From 8118e4672e7f772b7defe3b270683ff7eb618ea5 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 7 Jun 2019 14:50:09 +0200 Subject: [PATCH 1/5] Pass -m32 to the linker as well For unit tests and sample programs, CFLAGS=-m32 is enough to get a 32-bit build, because these programs are all compiled directly from *.c to the executable in one shot. But with makefile rules that first build object files and then link them, LDFLAGS=-m32 is also needed. --- tests/scripts/all.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 7eaefe999..965d52071 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -961,7 +961,7 @@ component_test_m32_o0 () { # Build once with -O0, to compile out the i386 specific inline assembly msg "build: i386, make, gcc -O0 (ASan build)" # ~ 30s scripts/config.pl full - make CC=gcc CFLAGS='-O0 -Werror -Wall -Wextra -m32 -fsanitize=address' + make CC=gcc CFLAGS='-O0 -Werror -Wall -Wextra -m32 -fsanitize=address' LDFLAGS='-m32' msg "test: i386, make, gcc -O0 (ASan build)" make test @@ -980,7 +980,7 @@ component_test_m32_o1 () { scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C scripts/config.pl unset MBEDTLS_MEMORY_DEBUG - make CC=gcc CFLAGS='-O1 -Werror -Wall -Wextra -m32 -fsanitize=address' + make CC=gcc CFLAGS='-O1 -Werror -Wall -Wextra -m32 -fsanitize=address' LDFLAGS='-m32' msg "test: i386, make, gcc -O1 (ASan build)" make test @@ -995,7 +995,7 @@ support_test_m32_o1 () { component_test_mx32 () { msg "build: 64-bit ILP32, make, gcc" # ~ 30s scripts/config.pl full - make CC=gcc CFLAGS='-Werror -Wall -Wextra -mx32' + make CC=gcc CFLAGS='-Werror -Wall -Wextra -mx32' LDFLAGS='-mx32' msg "test: 64-bit ILP32, make, gcc" make test From 137d31bf5a500736f53acf2e21eaf30ac985f184 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 7 Jun 2019 14:52:07 +0200 Subject: [PATCH 2/5] Make test suites compatible with #include Don't use the macro name assert. It's technically permitted as long as is not included, but it's fragile, because it means the code and any header that it includes must not include . --- tests/suites/helpers.function | 12 ++++++------ tests/suites/host_test.function | 2 +- tests/suites/target_test.function | 12 ++++++------ 3 files changed, 13 insertions(+), 13 deletions(-) diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function index 1255ff4be..4bed05ecd 100644 --- a/tests/suites/helpers.function +++ b/tests/suites/helpers.function @@ -207,7 +207,7 @@ typedef enum #define TEST_VALID_PARAM( TEST ) \ TEST_ASSERT( ( TEST, 1 ) ); -#define assert(a) if( !( a ) ) \ +#define TEST_HELPER_ASSERT(a) if( !( a ) ) \ { \ mbedtls_fprintf( stderr, "Assertion Failed at %s:%d - %s\n", \ __FILE__, __LINE__, #a ); \ @@ -373,7 +373,7 @@ static int unhexify( unsigned char *obuf, const char *ibuf ) { unsigned char c, c2; int len = strlen( ibuf ) / 2; - assert( strlen( ibuf ) % 2 == 0 ); /* must be even number of bytes */ + TEST_HELPER_ASSERT( strlen( ibuf ) % 2 == 0 ); /* must be even number of bytes */ while( *ibuf != 0 ) { @@ -385,7 +385,7 @@ static int unhexify( unsigned char *obuf, const char *ibuf ) else if( c >= 'A' && c <= 'F' ) c -= 'A' - 10; else - assert( 0 ); + TEST_HELPER_ASSERT( 0 ); c2 = *ibuf++; if( c2 >= '0' && c2 <= '9' ) @@ -395,7 +395,7 @@ static int unhexify( unsigned char *obuf, const char *ibuf ) else if( c2 >= 'A' && c2 <= 'F' ) c2 -= 'A' - 10; else - assert( 0 ); + TEST_HELPER_ASSERT( 0 ); *obuf++ = ( c << 4 ) | c2; } @@ -440,7 +440,7 @@ static unsigned char *zero_alloc( size_t len ) size_t actual_len = ( len != 0 ) ? len : 1; p = mbedtls_calloc( 1, actual_len ); - assert( p != NULL ); + TEST_HELPER_ASSERT( p != NULL ); memset( p, 0x00, actual_len ); @@ -467,7 +467,7 @@ static unsigned char *unhexify_alloc( const char *ibuf, size_t *olen ) return( zero_alloc( *olen ) ); obuf = mbedtls_calloc( 1, *olen ); - assert( obuf != NULL ); + TEST_HELPER_ASSERT( obuf != NULL ); (void) unhexify( obuf, ibuf ); diff --git a/tests/suites/host_test.function b/tests/suites/host_test.function index 3c4303208..fe6a2bc07 100644 --- a/tests/suites/host_test.function +++ b/tests/suites/host_test.function @@ -179,7 +179,7 @@ static int parse_arguments( char *buf, size_t len, char **params, if( p + 1 < buf + len ) { cur = p + 1; - assert( cnt < params_len ); + TEST_HELPER_ASSERT( cnt < params_len ); params[cnt++] = cur; } *p = '\0'; diff --git a/tests/suites/target_test.function b/tests/suites/target_test.function index 56abf2948..e4c3e30de 100644 --- a/tests/suites/target_test.function +++ b/tests/suites/target_test.function @@ -13,11 +13,11 @@ */ #define INCR_ASSERT(p, start, len, step) do \ { \ - assert( ( p ) >= ( start ) ); \ - assert( sizeof( *( p ) ) == sizeof( *( start ) ) ); \ + TEST_HELPER_ASSERT( ( p ) >= ( start ) ); \ + TEST_HELPER_ASSERT( sizeof( *( p ) ) == sizeof( *( start ) ) ); \ /* <= is checked to support use inside a loop where \ pointer is incremented after reading data. */ \ - assert( (uint32_t)( ( ( p ) - ( start ) ) + ( step ) ) <= ( len ) );\ + TEST_HELPER_ASSERT( (uint32_t)( ( ( p ) - ( start ) ) + ( step ) ) <= ( len ) );\ ( p ) += ( step ); \ } \ while( 0 ) @@ -127,7 +127,7 @@ uint8_t * receive_data( uint32_t * data_len ) /* Read data length */ *data_len = receive_uint32(); data = (uint8_t *)malloc( *data_len ); - assert( data != NULL ); + TEST_HELPER_ASSERT( data != NULL ); greentea_getc(); // read ';' received after key i.e. *data_len @@ -221,7 +221,7 @@ void ** parse_parameters( uint8_t count, uint8_t * data, uint32_t data_len, hex_count = find_hex_count(count, data, data_len); params = (void **)malloc( sizeof( void *) * ( count + hex_count ) ); - assert( params != NULL ); + TEST_HELPER_ASSERT( params != NULL ); cur = params; p = data; @@ -360,7 +360,7 @@ int execute_tests( int args, const char ** argv ) { /* Read dependency count */ count = *p; - assert( count < data_len ); + TEST_HELPER_ASSERT( count < data_len ); INCR_ASSERT( p, data, data_len, sizeof( uint8_t ) ); ret = verify_dependencies( count, p ); if ( ret != DEPENDENCY_SUPPORTED ) From 30346f639edf6a4c67e9068ed9253c9655448c5d Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 13 Jun 2019 16:44:19 +0200 Subject: [PATCH 3/5] Make it easier to define MBEDTLS_PARAM_FAILED as assert Introduce a new configuration option MBEDTLS_CHECK_PARAMS_ASSERT, which is disabled by default. When this option is enabled, MBEDTLS_PARAM_FAILED defaults to assert rather than to a call to mbedtls_param_failed, and is included. This fixes #2671 (no easy way to make MBEDTLS_PARAM_FAILED assert) without breaking backward compatibility. With this change, `config.pl full` runs tests with MBEDTLS_PARAM_FAILED set to assert, so the tests will fail if a validation check fails, and programs don't need to provide their own definition of mbedtls_param_failed(). --- ChangeLog | 2 + include/mbedtls/config.h | 68 ++++++++++++++++++++++++--------- include/mbedtls/platform_util.h | 11 ++++++ library/version_features.c | 3 ++ programs/ssl/query_config.c | 8 ++++ 5 files changed, 73 insertions(+), 19 deletions(-) diff --git a/ChangeLog b/ChangeLog index cec77d2af..13034fd6e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -57,6 +57,8 @@ Changes * Change wording in the `mbedtls_ssl_conf_max_frag_len()`'s documentation to improve clarity. Fixes #2258. * Replace multiple uses of MD2 by SHA-256 in X.509 test suite. Fixes #821. + * Make it easier to define MBEDTLS_PARAM_FAILED as assert (which config.h + suggests). #2671 = mbed TLS 2.16.1 branch released 2019-03-19 diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 654f9725e..2ab19804c 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -276,28 +276,52 @@ * For example, when a function accepts as input a pointer to a buffer that may * contain untrusted data, and its documentation mentions that this pointer * must not be NULL: - * - the pointer is checked to be non-NULL only if this option is enabled - * - the content of the buffer is always validated + * - The pointer is checked to be non-NULL only if this option is enabled. + * - The content of the buffer is always validated. * * When this flag is defined, if a library function receives a parameter that - * is invalid, it will: - * - invoke the macro MBEDTLS_PARAM_FAILED() which by default expands to a - * call to the function mbedtls_param_failed() - * - immediately return (with a specific error code unless the function - * returns void and can't communicate an error). + * is invalid: + * 1. The function will invoke the macro MBEDTLS_PARAM_FAILED(). + * 2. If MBEDTLS_PARAM_FAILED() did not terminate the program, the function + * will immediately return. If the function returns an Mbed TLS error code, + * the error code in this case is MBEDTLS_ERR_xxx_BAD_INPUT_DATA. * - * When defining this flag, you also need to: - * - either provide a definition of the function mbedtls_param_failed() in - * your application (see platform_util.h for its prototype) as the library - * calls that function, but does not provide a default definition for it, - * - or provide a different definition of the macro MBEDTLS_PARAM_FAILED() - * below if the above mechanism is not flexible enough to suit your needs. - * See the documentation of this macro later in this file. + * When defining this flag, you also need to arrange a definition for + * MBEDTLS_PARAM_FAILED(). You can do this by any of the following methods: + * - By default, the library defines MBEDTLS_PARAM_FAILED() to call a + * function mbedtls_param_failed(), but the library does not define this + * function. If you do not make any other arrangements, you must provide + * the function mbedtls_param_failed() in your application. + * See `platform_util.h` for its prototype. + * - If you enable the macro #MBEDTLS_CHECK_PARAMS_ASSERT, then the + * library defines #MBEDTLS_PARAM_FAILED(\c cond) to be `assert(cond)`. + * You can still supply an alternative definition of + * MBEDTLS_PARAM_FAILED(), which may call `assert`. + * - If you define a macro MBEDTLS_PARAM_FAILED() before including `config.h` + * or you uncomment the definition of MBEDTLS_PARAM_FAILED() in `config.h`, + * the library will call the macro that you defined and will not supply + * its own version. Note that if MBEDTLS_PARAM_FAILED() calls `assert`, + * you need to enable #MBEDTLS_CHECK_PARAMS_ASSERT so that library source + * files include ``. * * Uncomment to enable validation of application-controlled parameters. */ //#define MBEDTLS_CHECK_PARAMS +/** + * \def MBEDTLS_CHECK_PARAMS_ASSERT + * + * Allow MBEDTLS_PARAM_FAILED() to call `assert`, and make it default to + * `assert`. This macro is only used if #MBEDTLS_CHECK_PARAMS is defined. + * + * If this macro is not defined, then MBEDTLS_PARAM_FAILED() defaults to + * calling a function mbedtls_param_failed(). See the documentation of + * #MBEDTLS_CHECK_PARAMS for details. + * + * Uncomment to allow MBEDTLS_PARAM_FAILED() to call `assert`. + */ +//#define MBEDTLS_CHECK_PARAMS_ASSERT + /* \} name SECTION: System support */ /** @@ -3060,13 +3084,16 @@ /** * \brief This macro is invoked by the library when an invalid parameter - * is detected that is only checked with MBEDTLS_CHECK_PARAMS + * is detected that is only checked with #MBEDTLS_CHECK_PARAMS * (see the documentation of that option for context). * - * When you leave this undefined here, a default definition is - * provided that invokes the function mbedtls_param_failed(), - * which is declared in platform_util.h for the benefit of the - * library, but that you need to define in your application. + * When you leave this undefined here, the library provides + * a default definition. If the macro #MBEDTLS_CHECK_PARAMS_ASSERT + * is defined, the default definition is `assert(cond)`, + * otherwise the default definition calls a function + * mbedtls_param_failed(). This function is declared in + * `platform_util.h` for the benefit of the library, but + * you need to define in your application. * * When you define this here, this replaces the default * definition in platform_util.h (which no longer declares the @@ -3075,6 +3102,9 @@ * particular, that all the necessary declarations are visible * from within the library - you can ensure that by providing * them in this file next to the macro definition). + * If you define this macro to call `assert`, also define + * #MBEDTLS_CHECK_PARAMS_ASSERT so that library source files + * include ``. * * Note that you may define this macro to expand to nothing, in * which case you don't have to worry about declarations or diff --git a/include/mbedtls/platform_util.h b/include/mbedtls/platform_util.h index dba6d4598..09d096518 100644 --- a/include/mbedtls/platform_util.h +++ b/include/mbedtls/platform_util.h @@ -43,6 +43,12 @@ extern "C" { #if defined(MBEDTLS_CHECK_PARAMS) +#if defined(MBEDTLS_CHECK_PARAMS_ASSERT) +/* Allow the user to define MBEDTLS_PARAM_FAILED to something like assert + * (which is what our config.h suggests). */ +#include +#endif /* MBEDTLS_CHECK_PARAMS_ASSERT */ + #if defined(MBEDTLS_PARAM_FAILED) /** An alternative definition of MBEDTLS_PARAM_FAILED has been set in config.h. * @@ -50,6 +56,11 @@ extern "C" { * MBEDTLS_PARAM_FAILED() will expand to a call to mbedtls_param_failed(). */ #define MBEDTLS_PARAM_FAILED_ALT + +#elif defined(MBEDTLS_CHECK_PARAMS_ASSERT) +#define MBEDTLS_PARAM_FAILED( cond ) assert( cond ) +#define MBEDTLS_PARAM_FAILED_ALT + #else /* MBEDTLS_PARAM_FAILED */ #define MBEDTLS_PARAM_FAILED( cond ) \ mbedtls_param_failed( #cond, __FILE__, __LINE__ ) diff --git a/library/version_features.c b/library/version_features.c index 24143d052..a99ee808d 100644 --- a/library/version_features.c +++ b/library/version_features.c @@ -87,6 +87,9 @@ static const char *features[] = { #if defined(MBEDTLS_CHECK_PARAMS) "MBEDTLS_CHECK_PARAMS", #endif /* MBEDTLS_CHECK_PARAMS */ +#if defined(MBEDTLS_CHECK_PARAMS_ASSERT) + "MBEDTLS_CHECK_PARAMS_ASSERT", +#endif /* MBEDTLS_CHECK_PARAMS_ASSERT */ #if defined(MBEDTLS_TIMING_ALT) "MBEDTLS_TIMING_ALT", #endif /* MBEDTLS_TIMING_ALT */ diff --git a/programs/ssl/query_config.c b/programs/ssl/query_config.c index 6e281977e..bfb92720b 100644 --- a/programs/ssl/query_config.c +++ b/programs/ssl/query_config.c @@ -274,6 +274,14 @@ int query_config( const char *config ) } #endif /* MBEDTLS_CHECK_PARAMS */ +#if defined(MBEDTLS_CHECK_PARAMS_ASSERT) + if( strcmp( "MBEDTLS_CHECK_PARAMS_ASSERT", config ) == 0 ) + { + MACRO_EXPANSION_TO_STR( MBEDTLS_CHECK_PARAMS_ASSERT ); + return( 0 ); + } +#endif /* MBEDTLS_CHECK_PARAMS_ASSERT */ + #if defined(MBEDTLS_TIMING_ALT) if( strcmp( "MBEDTLS_TIMING_ALT", config ) == 0 ) { From 0b87412ac54d16d265020fbb0feb78a4adcbe219 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 12 Jun 2019 14:54:17 +0200 Subject: [PATCH 4/5] Remove mbedtls_param_failed from programs All sample and test programs had a definition of mbedtls_param_failed. This was necessary because we wanted to be able to build them in a configuration with MBEDTLS_CHECK_PARAMS set but without a definition of MBEDTLS_PARAM_FAILED. Now that we activate the sample definition of MBEDTLS_PARAM_FAILED in config.h when testing with MBEDTLS_CHECK_PARAMS set, this boilerplate code is no longer needed. --- programs/aes/aescrypt2.c | 11 ----------- programs/aes/crypt_and_hash.c | 11 ----------- programs/hash/generic_sum.c | 11 ----------- programs/hash/hello.c | 11 ----------- programs/pkey/dh_client.c | 11 ----------- programs/pkey/dh_genprime.c | 11 ----------- programs/pkey/dh_server.c | 11 ----------- programs/pkey/ecdh_curve25519.c | 11 ----------- programs/pkey/ecdsa.c | 11 ----------- programs/pkey/gen_key.c | 11 ----------- programs/pkey/key_app.c | 12 ------------ programs/pkey/key_app_writer.c | 11 ----------- programs/pkey/mpi_demo.c | 11 ----------- programs/pkey/pk_decrypt.c | 12 ------------ programs/pkey/pk_encrypt.c | 11 ----------- programs/pkey/pk_sign.c | 11 ----------- programs/pkey/pk_verify.c | 12 ------------ programs/pkey/rsa_decrypt.c | 11 ----------- programs/pkey/rsa_encrypt.c | 11 ----------- programs/pkey/rsa_genkey.c | 11 ----------- programs/pkey/rsa_sign.c | 11 ----------- programs/pkey/rsa_sign_pss.c | 11 ----------- programs/pkey/rsa_verify.c | 11 ----------- programs/pkey/rsa_verify_pss.c | 12 ------------ programs/random/gen_entropy.c | 11 ----------- programs/random/gen_random_ctr_drbg.c | 11 ----------- programs/random/gen_random_havege.c | 11 ----------- programs/ssl/dtls_client.c | 11 ----------- programs/ssl/dtls_server.c | 11 ----------- programs/ssl/mini_client.c | 11 ----------- programs/ssl/ssl_client1.c | 11 ----------- programs/ssl/ssl_client2.c | 11 ----------- programs/ssl/ssl_fork_server.c | 11 ----------- programs/ssl/ssl_mail_client.c | 11 ----------- programs/ssl/ssl_pthread_server.c | 12 ------------ programs/ssl/ssl_server.c | 11 ----------- programs/ssl/ssl_server2.c | 12 ------------ programs/test/benchmark.c | 11 ----------- programs/test/selftest.c | 11 ----------- programs/util/pem2der.c | 11 ----------- programs/x509/cert_app.c | 11 ----------- programs/x509/cert_req.c | 10 ---------- programs/x509/cert_write.c | 11 ----------- programs/x509/crl_app.c | 11 ----------- programs/x509/req_app.c | 11 ----------- 45 files changed, 500 deletions(-) diff --git a/programs/aes/aescrypt2.c b/programs/aes/aescrypt2.c index bdeac3afc..8242ea7c9 100644 --- a/programs/aes/aescrypt2.c +++ b/programs/aes/aescrypt2.c @@ -80,17 +80,6 @@ int main( void ) } #else -#if defined(MBEDTLS_CHECK_PARAMS) -#include "mbedtls/platform_util.h" -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ) -{ - mbedtls_printf( "%s:%i: Input param failed - %s\n", - file, line, failure_condition ); - mbedtls_exit( MBEDTLS_EXIT_FAILURE ); -} -#endif int main( int argc, char *argv[] ) { diff --git a/programs/aes/crypt_and_hash.c b/programs/aes/crypt_and_hash.c index f58e6166d..a5acf5b8b 100644 --- a/programs/aes/crypt_and_hash.c +++ b/programs/aes/crypt_and_hash.c @@ -82,17 +82,6 @@ int main( void ) } #else -#if defined(MBEDTLS_CHECK_PARAMS) -#include "mbedtls/platform_util.h" -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ) -{ - mbedtls_printf( "%s:%i: Input param failed - %s\n", - file, line, failure_condition ); - mbedtls_exit( MBEDTLS_EXIT_FAILURE ); -} -#endif int main( int argc, char *argv[] ) { diff --git a/programs/hash/generic_sum.c b/programs/hash/generic_sum.c index 4b7fe37be..709a149e0 100644 --- a/programs/hash/generic_sum.c +++ b/programs/hash/generic_sum.c @@ -52,17 +52,6 @@ int main( void ) } #else -#if defined(MBEDTLS_CHECK_PARAMS) -#include "mbedtls/platform_util.h" -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ) -{ - mbedtls_printf( "%s:%i: Input param failed - %s\n", - file, line, failure_condition ); - mbedtls_exit( MBEDTLS_EXIT_FAILURE ); -} -#endif static int generic_wrapper( const mbedtls_md_info_t *md_info, char *filename, unsigned char *sum ) { diff --git a/programs/hash/hello.c b/programs/hash/hello.c index 6046f868c..55a0c7e74 100644 --- a/programs/hash/hello.c +++ b/programs/hash/hello.c @@ -48,17 +48,6 @@ int main( void ) } #else -#if defined(MBEDTLS_CHECK_PARAMS) -#include "mbedtls/platform_util.h" -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ) -{ - mbedtls_printf( "%s:%i: Input param failed - %s\n", - file, line, failure_condition ); - mbedtls_exit( MBEDTLS_EXIT_FAILURE ); -} -#endif int main( void ) { diff --git a/programs/pkey/dh_client.c b/programs/pkey/dh_client.c index 1dce31aa7..86b260ca0 100644 --- a/programs/pkey/dh_client.c +++ b/programs/pkey/dh_client.c @@ -72,17 +72,6 @@ int main( void ) } #else -#if defined(MBEDTLS_CHECK_PARAMS) -#include "mbedtls/platform_util.h" -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ) -{ - mbedtls_printf( "%s:%i: Input param failed - %s\n", - file, line, failure_condition ); - mbedtls_exit( MBEDTLS_EXIT_FAILURE ); -} -#endif int main( void ) { diff --git a/programs/pkey/dh_genprime.c b/programs/pkey/dh_genprime.c index cca43ca59..bf5482ed0 100644 --- a/programs/pkey/dh_genprime.c +++ b/programs/pkey/dh_genprime.c @@ -69,17 +69,6 @@ int main( void ) */ #define GENERATOR "4" -#if defined(MBEDTLS_CHECK_PARAMS) -#include "mbedtls/platform_util.h" -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ) -{ - mbedtls_printf( "%s:%i: Input param failed - %s\n", - file, line, failure_condition ); - mbedtls_exit( MBEDTLS_EXIT_FAILURE ); -} -#endif int main( int argc, char **argv ) { diff --git a/programs/pkey/dh_server.c b/programs/pkey/dh_server.c index a797e6070..c01177485 100644 --- a/programs/pkey/dh_server.c +++ b/programs/pkey/dh_server.c @@ -72,17 +72,6 @@ int main( void ) } #else -#if defined(MBEDTLS_CHECK_PARAMS) -#include "mbedtls/platform_util.h" -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ) -{ - mbedtls_printf( "%s:%i: Input param failed - %s\n", - file, line, failure_condition ); - mbedtls_exit( MBEDTLS_EXIT_FAILURE ); -} -#endif int main( void ) { diff --git a/programs/pkey/ecdh_curve25519.c b/programs/pkey/ecdh_curve25519.c index 9267c7ef5..9f849dd29 100644 --- a/programs/pkey/ecdh_curve25519.c +++ b/programs/pkey/ecdh_curve25519.c @@ -53,17 +53,6 @@ int main( void ) #include "mbedtls/ctr_drbg.h" #include "mbedtls/ecdh.h" -#if defined(MBEDTLS_CHECK_PARAMS) -#include "mbedtls/platform_util.h" -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ) -{ - mbedtls_printf( "%s:%i: Input param failed - %s\n", - file, line, failure_condition ); - mbedtls_exit( MBEDTLS_EXIT_FAILURE ); -} -#endif int main( int argc, char *argv[] ) { diff --git a/programs/pkey/ecdsa.c b/programs/pkey/ecdsa.c index 4471a201e..b851c3173 100644 --- a/programs/pkey/ecdsa.c +++ b/programs/pkey/ecdsa.c @@ -100,17 +100,6 @@ static void dump_pubkey( const char *title, mbedtls_ecdsa_context *key ) #define dump_pubkey( a, b ) #endif -#if defined(MBEDTLS_CHECK_PARAMS) -#include "mbedtls/platform_util.h" -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ) -{ - mbedtls_printf( "%s:%i: Input param failed - %s\n", - file, line, failure_condition ); - mbedtls_exit( MBEDTLS_EXIT_FAILURE ); -} -#endif int main( int argc, char *argv[] ) { diff --git a/programs/pkey/gen_key.c b/programs/pkey/gen_key.c index 35fc1498f..23e4e145c 100644 --- a/programs/pkey/gen_key.c +++ b/programs/pkey/gen_key.c @@ -137,17 +137,6 @@ int main( void ) } #else -#if defined(MBEDTLS_CHECK_PARAMS) -#include "mbedtls/platform_util.h" -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ) -{ - mbedtls_printf( "%s:%i: Input param failed - %s\n", - file, line, failure_condition ); - mbedtls_exit( MBEDTLS_EXIT_FAILURE ); -} -#endif /* * global options diff --git a/programs/pkey/key_app.c b/programs/pkey/key_app.c index 0bd61e481..793930991 100644 --- a/programs/pkey/key_app.c +++ b/programs/pkey/key_app.c @@ -64,7 +64,6 @@ " password_file=%%s default: \"\"\n" \ "\n" - #if !defined(MBEDTLS_BIGNUM_C) || \ !defined(MBEDTLS_PK_PARSE_C) || !defined(MBEDTLS_FS_IO) int main( void ) @@ -75,17 +74,6 @@ int main( void ) } #else -#if defined(MBEDTLS_CHECK_PARAMS) -#include "mbedtls/platform_util.h" -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ) -{ - mbedtls_printf( "%s:%i: Input param failed - %s\n", - file, line, failure_condition ); - mbedtls_exit( MBEDTLS_EXIT_FAILURE ); -} -#endif /* * global options diff --git a/programs/pkey/key_app_writer.c b/programs/pkey/key_app_writer.c index b81530ceb..60964292b 100644 --- a/programs/pkey/key_app_writer.c +++ b/programs/pkey/key_app_writer.c @@ -98,17 +98,6 @@ int main( void ) } #else -#if defined(MBEDTLS_CHECK_PARAMS) -#include "mbedtls/platform_util.h" -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ) -{ - mbedtls_printf( "%s:%i: Input param failed - %s\n", - file, line, failure_condition ); - mbedtls_exit( MBEDTLS_EXIT_FAILURE ); -} -#endif /* * global options diff --git a/programs/pkey/mpi_demo.c b/programs/pkey/mpi_demo.c index 80573c0ed..ecdcd329a 100644 --- a/programs/pkey/mpi_demo.c +++ b/programs/pkey/mpi_demo.c @@ -50,17 +50,6 @@ int main( void ) } #else -#if defined(MBEDTLS_CHECK_PARAMS) -#include "mbedtls/platform_util.h" -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ) -{ - mbedtls_printf( "%s:%i: Input param failed - %s\n", - file, line, failure_condition ); - mbedtls_exit( MBEDTLS_EXIT_FAILURE ); -} -#endif int main( void ) { diff --git a/programs/pkey/pk_decrypt.c b/programs/pkey/pk_decrypt.c index 978f39ef1..bf425079e 100644 --- a/programs/pkey/pk_decrypt.c +++ b/programs/pkey/pk_decrypt.c @@ -48,7 +48,6 @@ #include #endif - #if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_PK_PARSE_C) || \ !defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_ENTROPY_C) || \ !defined(MBEDTLS_CTR_DRBG_C) @@ -61,17 +60,6 @@ int main( void ) } #else -#if defined(MBEDTLS_CHECK_PARAMS) -#include "mbedtls/platform_util.h" -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ) -{ - mbedtls_printf( "%s:%i: Input param failed - %s\n", - file, line, failure_condition ); - mbedtls_exit( MBEDTLS_EXIT_FAILURE ); -} -#endif int main( int argc, char *argv[] ) { diff --git a/programs/pkey/pk_encrypt.c b/programs/pkey/pk_encrypt.c index 806c59aae..a32b14761 100644 --- a/programs/pkey/pk_encrypt.c +++ b/programs/pkey/pk_encrypt.c @@ -61,17 +61,6 @@ int main( void ) } #else -#if defined(MBEDTLS_CHECK_PARAMS) -#include "mbedtls/platform_util.h" -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ) -{ - mbedtls_printf( "%s:%i: Input param failed - %s\n", - file, line, failure_condition ); - mbedtls_exit( MBEDTLS_EXIT_FAILURE ); -} -#endif int main( int argc, char *argv[] ) { diff --git a/programs/pkey/pk_sign.c b/programs/pkey/pk_sign.c index 7354082f1..47a098a1a 100644 --- a/programs/pkey/pk_sign.c +++ b/programs/pkey/pk_sign.c @@ -60,17 +60,6 @@ int main( void ) #include #include -#if defined(MBEDTLS_CHECK_PARAMS) -#include "mbedtls/platform_util.h" -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ) -{ - mbedtls_printf( "%s:%i: Input param failed - %s\n", - file, line, failure_condition ); - mbedtls_exit( MBEDTLS_EXIT_FAILURE ); -} -#endif int main( int argc, char *argv[] ) { diff --git a/programs/pkey/pk_verify.c b/programs/pkey/pk_verify.c index 9fcf029b8..a6bfe3f29 100644 --- a/programs/pkey/pk_verify.c +++ b/programs/pkey/pk_verify.c @@ -56,17 +56,6 @@ int main( void ) #include #include -#if defined(MBEDTLS_CHECK_PARAMS) -#include "mbedtls/platform_util.h" -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ) -{ - mbedtls_printf( "%s:%i: Input param failed - %s\n", - file, line, failure_condition ); - mbedtls_exit( MBEDTLS_EXIT_FAILURE ); -} -#endif int main( int argc, char *argv[] ) { @@ -112,7 +101,6 @@ int main( int argc, char *argv[] ) goto exit; } - i = fread( buf, 1, sizeof(buf), f ); fclose( f ); diff --git a/programs/pkey/rsa_decrypt.c b/programs/pkey/rsa_decrypt.c index dc8a9200d..ff71bd055 100644 --- a/programs/pkey/rsa_decrypt.c +++ b/programs/pkey/rsa_decrypt.c @@ -59,17 +59,6 @@ int main( void ) } #else -#if defined(MBEDTLS_CHECK_PARAMS) -#include "mbedtls/platform_util.h" -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ) -{ - mbedtls_printf( "%s:%i: Input param failed - %s\n", - file, line, failure_condition ); - mbedtls_exit( MBEDTLS_EXIT_FAILURE ); -} -#endif int main( int argc, char *argv[] ) { diff --git a/programs/pkey/rsa_encrypt.c b/programs/pkey/rsa_encrypt.c index e9effe806..4a71c15dd 100644 --- a/programs/pkey/rsa_encrypt.c +++ b/programs/pkey/rsa_encrypt.c @@ -59,17 +59,6 @@ int main( void ) } #else -#if defined(MBEDTLS_CHECK_PARAMS) -#include "mbedtls/platform_util.h" -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ) -{ - mbedtls_printf( "%s:%i: Input param failed - %s\n", - file, line, failure_condition ); - mbedtls_exit( MBEDTLS_EXIT_FAILURE ); -} -#endif int main( int argc, char *argv[] ) { diff --git a/programs/pkey/rsa_genkey.c b/programs/pkey/rsa_genkey.c index 81867ee9e..d556c1902 100644 --- a/programs/pkey/rsa_genkey.c +++ b/programs/pkey/rsa_genkey.c @@ -64,17 +64,6 @@ int main( void ) } #else -#if defined(MBEDTLS_CHECK_PARAMS) -#include "mbedtls/platform_util.h" -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ) -{ - mbedtls_printf( "%s:%i: Input param failed - %s\n", - file, line, failure_condition ); - mbedtls_exit( MBEDTLS_EXIT_FAILURE ); -} -#endif int main( void ) { diff --git a/programs/pkey/rsa_sign.c b/programs/pkey/rsa_sign.c index f01487202..9bcd7a627 100644 --- a/programs/pkey/rsa_sign.c +++ b/programs/pkey/rsa_sign.c @@ -56,17 +56,6 @@ int main( void ) #include #include -#if defined(MBEDTLS_CHECK_PARAMS) -#include "mbedtls/platform_util.h" -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ) -{ - mbedtls_printf( "%s:%i: Input param failed - %s\n", - file, line, failure_condition ); - mbedtls_exit( MBEDTLS_EXIT_FAILURE ); -} -#endif int main( int argc, char *argv[] ) { diff --git a/programs/pkey/rsa_sign_pss.c b/programs/pkey/rsa_sign_pss.c index 51317457b..42209e27c 100644 --- a/programs/pkey/rsa_sign_pss.c +++ b/programs/pkey/rsa_sign_pss.c @@ -60,17 +60,6 @@ int main( void ) #include #include -#if defined(MBEDTLS_CHECK_PARAMS) -#include "mbedtls/platform_util.h" -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ) -{ - mbedtls_printf( "%s:%i: Input param failed - %s\n", - file, line, failure_condition ); - mbedtls_exit( MBEDTLS_EXIT_FAILURE ); -} -#endif int main( int argc, char *argv[] ) { diff --git a/programs/pkey/rsa_verify.c b/programs/pkey/rsa_verify.c index 5d1c0851e..94f0ef9ce 100644 --- a/programs/pkey/rsa_verify.c +++ b/programs/pkey/rsa_verify.c @@ -55,17 +55,6 @@ int main( void ) #include #include -#if defined(MBEDTLS_CHECK_PARAMS) -#include "mbedtls/platform_util.h" -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ) -{ - mbedtls_printf( "%s:%i: Input param failed - %s\n", - file, line, failure_condition ); - mbedtls_exit( MBEDTLS_EXIT_FAILURE ); -} -#endif int main( int argc, char *argv[] ) { diff --git a/programs/pkey/rsa_verify_pss.c b/programs/pkey/rsa_verify_pss.c index 34122ca4f..148cd5110 100644 --- a/programs/pkey/rsa_verify_pss.c +++ b/programs/pkey/rsa_verify_pss.c @@ -60,17 +60,6 @@ int main( void ) #include #include -#if defined(MBEDTLS_CHECK_PARAMS) -#include "mbedtls/platform_util.h" -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ) -{ - mbedtls_printf( "%s:%i: Input param failed - %s\n", - file, line, failure_condition ); - mbedtls_exit( MBEDTLS_EXIT_FAILURE ); -} -#endif int main( int argc, char *argv[] ) { @@ -125,7 +114,6 @@ int main( int argc, char *argv[] ) goto exit; } - i = fread( buf, 1, MBEDTLS_MPI_MAX_SIZE, f ); fclose( f ); diff --git a/programs/random/gen_entropy.c b/programs/random/gen_entropy.c index 3b350ede2..6ae63b725 100644 --- a/programs/random/gen_entropy.c +++ b/programs/random/gen_entropy.c @@ -51,17 +51,6 @@ int main( void ) } #else -#if defined(MBEDTLS_CHECK_PARAMS) -#include "mbedtls/platform_util.h" -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ) -{ - mbedtls_printf( "%s:%i: Input param failed - %s\n", - file, line, failure_condition ); - mbedtls_exit( MBEDTLS_EXIT_FAILURE ); -} -#endif int main( int argc, char *argv[] ) { diff --git a/programs/random/gen_random_ctr_drbg.c b/programs/random/gen_random_ctr_drbg.c index a50402f19..59df34b66 100644 --- a/programs/random/gen_random_ctr_drbg.c +++ b/programs/random/gen_random_ctr_drbg.c @@ -54,17 +54,6 @@ int main( void ) } #else -#if defined(MBEDTLS_CHECK_PARAMS) -#include "mbedtls/platform_util.h" -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ) -{ - mbedtls_printf( "%s:%i: Input param failed - %s\n", - file, line, failure_condition ); - mbedtls_exit( MBEDTLS_EXIT_FAILURE ); -} -#endif int main( int argc, char *argv[] ) { diff --git a/programs/random/gen_random_havege.c b/programs/random/gen_random_havege.c index ef888ff61..5ea52aec9 100644 --- a/programs/random/gen_random_havege.c +++ b/programs/random/gen_random_havege.c @@ -52,17 +52,6 @@ int main( void ) } #else -#if defined(MBEDTLS_CHECK_PARAMS) -#include "mbedtls/platform_util.h" -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ) -{ - mbedtls_printf( "%s:%i: Input param failed - %s\n", - file, line, failure_condition ); - mbedtls_exit( MBEDTLS_EXIT_FAILURE ); -} -#endif int main( int argc, char *argv[] ) { diff --git a/programs/ssl/dtls_client.c b/programs/ssl/dtls_client.c index 90db06ca9..3ea2a680b 100644 --- a/programs/ssl/dtls_client.c +++ b/programs/ssl/dtls_client.c @@ -82,17 +82,6 @@ int main( void ) #define DEBUG_LEVEL 0 -#if defined(MBEDTLS_CHECK_PARAMS) -#include "mbedtls/platform_util.h" -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ) -{ - mbedtls_printf( "%s:%i: Input param failed - %s\n", - file, line, failure_condition ); - mbedtls_exit( MBEDTLS_EXIT_FAILURE ); -} -#endif static void my_debug( void *ctx, int level, const char *file, int line, diff --git a/programs/ssl/dtls_server.c b/programs/ssl/dtls_server.c index dd21fbf47..bb3272478 100644 --- a/programs/ssl/dtls_server.c +++ b/programs/ssl/dtls_server.c @@ -91,17 +91,6 @@ int main( void ) #define READ_TIMEOUT_MS 10000 /* 5 seconds */ #define DEBUG_LEVEL 0 -#if defined(MBEDTLS_CHECK_PARAMS) -#include "mbedtls/platform_util.h" -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ) -{ - mbedtls_printf( "%s:%i: Input param failed - %s\n", - file, line, failure_condition ); - mbedtls_exit( MBEDTLS_EXIT_FAILURE ); -} -#endif static void my_debug( void *ctx, int level, const char *file, int line, diff --git a/programs/ssl/mini_client.c b/programs/ssl/mini_client.c index ff3612885..4b8140e68 100644 --- a/programs/ssl/mini_client.c +++ b/programs/ssl/mini_client.c @@ -166,17 +166,6 @@ enum exit_codes ssl_write_failed, }; -#if defined(MBEDTLS_CHECK_PARAMS) -#include "mbedtls/platform_util.h" -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ) -{ - mbedtls_printf( "%s:%i: Input param failed - %s\n", - file, line, failure_condition ); - mbedtls_exit( MBEDTLS_EXIT_FAILURE ); -} -#endif int main( void ) { diff --git a/programs/ssl/ssl_client1.c b/programs/ssl/ssl_client1.c index 646909f11..b723243c9 100644 --- a/programs/ssl/ssl_client1.c +++ b/programs/ssl/ssl_client1.c @@ -71,17 +71,6 @@ int main( void ) #define DEBUG_LEVEL 1 -#if defined(MBEDTLS_CHECK_PARAMS) -#include "mbedtls/platform_util.h" -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ) -{ - mbedtls_printf( "%s:%i: Input param failed - %s\n", - file, line, failure_condition ); - mbedtls_exit( MBEDTLS_EXIT_FAILURE ); -} -#endif static void my_debug( void *ctx, int level, const char *file, int line, diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 255d4b2f0..f95ca0c18 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -323,17 +323,6 @@ int main( void ) #define ALPN_LIST_SIZE 10 #define CURVE_LIST_SIZE 20 -#if defined(MBEDTLS_CHECK_PARAMS) -#include "mbedtls/platform_util.h" -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ) -{ - mbedtls_printf( "%s:%i: Input param failed - %s\n", - file, line, failure_condition ); - mbedtls_exit( MBEDTLS_EXIT_FAILURE ); -} -#endif /* * global options diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c index b6f1cc4fd..80407e49a 100644 --- a/programs/ssl/ssl_fork_server.c +++ b/programs/ssl/ssl_fork_server.c @@ -87,17 +87,6 @@ int main( void ) #define DEBUG_LEVEL 0 -#if defined(MBEDTLS_CHECK_PARAMS) -#include "mbedtls/platform_util.h" -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ) -{ - mbedtls_printf( "%s:%i: Input param failed - %s\n", - file, line, failure_condition ); - mbedtls_exit( MBEDTLS_EXIT_FAILURE ); -} -#endif static void my_debug( void *ctx, int level, const char *file, int line, diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c index c73297c2a..3163e2124 100644 --- a/programs/ssl/ssl_mail_client.c +++ b/programs/ssl/ssl_mail_client.c @@ -142,17 +142,6 @@ int main( void ) " force_ciphersuite= default: all enabled\n" \ " acceptable ciphersuite names:\n" -#if defined(MBEDTLS_CHECK_PARAMS) -#include "mbedtls/platform_util.h" -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ) -{ - mbedtls_printf( "%s:%i: Input param failed - %s\n", - file, line, failure_condition ); - mbedtls_exit( MBEDTLS_EXIT_FAILURE ); -} -#endif /* * global options diff --git a/programs/ssl/ssl_pthread_server.c b/programs/ssl/ssl_pthread_server.c index b5026959a..0624d3363 100644 --- a/programs/ssl/ssl_pthread_server.c +++ b/programs/ssl/ssl_pthread_server.c @@ -81,17 +81,6 @@ int main( void ) #include "mbedtls/memory_buffer_alloc.h" #endif -#if defined(MBEDTLS_CHECK_PARAMS) -#include "mbedtls/platform_util.h" -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ) -{ - mbedtls_printf( "%s:%i: Input param failed - %s\n", - file, line, failure_condition ); - mbedtls_exit( MBEDTLS_EXIT_FAILURE ); -} -#endif #define HTTP_RESPONSE \ "HTTP/1.0 200 OK\r\nContent-Type: text/html\r\n\r\n" \ @@ -463,7 +452,6 @@ int main( void ) mbedtls_printf( " ok\n" ); - /* * 2. Setup the listening TCP socket */ diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c index 1852b2bad..3e1d9a4e6 100644 --- a/programs/ssl/ssl_server.c +++ b/programs/ssl/ssl_server.c @@ -83,17 +83,6 @@ int main( void ) #define DEBUG_LEVEL 0 -#if defined(MBEDTLS_CHECK_PARAMS) -#include "mbedtls/platform_util.h" -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ) -{ - mbedtls_printf( "%s:%i: Input param failed - %s\n", - file, line, failure_condition ); - mbedtls_exit( MBEDTLS_EXIT_FAILURE ); -} -#endif static void my_debug( void *ctx, int level, const char *file, int line, diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index a4c5fab4b..b429b2491 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -429,7 +429,6 @@ int main( void ) " is printed if it is defined\n" \ " acceptable ciphersuite names:\n" - #define ALPN_LIST_SIZE 10 #define CURVE_LIST_SIZE 20 @@ -445,17 +444,6 @@ int main( void ) (out_be)[(i) + 7] = (unsigned char)( ( (in_le) >> 0 ) & 0xFF ); \ } -#if defined(MBEDTLS_CHECK_PARAMS) -#include "mbedtls/platform_util.h" -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ) -{ - mbedtls_printf( "%s:%i: Input param failed - %s\n", - file, line, failure_condition ); - mbedtls_exit( MBEDTLS_EXIT_FAILURE ); -} -#endif /* * global options diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c index e31faafeb..2b8656692 100644 --- a/programs/test/benchmark.c +++ b/programs/test/benchmark.c @@ -258,17 +258,6 @@ typedef struct { rsa, dhm, ecdsa, ecdh; } todo_list; -#if defined(MBEDTLS_CHECK_PARAMS) -#include "mbedtls/platform_util.h" -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ) -{ - mbedtls_printf( "%s:%i: Input param failed - %s\n", - file, line, failure_condition ); - mbedtls_exit( MBEDTLS_EXIT_FAILURE ); -} -#endif int main( int argc, char *argv[] ) { diff --git a/programs/test/selftest.c b/programs/test/selftest.c index 9d3ea7ec0..727054ee6 100644 --- a/programs/test/selftest.c +++ b/programs/test/selftest.c @@ -77,17 +77,6 @@ #include "mbedtls/memory_buffer_alloc.h" #endif -#if defined(MBEDTLS_CHECK_PARAMS) -#include "mbedtls/platform_util.h" -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ) -{ - mbedtls_printf( "%s:%i: Input param failed - %s\n", - file, line, failure_condition ); - mbedtls_exit( MBEDTLS_EXIT_FAILURE ); -} -#endif static int test_snprintf( size_t n, const char ref_buf[10], int ref_ret ) { diff --git a/programs/util/pem2der.c b/programs/util/pem2der.c index 0cc9d0664..f18493926 100644 --- a/programs/util/pem2der.c +++ b/programs/util/pem2der.c @@ -65,17 +65,6 @@ int main( void ) } #else -#if defined(MBEDTLS_CHECK_PARAMS) -#define mbedtls_exit exit -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ) -{ - mbedtls_printf( "%s:%i: Input param failed - %s\n", - file, line, failure_condition ); - mbedtls_exit( MBEDTLS_EXIT_FAILURE ); -} -#endif /* * global options diff --git a/programs/x509/cert_app.c b/programs/x509/cert_app.c index 626c4d101..84d62fe60 100644 --- a/programs/x509/cert_app.c +++ b/programs/x509/cert_app.c @@ -100,17 +100,6 @@ int main( void ) " permissive=%%d default: 0 (disabled)\n" \ "\n" -#if defined(MBEDTLS_CHECK_PARAMS) -#define mbedtls_exit exit -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ) -{ - mbedtls_printf( "%s:%i: Input param failed - %s\n", - file, line, failure_condition ); - mbedtls_exit( MBEDTLS_EXIT_FAILURE ); -} -#endif /* * global options diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c index b2052ecf1..f3d915750 100644 --- a/programs/x509/cert_req.c +++ b/programs/x509/cert_req.c @@ -107,16 +107,6 @@ int main( void ) " SHA384, SHA512\n" \ "\n" -#if defined(MBEDTLS_CHECK_PARAMS) -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ) -{ - mbedtls_printf( "%s:%i: Input param failed - %s\n", - file, line, failure_condition ); - mbedtls_exit( MBEDTLS_EXIT_FAILURE ); -} -#endif /* * global options diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c index 497c3376b..c3e89bef5 100644 --- a/programs/x509/cert_write.c +++ b/programs/x509/cert_write.c @@ -154,17 +154,6 @@ int main( void ) " object_signing_ca\n" \ "\n" -#if defined(MBEDTLS_CHECK_PARAMS) -#define mbedtls_exit exit -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ) -{ - mbedtls_printf( "%s:%i: Input param failed - %s\n", - file, line, failure_condition ); - mbedtls_exit( MBEDTLS_EXIT_FAILURE ); -} -#endif /* * global options diff --git a/programs/x509/crl_app.c b/programs/x509/crl_app.c index a95157067..127320a13 100644 --- a/programs/x509/crl_app.c +++ b/programs/x509/crl_app.c @@ -61,17 +61,6 @@ int main( void ) " filename=%%s default: crl.pem\n" \ "\n" -#if defined(MBEDTLS_CHECK_PARAMS) -#define mbedtls_exit exit -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ) -{ - mbedtls_printf( "%s:%i: Input param failed - %s\n", - file, line, failure_condition ); - mbedtls_exit( MBEDTLS_EXIT_FAILURE ); -} -#endif /* * global options diff --git a/programs/x509/req_app.c b/programs/x509/req_app.c index 04ad119f7..3bb4277fd 100644 --- a/programs/x509/req_app.c +++ b/programs/x509/req_app.c @@ -61,17 +61,6 @@ int main( void ) " filename=%%s default: cert.req\n" \ "\n" -#if defined(MBEDTLS_CHECK_PARAMS) -#define mbedtls_exit exit -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ) -{ - mbedtls_printf( "%s:%i: Input param failed - %s\n", - file, line, failure_condition ); - mbedtls_exit( MBEDTLS_EXIT_FAILURE ); -} -#endif /* * global options From dcab2023686fe6991e5becf0d43d3d15d401ac71 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 12 Jun 2019 16:05:50 +0200 Subject: [PATCH 5/5] Add all.sh component that exercises invalid_param checks With the change to the full config, there were no longer any tests that exercise invalid-parameter behavior. The test suite exercises invalid-parameter behavior by calling TEST_INVALID_PARAM and friends, relying on the test suite's mbedtls_check_param function. This function is only enabled if MBEDTLS_CHECK_PARAMS is defined but not MBEDTLS_CHECK_PARAMS_ASSERT. Add a component to all.sh that enables MBEDTLS_CHECK_PARAMS but disables MBEDTLS_CHECK_PARAMS_ASSERT and doesn't define MBEDTLS_PARAM_FAILED. This way, the xxx_invalid_param() tests do run. Since sample programs don't provide a mbedtls_check_param function, this component doesn't build the sample programs. --- tests/scripts/all.sh | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 965d52071..c9269d5b6 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -794,9 +794,21 @@ component_build_default_make_gcc_and_cxx () { make TEST_CPP=1 } +component_test_check_params_functionality () { + msg "build+test: MBEDTLS_CHECK_PARAMS functionality" + scripts/config.pl full # includes CHECK_PARAMS + # Make MBEDTLS_PARAM_FAILED call mbedtls_param_failed(). + scripts/config.pl unset MBEDTLS_CHECK_PARAMS_ASSERT + scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C + # Only build and run tests. Do not build sample programs, because + # they don't have a mbedtls_param_failed() function. + make CC=gcc CFLAGS='-Werror -O1' lib test +} + component_test_check_params_without_platform () { msg "build+test: MBEDTLS_CHECK_PARAMS without MBEDTLS_PLATFORM_C" scripts/config.pl full # includes CHECK_PARAMS + # Keep MBEDTLS_PARAM_FAILED as assert. scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C scripts/config.pl unset MBEDTLS_PLATFORM_EXIT_ALT @@ -814,6 +826,7 @@ component_test_check_params_silent () { msg "build+test: MBEDTLS_CHECK_PARAMS with alternative MBEDTLS_PARAM_FAILED()" scripts/config.pl full # includes CHECK_PARAMS scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests + # Set MBEDTLS_PARAM_FAILED to nothing. sed -i 's/.*\(#define MBEDTLS_PARAM_FAILED( cond )\).*/\1/' "$CONFIG_H" make CC=gcc CFLAGS='-Werror -O1' all test }