Declare MBEDTLS_TEST_HOOKS in config.h

When this option is enabled, the product includes additional
interfaces that enable additional tests. This option should not be
enabled in production, but is included in the "full" build to enable
the extra tests.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine 2019-09-11 13:27:48 +02:00 committed by Chris Jones
parent 7f652adc48
commit 44e89c547f
2 changed files with 23 additions and 0 deletions

View file

@ -1746,6 +1746,26 @@
*/ */
//#define MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT //#define MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT
/**
* \def MBEDTLS_TEST_HOOKS
*
* Enable features for invasive testing such as introspection functions and
* hooks for fault injection. This enables additional unit tests.
*
* Merely enabling this feature should not change the behavior of the product.
* It only adds new code, and new branching points where the default behavior
* is the same as when this feature is disabled.
* However, this feature increases the attack surface: there is an added
* risk of vulnerabilities, and more gadgets that can make exploits easier.
* Therefore this feature must never be enabled in production.
*
* See `docs/architecture/testing/mbed-crypto-invasive-testing.md` for more
* information.
*
* Uncomment to enable invasive tests.
*/
//#define MBEDTLS_TEST_HOOKS
/** /**
* \def MBEDTLS_THREADING_ALT * \def MBEDTLS_THREADING_ALT
* *

View file

@ -553,6 +553,9 @@ static const char *features[] = {
#if defined(MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT) #if defined(MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT)
"MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT", "MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT",
#endif /* MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT */ #endif /* MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT */
#if defined(MBEDTLS_TEST_HOOKS)
"MBEDTLS_TEST_HOOKS",
#endif /* MBEDTLS_TEST_HOOKS */
#if defined(MBEDTLS_THREADING_ALT) #if defined(MBEDTLS_THREADING_ALT)
"MBEDTLS_THREADING_ALT", "MBEDTLS_THREADING_ALT",
#endif /* MBEDTLS_THREADING_ALT */ #endif /* MBEDTLS_THREADING_ALT */