failed( const char* failure_condition, const char* file, int line ); -#endif /* MBEDTLS_CHECK_PARAMS && !MBEDTLS_PARAM_FAILED */ +#endif /* MBEDTLS_PARAM_FAILED */ +#endif /* MBEDTLS_CHECK_PARAMS */ /** * \brief Securely zeroize a buffer diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function index 472df425b..71390ecfe 100644 --- a/tests/suites/helpers.function +++ b/tests/suites/helpers.function @@ -24,10 +24,9 @@ #endif #if defined(MBEDTLS_CHECK_PARAMS) +#include "mbedtls/platform_util.h" #include -#define MBEDTLS_PARAM_FAILED(x) mbedtls_param_failed( #x, __FILE__, __LINE__ ) - -#endif /* MBEDTLS_CHECK_PARAMS */ +#endif #ifdef _MSC_VER #include @@ -92,7 +91,8 @@ typedef enum * code that can be tested. * * When MBEDTLS_CHECK_PARAMS is enabled, calls to the parameter failure - * callback, MBEDTLS_PARAM_FAIL, will be assumed to be a test failure. + * callback, MBEDTLS_PARAM_FAILED(), will be assumed to be a test + * failure. * * This macro is not suitable for negative parameter validation tests, * as it assumes the test step will not create an error. @@ -109,7 +109,7 @@ typedef enum } \ } while( 0 ) -#if defined(MBEDTLS_CHECK_PARAMS) +#if defined(MBEDTLS_CHECK_PARAMS) && !defined(MBEDTLS_PARAM_FAILED_ALT) /** * \brief This macro tests the statement passed to it as a test step or * individual test in a test case. The macro assumes the test will fail @@ -119,12 +119,12 @@ typedef enum * code on return to confirm the given error code was returned. * * When MBEDTLS_CHECK_PARAMS is enabled, calls to the parameter failure - * callback, MBEDTLS_PARAM_FAIL, are assumed to indicate the + * callback, MBEDTLS_PARAM_FAILED(), are assumed to indicate the * expected failure, and the test will pass. * * This macro is intended for negative parameter validation tests, * where the failing function may return an error value or call - * MBEDTLS_PARAM_FAIL to indicate the error. + * MBEDTLS_PARAM_FAILED() to indicate the error. * * \param PARAM_ERROR_VALUE The expected error code. * @@ -148,16 +148,16 @@ typedef enum * * It assumes the library function under test cannot return a value and * assumes errors can only be indicated byt calls to - * MBEDTLS_PARAM_FAIL. + * MBEDTLS_PARAM_FAILED(). * * When MBEDTLS_CHECK_PARAMS is enabled, calls to the parameter failure - * callback, MBEDTLS_PARAM_FAIL, are assumed to indicate the + * callback, MBEDTLS_PARAM_FAILED(), are assumed to indicate the * expected failure. If MBEDTLS_CHECK_PARAMS is not enabled, no test * can be made. * * This macro is intended for negative parameter validation tests, * where the failing function can only return an error by calling - * MBEDTLS_PARAM_FAIL to indicate the error. + * MBEDTLS_PARAM_FAILED() to indicate the error. * * \param TEST The test expression to be tested. */ @@ -173,23 +173,7 @@ typedef enum memcpy(param_fail_jmp, jmp_tmp, sizeof(jmp_buf)); \ } while( 0 ) -#else - -#define TEST_INVALID_PARAM_RET( PARAM_ERR_VALUE, TEST ) \ - do { \ - if( (TEST) != (PARAM_ERR_VALUE) ) \ - { \ - test_fail( #TEST, __LINE__, __FILE__ ); \ - goto exit; \ - } \ - } while( 0 ) - -#define TEST_INVALID_PARAM( TEST ) \ - do { \ - TEST; \ - } while( 0 ) - -#endif /* !defined( MBEDTLS_CHECK_PARAMS ) */ +#endif /* MBEDTLS_CHECK_PARAMS && !MBEDTLS_PARAM_FAILED_ALT */ #define assert(a) if( !( a ) ) \ { \ diff --git a/tests/suites/test_suite_aes.function b/tests/suites/test_suite_aes.function index 062234b50..7dab01b47 100644 --- a/tests/suites/test_suite_aes.function +++ b/tests/suites/test_suite_aes.function @@ -371,7 +371,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */ void aes_invalid_param( ) { mbedtls_aes_context dummy_ctx; diff --git a/tests/suites/test_suite_aes.rest.data b/tests/suites/test_suite_aes.rest.data index 3ec916ded..14b78a605 100644 --- a/tests/suites/test_suite_aes.rest.data +++ b/tests/suites/test_suite_aes.rest.data @@ -11,7 +11,6 @@ AES-256-CBC Decrypt (Invalid input length) aes_decrypt_cbc:"0000000000000000000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"623a52fcea5d443e48d9181ab32c74":"":MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH AES - Invalid parameters -depends_on:MBEDTLS_CHECK_PARAMS aes_invalid_param: AES Selftest From ab588529e1fd2d3a5368ffefd4ed2722f11d665e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 10 Dec 2018 16:04:46 +0100 Subject: [PATCH 13/35] Rework documentation. --- include/mbedtls/config.h | 63 +++++++++++++++++++++++++++------ include/mbedtls/platform_util.h | 14 +++++--- 2 files changed, 61 insertions(+), 16 deletions(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 25f6c8c28..54be651b9 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -259,19 +259,41 @@ /** * \def MBEDTLS_CHECK_PARAMS * - * This configuration controls whether the library validates parameters passed - * to it. + * This configuration controls whether the library validates more of the + * parameters passed to it. * - * Application code that deals with 3rd party input may wish to enable such - * validation, whilst code on closed systems, such as embedded systems, where - * the input is controlled and predictable, may wish to disable it entirely to - * reduce the code size of the library. + * When this flag is not defined, the library only attempts to validate input + * parameter if: (1) they may come from the outside world (such as the + * network, the filesystem, etc.) or (2) not validating them could result in + * internal memory errors such as overflowing a buffer controlled by the + * library. On the other hand, it doesn't attempt to validate parameters whose + * values are fully controlled by the application (such as pointers). * - * When the symbol is not defined, no parameter validation except that required - * to ensure the integrity or security of the library are performed. + * When this flag is defined, the library additionally attempts to validate + * parameters that are fully controlled by the application, and should always + * be valid if the application code is fully correct and trusted. * - * When the symbol is defined, all parameters will be validated, and an error - * code returned where appropriate. + * For example, when a function accepts a input a pointer to a buffer than may + * contain untrusted data, and its documentation mentions that this pointer + * must not be NULL: + * - the pointer is checked to be non-NULL only if this option is enabled + * - the content of the buffer is always validated + * + * When this flag is defined, if a library function receives a parameter that + * is invalid, it will: + * - invoke the macro MBEDTLS_PARAM_FAILED() which by default expands to a + * call to the function mbedtls_param_failed() + * - immediately return (with a specific error code unless the function + * returns void and can't communicate an error). + * + * When defining this flag, you also need to: + * - either provide a definition of the function mbedtls_param_failed() in + * your application (see platform_util.h for its prototype) as the library + * calls that function, but does not provide a default definition for it, + * - or provide a different definition of the macro MBEDTLS_PARAM_FAILED() + * below if the above mechanism is not enough flexible to suit your needs. + * + * Uncomment to enable validation of application-controlled parameters. */ #define MBEDTLS_CHECK_PARAMS @@ -3015,7 +3037,26 @@ //#define MBEDTLS_PLATFORM_NV_SEED_READ_MACRO mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */ //#define MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */ -//#define MBEDTLS_PARAM_FAILED(x) mbedtls_param_failed( #x, __FILE__, __LINE__ ) /**< Default parameter validation callback to use. Can be undefined */ +/** + * \brief This macro is invoked by the library when an invalid parameter + * is detected that is only checked with MBEDTLS_CHECK_PARAMS + * (see the document of the flag for context). + * + * When you leave this undefined here, a default definition is + * provided the invokes the function mbedtls_param_failed(), + * which is declared in platform_util.h for the benefit of the + * library, but that you need to define in your application. + * + * When you define this here, this replaces the default + * definition in platform_util.h (which no longer declares the + * function mbedtls_param_failed()) and it is your responsability + * to make sure this macro expands to something suitable (in + * particular, that all the necessary declarations are visible + * from within the library). + * + * \param cond The expression that should evaluate to true, but doesn't. + */ +//#define MBEDTLS_PARAM_FAILED( cond ) assert( cond ) /* SSL Cache options */ diff --git a/include/mbedtls/platform_util.h b/include/mbedtls/platform_util.h index a712764a6..ed21ffa91 100644 --- a/include/mbedtls/platform_util.h +++ b/include/mbedtls/platform_util.h @@ -52,7 +52,7 @@ extern "C" { #define MBEDTLS_PARAM_FAILED_ALT #else #define MBEDTLS_PARAM_FAILED( cond ) \ - mbedtls_param_failed( cond, __FILE__, __LINE__ ) + mbedtls_param_failed( #cond, __FILE__, __LINE__ ) /** * \brief User supplied callback function for parameter validation failure. @@ -66,15 +66,19 @@ extern "C" { * application software using Mbed TLS, or catch other runtime * errors which may be due to issues in the application software. * - * This function will be called unless an alternative function is - * defined through the MBEDTLS_PARAM_FAILURE function. + * This function will be called unless an alternative treatement + * is defined through the MBEDTLS_PARAM_FAILURE() macro. * * This function can return, and the operation will be aborted, or * alternatively, through use of setjmp()/longjmp() can resume * execution in the application code. + * + * \param failure_condition The assertion that didn't hold. + * \param file The file where the assertion failed. + * \param line The line in the file where the assertion failed. */ -void mbedtls_param_failed( const char* failure_condition, - const char* file, +void mbedtls_param_failed( const char *failure_condition, + const char *file, int line ); #endif /* MBEDTLS_PARAM_FAILED */ #endif /* MBEDTLS_CHECK_PARAMS */ From a96762675395edf1c11574ccf0f8d17db2987468 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 10 Dec 2018 16:12:56 +0100 Subject: [PATCH 14/35] Make MBEDTLS_CHECK_PARAMS disabled by default --- include/mbedtls/config.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 54be651b9..bf4d1c424 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -295,7 +295,7 @@ * * Uncomment to enable validation of application-controlled parameters. */ -#define MBEDTLS_CHECK_PARAMS +//#define MBEDTLS_CHECK_PARAMS /* \} name SECTION: System support */ From 0e9cddbf1af8b92912e45a0a356a7a75ea4f972f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 10 Dec 2018 16:37:51 +0100 Subject: [PATCH 15/35] Introduce generic validation macros Avoid duplicating source code for each module. --- include/mbedtls/aes.h | 16 ---------------- include/mbedtls/platform_util.h | 27 +++++++++++++++++++++++++++ library/aes.c | 16 +++++++++++----- 3 files changed, 38 insertions(+), 21 deletions(-) diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h index 62c1f9234..cfb20c4fc 100644 --- a/include/mbedtls/aes.h +++ b/include/mbedtls/aes.h @@ -67,22 +67,6 @@ /* MBEDTLS_ERR_AES_HW_ACCEL_FAILED is deprecated and should not be used. */ #define MBEDTLS_ERR_AES_HW_ACCEL_FAILED -0x0025 /**< AES hardware accelerator failed. */ -#if defined( MBEDTLS_CHECK_PARAMS ) -#define MBEDTLS_AES_VALIDATE_RET( cond ) do{ if( !(cond) ) { \ - MBEDTLS_PARAM_FAILED( #cond ); \ - return MBEDTLS_ERR_AES_BAD_INPUT_DATA;} \ - } while(0); - -#define MBEDTLS_AES_VALIDATE( cond ) do{ if( !(cond) ) { \ - MBEDTLS_PARAM_FAILED( #cond ); \ - return; } \ - } while(0); -#else -/* No validation of parameters will be performed */ -#define MBEDTLS_AES_VALIDATE_RET( cond ) -#define MBEDTLS_AES_VALIDATE( cond) -#endif - #if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ !defined(inline) && !defined(__cplusplus) #define inline __inline diff --git a/include/mbedtls/platform_util.h b/include/mbedtls/platform_util.h index ed21ffa91..1ac16d45f 100644 --- a/include/mbedtls/platform_util.h +++ b/include/mbedtls/platform_util.h @@ -81,6 +81,33 @@ void mbedtls_param_failed( const char *failure_condition, const char *file, int line ); #endif /* MBEDTLS_PARAM_FAILED */ + +/* Internal macro meant to be called only from within the library. */ +#define MBEDTLS_INTERNAL_VALIDATE_RET( cond, ret ) \ + do { \ + if( !(cond) ) \ + { \ + MBEDTLS_PARAM_FAILED( #cond ); \ + return( ret ); \ + } \ + } while( 0 ) + +/* Internal macro meant to be called only from within the library. */ +#define MBEDTLS_INTERNAL_VALIDATE( cond ) \ + do { \ + if( !(cond) ) \ + { \ + MBEDTLS_PARAM_FAILED( #cond ); \ + return; \ + } \ + } while( 0 ) + +#else /* MBEDTLS_CHECK_PARAMS */ + +/* Internal macros meant to be called only from within the library. */ +#define MBEDTLS_INTERNAL_VALIDATE_RET( cond, ret ) do { } while( 0 ) +#define MBEDTLS_INTERNAL_VALIDATE( cond ) do { } while( 0 ) + #endif /* MBEDTLS_CHECK_PARAMS */ /** diff --git a/library/aes.c b/library/aes.c index 7a364a0f6..6ff39d74c 100644 --- a/library/aes.c +++ b/library/aes.c @@ -56,6 +56,12 @@ #if !defined(MBEDTLS_AES_ALT) +/* Parameter validation macros based on platform_util.h */ +#define AES_VALIDATE_RET( cond ) \ + MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_AES_BAD_INPUT_DATA) +#define AES_VALIDATE( cond ) \ + MBEDTLS_INTERNAL_VALIDATE( cond ) + /* * 32-bit integer manipulation macros (little endian) */ @@ -511,7 +517,7 @@ static void aes_gen_tables( void ) void mbedtls_aes_init( mbedtls_aes_context *ctx ) { - MBEDTLS_AES_VALIDATE( ctx != NULL ); + AES_VALIDATE( ctx != NULL ); memset( ctx, 0, sizeof( mbedtls_aes_context ) ); } @@ -527,7 +533,7 @@ void mbedtls_aes_free( mbedtls_aes_context *ctx ) #if defined(MBEDTLS_CIPHER_MODE_XTS) void mbedtls_aes_xts_init( mbedtls_aes_xts_context *ctx ) { - MBEDTLS_AES_VALIDATE( ctx != NULL ); + AES_VALIDATE( ctx != NULL ); mbedtls_aes_init( &ctx->crypt ); mbedtls_aes_init( &ctx->tweak ); @@ -535,7 +541,7 @@ void mbedtls_aes_xts_init( mbedtls_aes_xts_context *ctx ) void mbedtls_aes_xts_free( mbedtls_aes_xts_context *ctx ) { - MBEDTLS_AES_VALIDATE( ctx != NULL ); + AES_VALIDATE( ctx != NULL ); mbedtls_aes_free( &ctx->crypt ); mbedtls_aes_free( &ctx->tweak ); @@ -552,7 +558,7 @@ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key, unsigned int i; uint32_t *RK; - MBEDTLS_AES_VALIDATE_RET( ctx != NULL && key != NULL ); + AES_VALIDATE_RET( ctx != NULL && key != NULL ); switch( keybits ) { @@ -670,7 +676,7 @@ int mbedtls_aes_setkey_dec( mbedtls_aes_context *ctx, const unsigned char *key, uint32_t *RK; uint32_t *SK; - MBEDTLS_AES_VALIDATE_RET( ctx != NULL && key != NULL ); + AES_VALIDATE_RET( ctx != NULL && key != NULL ); mbedtls_aes_init( &cty ); From 44c5d58d05a1afbee11903d7c40f84b68f8bb888 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 10 Dec 2018 16:56:14 +0100 Subject: [PATCH 16/35] Document AES functions and fix free() functions --- include/mbedtls/aes.h | 18 ++++++++++-------- library/aes.c | 11 +++++++---- tests/suites/helpers.function | 27 +++++++++++++++++++++++++++ tests/suites/test_suite_aes.function | 6 ++++++ 4 files changed, 50 insertions(+), 12 deletions(-) diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h index cfb20c4fc..da7ab5496 100644 --- a/include/mbedtls/aes.h +++ b/include/mbedtls/aes.h @@ -121,14 +121,14 @@ typedef struct mbedtls_aes_xts_context * It must be the first API called before using * the context. * - * \param ctx The AES context to initialize. + * \param ctx The AES context to initialize. Must not be NULL. */ void mbedtls_aes_init( mbedtls_aes_context *ctx ); /** * \brief This function releases and clears the specified AES context. * - * \param ctx The AES context to clear. + * \param ctx The AES context to clear. If NULL, no action is taken. */ void mbedtls_aes_free( mbedtls_aes_context *ctx ); @@ -139,14 +139,14 @@ void mbedtls_aes_free( mbedtls_aes_context *ctx ); * It must be the first API called before using * the context. * - * \param ctx The AES XTS context to initialize. + * \param ctx The AES XTS context to initialize. Must not be NULL. */ void mbedtls_aes_xts_init( mbedtls_aes_xts_context *ctx ); /** * \brief This function releases and clears the specified AES XTS context. * - * \param ctx The AES XTS context to clear. + * \param ctx The AES XTS context to clear. If NULL, no action is taken. */ void mbedtls_aes_xts_free( mbedtls_aes_xts_context *ctx ); #endif /* MBEDTLS_CIPHER_MODE_XTS */ @@ -154,8 +154,9 @@ void mbedtls_aes_xts_free( mbedtls_aes_xts_context *ctx ); /** * \brief This function sets the encryption key. * - * \param ctx The AES context to which the key should be bound. - * \param key The encryption key. + * \param ctx The AES context to which the key should be bound. Must not + * be NULL. + * \param key The encryption key. Must not be NULL. * \param keybits The size of data passed in bits. Valid options are: *
  • 128 bits
    • *
  • 192 bits
    • @@ -170,8 +171,9 @@ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key, /** * \brief This function sets the decryption key. * - * \param ctx The AES context to which the key should be bound. - * \param key The decryption key. + * \param ctx The AES context to which the key should be bound. Must not + * be NULL. + * \param key The decryption key. Must not be NULL. * \param keybits The size of data passed. Valid options are: *
    • 128 bits
      • *
    • 192 bits
      • diff --git a/library/aes.c b/library/aes.c index 6ff39d74c..cc1e5ceb4 100644 --- a/library/aes.c +++ b/library/aes.c @@ -58,7 +58,7 @@ /* Parameter validation macros based on platform_util.h */ #define AES_VALIDATE_RET( cond ) \ - MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_AES_BAD_INPUT_DATA) + MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_AES_BAD_INPUT_DATA ) #define AES_VALIDATE( cond ) \ MBEDTLS_INTERNAL_VALIDATE( cond ) @@ -541,7 +541,8 @@ void mbedtls_aes_xts_init( mbedtls_aes_xts_context *ctx ) void mbedtls_aes_xts_free( mbedtls_aes_xts_context *ctx ) { - AES_VALIDATE( ctx != NULL ); + if( ctx == NULL ) + return; mbedtls_aes_free( &ctx->crypt ); mbedtls_aes_free( &ctx->tweak ); @@ -558,7 +559,8 @@ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key, unsigned int i; uint32_t *RK; - AES_VALIDATE_RET( ctx != NULL && key != NULL ); + AES_VALIDATE_RET( ctx != NULL ); + AES_VALIDATE_RET( key != NULL ); switch( keybits ) { @@ -676,7 +678,8 @@ int mbedtls_aes_setkey_dec( mbedtls_aes_context *ctx, const unsigned char *key, uint32_t *RK; uint32_t *SK; - AES_VALIDATE_RET( ctx != NULL && key != NULL ); + AES_VALIDATE_RET( ctx != NULL ); + AES_VALIDATE_RET( key != NULL ); mbedtls_aes_init( &cty ); diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function index 71390ecfe..57bc25913 100644 --- a/tests/suites/helpers.function +++ b/tests/suites/helpers.function @@ -173,6 +173,33 @@ typedef enum memcpy(param_fail_jmp, jmp_tmp, sizeof(jmp_buf)); \ } while( 0 ) +/** + * \brief This macro tests the statement passed to it as a test step or + * individual test in a test case. The macro assumes the test will not fail. + * + * It assumes the library function under test cannot return a value and + * assumes errors can only be indicated by calls to + * MBEDTLS_PARAM_FAILED(). + * + * When MBEDTLS_CHECK_PARAMS is enabled, calls to the parameter failure + * callback, MBEDTLS_PARAM_FAILED(), are assumed to indicate the + * expected failure. If MBEDTLS_CHECK_PARAMS is not enabled, no test + * can be made. + * + * This macro is intended to test that function that return void + * accept all of the parameter values they're supposed to accept - eg + * that they don't call MBEDTLS_PARAM_FAILED() when a parameter + * that's allowed to be NULL happends to be NULL. + * + * Note: for functions that return something other that void, + * checking that they accept all the parameters they're supposed to + * accept is best done by using TEST_ASSERT() and checking the return + * value as well. + * + * \param TEST The test expression to be tested. + */ +#define TEST_VALID_PARAM( TEST ) \ + TEST_ASSERT( ( TEST, 1 ) ); #endif /* MBEDTLS_CHECK_PARAMS && !MBEDTLS_PARAM_FAILED_ALT */ #define assert(a) if( !( a ) ) \ diff --git a/tests/suites/test_suite_aes.function b/tests/suites/test_suite_aes.function index 7dab01b47..f61f71c3e 100644 --- a/tests/suites/test_suite_aes.function +++ b/tests/suites/test_suite_aes.function @@ -379,6 +379,8 @@ void aes_invalid_param( ) TEST_INVALID_PARAM( mbedtls_aes_init( NULL ) ); + TEST_INVALID_PARAM( mbedtls_aes_xts_init( NULL ) ); + /* mbedtls_aes_setkey_enc() */ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, mbedtls_aes_setkey_enc( NULL, key, 128 ) ); @@ -393,6 +395,10 @@ void aes_invalid_param( ) TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, mbedtls_aes_setkey_dec( &dummy_ctx, NULL, 128 ) ); + /* These calls accept NULL */ + TEST_VALID_PARAM( mbedtls_aes_free( NULL ) ); + TEST_VALID_PARAM( mbedtls_aes_xts_free( NULL ) ); + exit: return; } From 0e17cc93c67b6c591e61ae6f6ec740e44c6a26c4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 11 Dec 2018 09:26:54 +0100 Subject: [PATCH 17/35] Avoid stringifying condition too early It's better if the macro receives the condition as an expression rather than a string - that way it can choose to use it as is or stringify it. Also, the documentation states that the parameter is an expression, not a string. --- include/mbedtls/platform_util.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/platform_util.h b/include/mbedtls/platform_util.h index 1ac16d45f..105b43caf 100644 --- a/include/mbedtls/platform_util.h +++ b/include/mbedtls/platform_util.h @@ -87,7 +87,7 @@ void mbedtls_param_failed( const char *failure_condition, do { \ if( !(cond) ) \ { \ - MBEDTLS_PARAM_FAILED( #cond ); \ + MBEDTLS_PARAM_FAILED( cond ); \ return( ret ); \ } \ } while( 0 ) @@ -97,7 +97,7 @@ void mbedtls_param_failed( const char *failure_condition, do { \ if( !(cond) ) \ { \ - MBEDTLS_PARAM_FAILED( #cond ); \ + MBEDTLS_PARAM_FAILED( cond ); \ return; \ } \ } while( 0 ) From e451be5d046eea930b9db0adb345cdafb5a8c105 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 11 Dec 2018 09:37:26 +0100 Subject: [PATCH 18/35] Update version_features.c --- library/version_features.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/library/version_features.c b/library/version_features.c index f1798a7ff..4c36d3caa 100644 --- a/library/version_features.c +++ b/library/version_features.c @@ -84,6 +84,9 @@ static const char *features[] = { #if defined(MBEDTLS_DEPRECATED_REMOVED) "MBEDTLS_DEPRECATED_REMOVED", #endif /* MBEDTLS_DEPRECATED_REMOVED */ +#if defined(MBEDTLS_CHECK_PARAMS) + "MBEDTLS_CHECK_PARAMS", +#endif /* MBEDTLS_CHECK_PARAMS */ #if defined(MBEDTLS_TIMING_ALT) "MBEDTLS_TIMING_ALT", #endif /* MBEDTLS_TIMING_ALT */ From 22028a0b8d20beb6fbed81a526ba099d22ed2471 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 11 Dec 2018 10:29:25 +0100 Subject: [PATCH 19/35] Fix a typo in documentation --- include/mbedtls/platform_util.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/platform_util.h b/include/mbedtls/platform_util.h index 105b43caf..2dc0fb7b9 100644 --- a/include/mbedtls/platform_util.h +++ b/include/mbedtls/platform_util.h @@ -67,7 +67,7 @@ extern "C" { * errors which may be due to issues in the application software. * * This function will be called unless an alternative treatement - * is defined through the MBEDTLS_PARAM_FAILURE() macro. + * is defined through the MBEDTLS_PARAM_FAILED() macro. * * This function can return, and the operation will be aborted, or * alternatively, through use of setjmp()/longjmp() can resume From 840af0a9ae6b8d7797786c5a6e3d83cec3417a7b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 11 Dec 2018 10:34:04 +0100 Subject: [PATCH 20/35] Add tests to all.sh for CHECK_PARAMS edge cases --- tests/scripts/all.sh | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 19baf5e8a..64cb695c8 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -618,6 +618,30 @@ record_status check_headers_in_cpp msg "build: Unix make, incremental g++" make TEST_CPP=1 + +msg "build+test: MBEDTLS_CHECK_PARAMS without MBEDTLS_PLATFORM_C" +cleanup +scripts/config.pl full # includes CHECK_PARAMS +scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests +scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C +scripts/config.pl unset MBEDTLS_PLATFORM_EXIT_ALT +scripts/config.pl unset MBEDTLS_PLATFORM_TIME_ALT +scripts/config.pl unset MBEDTLS_PLATFORM_FPRINTF_ALT +scripts/config.pl unset MBEDTLS_PLATFORM_MEMORY +scripts/config.pl unset MBEDTLS_PLATFORM_PRINTF_ALT +scripts/config.pl unset MBEDTLS_PLATFORM_SNPRINTF_ALT +scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED +scripts/config.pl unset MBEDTLS_PLATFORM_C +make CC=gcc CFLAGS='-Werror -O1' all test + +msg "build+test: MBEDTLS_CHECK_PARAMS with alternative MBEDTLS_PARAM_FAILED()" +cleanup +scripts/config.pl full # includes CHECK_PARAMS +scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests +sed -i 's/.*\(#define MBEDTLS_PARAM_FAILED( cond )\).*/\1/' "$CONFIG_H" +make CC=gcc CFLAGS='-Werror -O1' all test + + # Full configuration build, without platform support, file IO and net sockets. # This should catch missing mbedtls_printf definitions, and by disabling file # IO, it should catch missing '#include ' From acfdc623d2d47457a1f4c98bc4db373b5d143e36 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 11 Dec 2018 10:36:21 +0100 Subject: [PATCH 21/35] Fix test macro that was too lenient Previously, one could change the definition of AES_VALIDATE_RET() to return some other code than MBEDTLS_ERR_AES_BAD_INPUT_DATA, and the test suite wouldn't notice. Now this modification would make the suite fail as expected. --- tests/suites/helpers.function | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function index 57bc25913..b5bd31e74 100644 --- a/tests/suites/helpers.function +++ b/tests/suites/helpers.function @@ -133,7 +133,7 @@ typedef enum #define TEST_INVALID_PARAM_RET( PARAM_ERR_VALUE, TEST ) \ do { \ test_info.paramfail_test_state = PARAMFAIL_TESTSTATE_PENDING; \ - if( (TEST) != (PARAM_ERR_VALUE) && \ + if( (TEST) != (PARAM_ERR_VALUE) || \ test_info.paramfail_test_state != PARAMFAIL_TESTSTATE_CALLED ) \ { \ test_fail( #TEST, __LINE__, __FILE__ ); \ From 8a46c22466a84697d69e2b8aaaeb7b12cfd26320 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 11 Dec 2018 10:46:41 +0100 Subject: [PATCH 22/35] Add a ChangeLog entry for MBEDTLS_CHECK_PARAMS --- ChangeLog | 24 +++++++++++++++--------- 1 file changed, 15 insertions(+), 9 deletions(-) diff --git a/ChangeLog b/ChangeLog index 43dfb9977..9d51378d1 100644 --- a/ChangeLog +++ b/ChangeLog @@ -22,15 +22,11 @@ Security * Wipe sensitive buffers on the stack in the CTR_DRBG and HMAC_DRBG modules. -API Changes - * The following functions in the random generator modules have been - deprecated and replaced as shown below. The new functions change - the return type from void to int to allow returning error codes when - using MBEDTLS__ALT for the underlying AES or message digest - primitive. Fixes #1798. - mbedtls_ctr_drbg_update() -> mbedtls_ctr_drbg_update_ret() - mbedtls_hmac_drbg_update() -> mbedtls_hmac_drbg_update_ret() - * Extend ECDH interface to enable alternative implementations. +Features + * Add new config.h flag MBEDTLS_CHECK_PARAMS that enables validation of + more of the parameters by public API functions (see its documentation for + details). Disabled by default - requires users to provide an + implementation of the callback function or macro. New deprecations * Deprecate mbedtls_ctr_drbg_update and mbedtls_hmac_drbg_update @@ -52,6 +48,16 @@ Bugfix * Fix double initialization of ECC hardware that made some accelerators hang. +API Changes + * The following functions in the random generator modules have been + deprecated and replaced as shown below. The new functions change + the return type from void to int to allow returning error codes when + using MBEDTLS__ALT for the underlying AES or message digest + primitive. Fixes #1798. + mbedtls_ctr_drbg_update() -> mbedtls_ctr_drbg_update_ret() + mbedtls_hmac_drbg_update() -> mbedtls_hmac_drbg_update_ret() + * Extend ECDH interface to enable alternative implementations. + = mbed TLS 2.14.0 branch released 2018-11-19 Security From 9b8ea89ae50a19806423e87e20216a146b305167 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 11 Dec 2018 10:56:56 +0100 Subject: [PATCH 23/35] Fix a few style / whitespace issues --- include/mbedtls/config.h | 1 - include/mbedtls/platform_util.h | 4 ++-- tests/suites/helpers.function | 1 - 3 files changed, 2 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index bf4d1c424..6b0db346d 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -3058,7 +3058,6 @@ */ //#define MBEDTLS_PARAM_FAILED( cond ) assert( cond ) - /* SSL Cache options */ //#define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT 86400 /**< 1 day */ //#define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES 50 /**< Maximum entries in cache */ diff --git a/include/mbedtls/platform_util.h b/include/mbedtls/platform_util.h index 2dc0fb7b9..604498aa6 100644 --- a/include/mbedtls/platform_util.h +++ b/include/mbedtls/platform_util.h @@ -41,7 +41,7 @@ extern "C" { #endif -#if defined( MBEDTLS_CHECK_PARAMS ) +#if defined(MBEDTLS_CHECK_PARAMS) #if defined(MBEDTLS_PARAM_FAILED) /** An alternative definition of MBEDTLS_PARAM_FAILED has been set in config.h. @@ -50,7 +50,7 @@ extern "C" { * MBEDTLS_PARAM_FAILED() will expand to a call to mbedtls_param_failed(). */ #define MBEDTLS_PARAM_FAILED_ALT -#else +#else /* MBEDTLS_PARAM_FAILED */ #define MBEDTLS_PARAM_FAILED( cond ) \ mbedtls_param_failed( #cond, __FILE__, __LINE__ ) diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function index b5bd31e74..9aecbb1bb 100644 --- a/tests/suites/helpers.function +++ b/tests/suites/helpers.function @@ -99,7 +99,6 @@ typedef enum * * \param TEST The test expression to be tested. */ - #define TEST_ASSERT( TEST ) \ do { \ if( ! (TEST) ) \ From 35acb099d6d2562672e5ce969cc11ff97b836625 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 11 Dec 2018 12:26:49 +0100 Subject: [PATCH 24/35] Fix some documentation typos/markup/duplication. --- include/mbedtls/aes.h | 16 ++++++++-------- include/mbedtls/config.h | 6 +++--- include/mbedtls/platform_util.h | 12 ++---------- 3 files changed, 13 insertions(+), 21 deletions(-) diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h index da7ab5496..97c009802 100644 --- a/include/mbedtls/aes.h +++ b/include/mbedtls/aes.h @@ -121,14 +121,14 @@ typedef struct mbedtls_aes_xts_context * It must be the first API called before using * the context. * - * \param ctx The AES context to initialize. Must not be NULL. + * \param ctx The AES context to initialize. Must not be \c NULL. */ void mbedtls_aes_init( mbedtls_aes_context *ctx ); /** * \brief This function releases and clears the specified AES context. * - * \param ctx The AES context to clear. If NULL, no action is taken. + * \param ctx The AES context to clear. If \c NULL, no action is taken. */ void mbedtls_aes_free( mbedtls_aes_context *ctx ); @@ -139,14 +139,14 @@ void mbedtls_aes_free( mbedtls_aes_context *ctx ); * It must be the first API called before using * the context. * - * \param ctx The AES XTS context to initialize. Must not be NULL. + * \param ctx The AES XTS context to initialize. Must not be \c NULL. */ void mbedtls_aes_xts_init( mbedtls_aes_xts_context *ctx ); /** * \brief This function releases and clears the specified AES XTS context. * - * \param ctx The AES XTS context to clear. If NULL, no action is taken. + * \param ctx The AES XTS context to clear. If \c NULL, no action is taken. */ void mbedtls_aes_xts_free( mbedtls_aes_xts_context *ctx ); #endif /* MBEDTLS_CIPHER_MODE_XTS */ @@ -155,8 +155,8 @@ void mbedtls_aes_xts_free( mbedtls_aes_xts_context *ctx ); * \brief This function sets the encryption key. * * \param ctx The AES context to which the key should be bound. Must not - * be NULL. - * \param key The encryption key. Must not be NULL. + * be \c NULL. + * \param key The encryption key. Must not be \c NULL. * \param keybits The size of data passed in bits. Valid options are: *
      • 128 bits
        • *
      • 192 bits
        • @@ -172,8 +172,8 @@ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key, * \brief This function sets the decryption key. * * \param ctx The AES context to which the key should be bound. Must not - * be NULL. - * \param key The decryption key. Must not be NULL. + * be \c NULL. + * \param key The decryption key. Must not be \c NULL. * \param keybits The size of data passed. Valid options are: *
        • 128 bits
          • *
        • 192 bits
          • diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 6b0db346d..a4ab9cb79 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -3040,16 +3040,16 @@ /** * \brief This macro is invoked by the library when an invalid parameter * is detected that is only checked with MBEDTLS_CHECK_PARAMS - * (see the document of the flag for context). + * (see the documentation of that option for context). * * When you leave this undefined here, a default definition is - * provided the invokes the function mbedtls_param_failed(), + * provided that invokes the function mbedtls_param_failed(), * which is declared in platform_util.h for the benefit of the * library, but that you need to define in your application. * * When you define this here, this replaces the default * definition in platform_util.h (which no longer declares the - * function mbedtls_param_failed()) and it is your responsability + * function mbedtls_param_failed()) and it is your responsibility * to make sure this macro expands to something suitable (in * particular, that all the necessary declarations are visible * from within the library). diff --git a/include/mbedtls/platform_util.h b/include/mbedtls/platform_util.h index 604498aa6..8846f4504 100644 --- a/include/mbedtls/platform_util.h +++ b/include/mbedtls/platform_util.h @@ -56,18 +56,10 @@ extern "C" { /** * \brief User supplied callback function for parameter validation failure. - * - * When the MBEDTLS_CHECK_PARAMS option is enabled, the library - * provides additional validation of all input parameters to - * confirm that they conform to what the interface can accept. - * For example - NULL paramater checks. - * - * These checks are designed to check programmatic issues in the - * application software using Mbed TLS, or catch other runtime - * errors which may be due to issues in the application software. + * See #MBEDTLS_CHECK_PARAMS for context. * * This function will be called unless an alternative treatement - * is defined through the MBEDTLS_PARAM_FAILED() macro. + * is defined through the #MBEDTLS_PARAM_FAILED macro. * * This function can return, and the operation will be aborted, or * alternatively, through use of setjmp()/longjmp() can resume From ed459e6995a5d3bebfd17c01f24eb5c7f6f814e1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 12 Dec 2018 10:20:33 +0100 Subject: [PATCH 25/35] Fix content and style of constraints documentation - Be specific about the constraints: be a readable/writable buffer of length X, be an initialized context, be a context initialized and bound to a key... - Always use full sentences with all the required pronouns. --- include/mbedtls/aes.h | 26 ++++++++++++++++---------- 1 file changed, 16 insertions(+), 10 deletions(-) diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h index 97c009802..11edc0fab 100644 --- a/include/mbedtls/aes.h +++ b/include/mbedtls/aes.h @@ -121,14 +121,16 @@ typedef struct mbedtls_aes_xts_context * It must be the first API called before using * the context. * - * \param ctx The AES context to initialize. Must not be \c NULL. + * \param ctx The AES context to initialize. This must not be \c NULL. */ void mbedtls_aes_init( mbedtls_aes_context *ctx ); /** * \brief This function releases and clears the specified AES context. * - * \param ctx The AES context to clear. If \c NULL, no action is taken. + * \param ctx The AES context to clear. + * If this is \c NULL, this function does nothing. + * Otherwise, the context must have been at least initialized. */ void mbedtls_aes_free( mbedtls_aes_context *ctx ); @@ -139,14 +141,16 @@ void mbedtls_aes_free( mbedtls_aes_context *ctx ); * It must be the first API called before using * the context. * - * \param ctx The AES XTS context to initialize. Must not be \c NULL. + * \param ctx The AES XTS context to initialize. This must not be \c NULL. */ void mbedtls_aes_xts_init( mbedtls_aes_xts_context *ctx ); /** * \brief This function releases and clears the specified AES XTS context. * - * \param ctx The AES XTS context to clear. If \c NULL, no action is taken. + * \param ctx The AES XTS context to clear. + * If this is \c NULL, this function does nothing. + * Otherwise, the context must have been at least initialized. */ void mbedtls_aes_xts_free( mbedtls_aes_xts_context *ctx ); #endif /* MBEDTLS_CIPHER_MODE_XTS */ @@ -154,9 +158,10 @@ void mbedtls_aes_xts_free( mbedtls_aes_xts_context *ctx ); /** * \brief This function sets the encryption key. * - * \param ctx The AES context to which the key should be bound. Must not - * be \c NULL. - * \param key The encryption key. Must not be \c NULL. + * \param ctx The AES context to which the key should be bound. + * It must be initialized. + * \param key The encryption key. + * This must be a readable buffer of size \p keybits bits. * \param keybits The size of data passed in bits. Valid options are: *
          • 128 bits
            • *
          • 192 bits
            • @@ -171,9 +176,10 @@ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key, /** * \brief This function sets the decryption key. * - * \param ctx The AES context to which the key should be bound. Must not - * be \c NULL. - * \param key The decryption key. Must not be \c NULL. + * \param ctx The AES context to which the key should be bound. + * It must be initialized. + * \param key The decryption key. + * This must be a readable buffer of size \p keybits bits. * \param keybits The size of data passed. Valid options are: *
            • 128 bits
              • *
            • 192 bits
              • From cd2b29cd12673de3f02f0dbda1e0ac0e21fad1b5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 12 Dec 2018 10:23:57 +0100 Subject: [PATCH 26/35] Improve wording in documentation and ChangeLog --- ChangeLog | 4 ++-- include/mbedtls/config.h | 15 ++++++++------- tests/suites/helpers.function | 4 ++-- 3 files changed, 12 insertions(+), 11 deletions(-) diff --git a/ChangeLog b/ChangeLog index 9d51378d1..a4f3ae54e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -24,8 +24,8 @@ Security Features * Add new config.h flag MBEDTLS_CHECK_PARAMS that enables validation of - more of the parameters by public API functions (see its documentation for - details). Disabled by default - requires users to provide an + more of the parameters by public API functions (see its documentation in + config.h for details). Disabled by default - requires users to provide an implementation of the callback function or macro. New deprecations diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index a4ab9cb79..4663481b2 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -259,11 +259,11 @@ /** * \def MBEDTLS_CHECK_PARAMS * - * This configuration controls whether the library validates more of the - * parameters passed to it. + * This configuration option controls whether the library validates more of + * the parameters passed to it. * - * When this flag is not defined, the library only attempts to validate input - * parameter if: (1) they may come from the outside world (such as the + * When this flag is not defined, the library only attempts to validate an + * input parameter if: (1) they may come from the outside world (such as the * network, the filesystem, etc.) or (2) not validating them could result in * internal memory errors such as overflowing a buffer controlled by the * library. On the other hand, it doesn't attempt to validate parameters whose @@ -273,7 +273,7 @@ * parameters that are fully controlled by the application, and should always * be valid if the application code is fully correct and trusted. * - * For example, when a function accepts a input a pointer to a buffer than may + * For example, when a function accepts as input a pointer to a buffer that may * contain untrusted data, and its documentation mentions that this pointer * must not be NULL: * - the pointer is checked to be non-NULL only if this option is enabled @@ -291,7 +291,7 @@ * your application (see platform_util.h for its prototype) as the library * calls that function, but does not provide a default definition for it, * - or provide a different definition of the macro MBEDTLS_PARAM_FAILED() - * below if the above mechanism is not enough flexible to suit your needs. + * below if the above mechanism is not flexible enough to suit your needs. * * Uncomment to enable validation of application-controlled parameters. */ @@ -3052,7 +3052,8 @@ * function mbedtls_param_failed()) and it is your responsibility * to make sure this macro expands to something suitable (in * particular, that all the necessary declarations are visible - * from within the library). + * from within the library - you can ensure that by providing + * them in this file next to the macro definition). * * \param cond The expression that should evaluate to true, but doesn't. */ diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function index 9aecbb1bb..c77231df9 100644 --- a/tests/suites/helpers.function +++ b/tests/suites/helpers.function @@ -185,10 +185,10 @@ typedef enum * expected failure. If MBEDTLS_CHECK_PARAMS is not enabled, no test * can be made. * - * This macro is intended to test that function that return void + * This macro is intended to test that functions returning void * accept all of the parameter values they're supposed to accept - eg * that they don't call MBEDTLS_PARAM_FAILED() when a parameter - * that's allowed to be NULL happends to be NULL. + * that's allowed to be NULL happens to be NULL. * * Note: for functions that return something other that void, * checking that they accept all the parameters they're supposed to From aae10fa4275d9d9414bcfa81414b8a48c853c9b2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 12 Dec 2018 10:24:19 +0100 Subject: [PATCH 27/35] Fix some whitespace issues --- tests/suites/helpers.function | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function index c77231df9..1ce17f53c 100644 --- a/tests/suites/helpers.function +++ b/tests/suites/helpers.function @@ -163,7 +163,7 @@ typedef enum #define TEST_INVALID_PARAM( TEST ) \ do { \ memcpy(jmp_tmp, param_fail_jmp, sizeof(jmp_buf)); \ - if ( setjmp( param_fail_jmp ) == 0 ) \ + if( setjmp( param_fail_jmp ) == 0 ) \ { \ TEST; \ test_fail( #TEST, __LINE__, __FILE__ ); \ @@ -302,7 +302,7 @@ void mbedtls_param_failed( const char *failure_condition, int line ) { /* If we are testing the callback function... */ - if ( test_info.paramfail_test_state == PARAMFAIL_TESTSTATE_PENDING ) + if( test_info.paramfail_test_state == PARAMFAIL_TESTSTATE_PENDING ) { test_info.paramfail_test_state = PARAMFAIL_TESTSTATE_CALLED; } @@ -613,12 +613,12 @@ int hexcmp( uint8_t * a, uint8_t * b, uint32_t a_len, uint32_t b_len ) int ret = 0; uint32_t i = 0; - if ( a_len != b_len ) + if( a_len != b_len ) return( -1 ); for( i = 0; i < a_len; i++ ) { - if ( a[i] != b[i] ) + if( a[i] != b[i] ) { ret = -1; break; From 54e7f312d33581a83e4dde3fbf5750ffbf5d322f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 12 Dec 2018 11:56:09 +0100 Subject: [PATCH 28/35] Make TEST_VALID_PARAM() available unconditionally --- tests/suites/helpers.function | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function index 1ce17f53c..891fba6ee 100644 --- a/tests/suites/helpers.function +++ b/tests/suites/helpers.function @@ -171,6 +171,7 @@ typedef enum } \ memcpy(param_fail_jmp, jmp_tmp, sizeof(jmp_buf)); \ } while( 0 ) +#endif /* MBEDTLS_CHECK_PARAMS && !MBEDTLS_PARAM_FAILED_ALT */ /** * \brief This macro tests the statement passed to it as a test step or @@ -195,11 +196,16 @@ typedef enum * accept is best done by using TEST_ASSERT() and checking the return * value as well. * + * Note: this macro is available even when #MBEDTLS_CHECK_PARAMS is + * disabled, as it makes sense to check that the functions accept all + * legal values even if this option is disabled - only in that case, + * the test if more about whether the function segfaults than about + * whether it invokes MBEDTLS_PARAM_FAILED(). + * * \param TEST The test expression to be tested. */ #define TEST_VALID_PARAM( TEST ) \ TEST_ASSERT( ( TEST, 1 ) ); -#endif /* MBEDTLS_CHECK_PARAMS && !MBEDTLS_PARAM_FAILED_ALT */ #define assert(a) if( !( a ) ) \ { \ From a4251f477564383f65fb63897039d23bad0b8a06 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 12 Dec 2018 12:04:51 +0100 Subject: [PATCH 29/35] Test aes_free( NULL ) unconditionally --- tests/suites/test_suite_aes.function | 8 +++++--- tests/suites/test_suite_aes.rest.data | 3 +++ 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/tests/suites/test_suite_aes.function b/tests/suites/test_suite_aes.function index f61f71c3e..1832f2db4 100644 --- a/tests/suites/test_suite_aes.function +++ b/tests/suites/test_suite_aes.function @@ -394,13 +394,15 @@ void aes_invalid_param( ) TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, mbedtls_aes_setkey_dec( &dummy_ctx, NULL, 128 ) ); +} +/* END_CASE */ +/* BEGIN_CASE */ +void aes_valid_param( ) +{ /* These calls accept NULL */ TEST_VALID_PARAM( mbedtls_aes_free( NULL ) ); TEST_VALID_PARAM( mbedtls_aes_xts_free( NULL ) ); - -exit: - return; } /* END_CASE */ diff --git a/tests/suites/test_suite_aes.rest.data b/tests/suites/test_suite_aes.rest.data index 14b78a605..a5d843de4 100644 --- a/tests/suites/test_suite_aes.rest.data +++ b/tests/suites/test_suite_aes.rest.data @@ -13,6 +13,9 @@ aes_decrypt_cbc:"000000000000000000000000000000000000000000000000000000000000000 AES - Invalid parameters aes_invalid_param: +AES - Valid parameters +aes_valid_param: + AES Selftest depends_on:MBEDTLS_SELF_TEST aes_selftest: From e7306d30a93b0cd00ab26f1ccbf5ef706eea7a72 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 13 Dec 2018 09:45:49 +0100 Subject: [PATCH 30/35] Improve some documentation and ChangeLog entry --- ChangeLog | 12 ++++++++---- include/mbedtls/config.h | 9 +++++++++ tests/suites/helpers.function | 2 +- 3 files changed, 18 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index a4f3ae54e..d4e754b71 100644 --- a/ChangeLog +++ b/ChangeLog @@ -23,10 +23,14 @@ Security modules. Features - * Add new config.h flag MBEDTLS_CHECK_PARAMS that enables validation of - more of the parameters by public API functions (see its documentation in - config.h for details). Disabled by default - requires users to provide an - implementation of the callback function or macro. + * Add a new config.h option of MBEDTLS_CHECK_PARAMS that enables additional + validation of parameters in the library's public interface. This does not + change the API of existing functions, but additional clarity has been + added to the defined documentation interface to make clearer what the + interface is designed to accept. See the corresponding API documentation + for each function to see what parameter values are defined as invalid. + This feature is disabled by default. See its API documentation in + config.h for additional steps you have to take when enabling it. New deprecations * Deprecate mbedtls_ctr_drbg_update and mbedtls_hmac_drbg_update diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 4663481b2..73b5dce13 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -292,6 +292,9 @@ * calls that function, but does not provide a default definition for it, * - or provide a different definition of the macro MBEDTLS_PARAM_FAILED() * below if the above mechanism is not flexible enough to suit your needs. + * Note that you may define it to expand to nothing if you're happy to be + * notified about invalid parameters only in non-void functions, and have + * void function just silently return early on invalid parameters. * * Uncomment to enable validation of application-controlled parameters. */ @@ -3055,6 +3058,12 @@ * from within the library - you can ensure that by providing * them in this file next to the macro definition). * + * Note that you may define this macro to expand to nothing, in + * which case you don't have to worry about declarations or + * definitions. However, you will then be notified about invalid + * parameters only in non-void functions, and void function will + * just silently return early on invalid parameters. + * * \param cond The expression that should evaluate to true, but doesn't. */ //#define MBEDTLS_PARAM_FAILED( cond ) assert( cond ) diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function index 891fba6ee..3aa5cd6d0 100644 --- a/tests/suites/helpers.function +++ b/tests/suites/helpers.function @@ -199,7 +199,7 @@ typedef enum * Note: this macro is available even when #MBEDTLS_CHECK_PARAMS is * disabled, as it makes sense to check that the functions accept all * legal values even if this option is disabled - only in that case, - * the test if more about whether the function segfaults than about + * the test is more about whether the function segfaults than about * whether it invokes MBEDTLS_PARAM_FAILED(). * * \param TEST The test expression to be tested. From 12dce61e09b3f89ae6fea062227c4426331700cf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 13 Dec 2018 09:48:40 +0100 Subject: [PATCH 31/35] Fix order of sections in ChangeLog --- ChangeLog | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/ChangeLog b/ChangeLog index d4e754b71..c67157128 100644 --- a/ChangeLog +++ b/ChangeLog @@ -32,6 +32,16 @@ Features This feature is disabled by default. See its API documentation in config.h for additional steps you have to take when enabling it. +API Changes + * The following functions in the random generator modules have been + deprecated and replaced as shown below. The new functions change + the return type from void to int to allow returning error codes when + using MBEDTLS__ALT for the underlying AES or message digest + primitive. Fixes #1798. + mbedtls_ctr_drbg_update() -> mbedtls_ctr_drbg_update_ret() + mbedtls_hmac_drbg_update() -> mbedtls_hmac_drbg_update_ret() + * Extend ECDH interface to enable alternative implementations. + New deprecations * Deprecate mbedtls_ctr_drbg_update and mbedtls_hmac_drbg_update in favor of functions that can return an error code. @@ -52,16 +62,6 @@ Bugfix * Fix double initialization of ECC hardware that made some accelerators hang. -API Changes - * The following functions in the random generator modules have been - deprecated and replaced as shown below. The new functions change - the return type from void to int to allow returning error codes when - using MBEDTLS__ALT for the underlying AES or message digest - primitive. Fixes #1798. - mbedtls_ctr_drbg_update() -> mbedtls_ctr_drbg_update_ret() - mbedtls_hmac_drbg_update() -> mbedtls_hmac_drbg_update_ret() - * Extend ECDH interface to enable alternative implementations. - = mbed TLS 2.14.0 branch released 2018-11-19 Security From 548cecdd2c287ac19f2b9637fa61c6b823df138f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 17 Dec 2018 13:13:30 +0100 Subject: [PATCH 32/35] Discourage making MBEDTLS_PARAM_FAILED() empty. --- include/mbedtls/config.h | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 73b5dce13..512fb6ca8 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -292,9 +292,7 @@ * calls that function, but does not provide a default definition for it, * - or provide a different definition of the macro MBEDTLS_PARAM_FAILED() * below if the above mechanism is not flexible enough to suit your needs. - * Note that you may define it to expand to nothing if you're happy to be - * notified about invalid parameters only in non-void functions, and have - * void function just silently return early on invalid parameters. + * See the documentation of this macro later in this file. * * Uncomment to enable validation of application-controlled parameters. */ @@ -3062,7 +3060,9 @@ * which case you don't have to worry about declarations or * definitions. However, you will then be notified about invalid * parameters only in non-void functions, and void function will - * just silently return early on invalid parameters. + * just silently return early on invalid parameters, which + * partially negates the benefits of enabling + * #MBEDTLS_CHECK_PARAMS in the first place, so is discouraged. * * \param cond The expression that should evaluate to true, but doesn't. */ From 9794098cfaa8ca7ce92bb2a0152255b7f315add1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 17 Dec 2018 13:13:50 +0100 Subject: [PATCH 33/35] Clarify ChangeLog entry again. --- ChangeLog | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/ChangeLog b/ChangeLog index c67157128..66a8ce92f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -23,14 +23,14 @@ Security modules. Features - * Add a new config.h option of MBEDTLS_CHECK_PARAMS that enables additional - validation of parameters in the library's public interface. This does not - change the API of existing functions, but additional clarity has been - added to the defined documentation interface to make clearer what the - interface is designed to accept. See the corresponding API documentation - for each function to see what parameter values are defined as invalid. - This feature is disabled by default. See its API documentation in - config.h for additional steps you have to take when enabling it. + * Add a new config.h option of MBEDTLS_CHECK_PARAMS that enables validation + of parameters in the API. This allows detection of obvious misuses of the + API, such as passing NULL pointers. The API of existing functions hasn't + changed, but requirements on parameters have been made more explicit in + the documentation. See the corresponding API documentation for each + function to see for which parameter values it is defined. This feature is + disabled by default. See its API documentation in config.h for additional + steps you have to take when enabling it. API Changes * The following functions in the random generator modules have been From af0c6cb9e0ad58b61b7ceae4cfe1994ce3612311 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 18 Dec 2018 12:02:52 +0100 Subject: [PATCH 34/35] Fix missing guard on XTS function in tests --- tests/suites/test_suite_aes.function | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/suites/test_suite_aes.function b/tests/suites/test_suite_aes.function index 1832f2db4..131565060 100644 --- a/tests/suites/test_suite_aes.function +++ b/tests/suites/test_suite_aes.function @@ -402,7 +402,9 @@ void aes_valid_param( ) { /* These calls accept NULL */ TEST_VALID_PARAM( mbedtls_aes_free( NULL ) ); +#if defined(MBEDTLS_CIPHER_MODE_XTS) TEST_VALID_PARAM( mbedtls_aes_xts_free( NULL ) ); +#endif } /* END_CASE */ From ee427b26d4ec99a67569637cad833a1ab5247094 Mon Sep 17 00:00:00 2001 From: Jaeden Amero Date: Tue, 18 Dec 2018 21:04:55 +0000 Subject: [PATCH 35/35] tests: Backup config.h before modifying it It's good to make a backup of config.h before modifying it, so that when "cleanup" runs the next test has a clean default config.h to start from. Fixes 840af0a9ae6b ("Add tests to all.sh for CHECK_PARAMS edge cases") --- tests/scripts/all.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 64cb695c8..c5c0c3add 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -621,6 +621,7 @@ make TEST_CPP=1 msg "build+test: MBEDTLS_CHECK_PARAMS without MBEDTLS_PLATFORM_C" cleanup +cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl full # includes CHECK_PARAMS scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C @@ -636,6 +637,7 @@ make CC=gcc CFLAGS='-Werror -O1' all test msg "build+test: MBEDTLS_CHECK_PARAMS with alternative MBEDTLS_PARAM_FAILED()" cleanup +cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl full # includes CHECK_PARAMS scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests sed -i 's/.*\(#define MBEDTLS_PARAM_FAILED( cond )\).*/\1/' "$CONFIG_H"