mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2025-10-24 09:07:32 +00:00
ARRAY_LENGTH has a portable but unsafe implementation, and a non-portable implementation that causes a compile-time error if the macro is accidentally used on a pointer. The safety check was only implemented for __GCC__-defining compilers, but the part that triggered the compile-time error was always used. It turns out that this part triggers a build warning with MSVC (at least with some versions: observed with Visual Studio 2013). ``` C:\builds\workspace\mbed-tls-pr-head_PR-4141-head\src\tests\src\psa_crypto_helpers.c(52): error C2220: warning treated as error - no 'object' file generated [C:\builds\workspace\mbed-tls-pr-head_PR-4141-head\src\mbedtls_test.vcxproj] C:\builds\workspace\mbed-tls-pr-head_PR-4141-head\src\tests\src\psa_crypto_helpers.c(52): warning C4116: unnamed type definition in parentheses [C:\builds\workspace\mbed-tls-pr-head_PR-4141-head\src\mbedtls_test.vcxproj] ``` Since a compile-time error is never triggered when the compile-time check for the argument type is not implemented, just use the unsafe macro directly when there's no safety check. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
405 lines
18 KiB
C
405 lines
18 KiB
C
/**
|
|
* \file macros.h
|
|
*
|
|
* \brief This file contains generic macros for the purpose of testing.
|
|
*/
|
|
|
|
/*
|
|
* Copyright The Mbed TLS Contributors
|
|
* SPDX-License-Identifier: Apache-2.0
|
|
*
|
|
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
* not use this file except in compliance with the License.
|
|
* You may obtain a copy of the License at
|
|
*
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
*
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
* See the License for the specific language governing permissions and
|
|
* limitations under the License.
|
|
*/
|
|
|
|
#ifndef TEST_MACROS_H
|
|
#define TEST_MACROS_H
|
|
|
|
#if !defined(MBEDTLS_CONFIG_FILE)
|
|
#include "mbedtls/config.h"
|
|
#else
|
|
#include MBEDTLS_CONFIG_FILE
|
|
#endif
|
|
|
|
#include <stdlib.h>
|
|
|
|
#if defined(MBEDTLS_PLATFORM_C)
|
|
#include "mbedtls/platform.h"
|
|
#else
|
|
#include <stdio.h>
|
|
#define mbedtls_fprintf fprintf
|
|
#define mbedtls_snprintf snprintf
|
|
#define mbedtls_calloc calloc
|
|
#define mbedtls_free free
|
|
#define mbedtls_exit exit
|
|
#define mbedtls_time time
|
|
#define mbedtls_time_t time_t
|
|
#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
|
|
#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
|
|
#endif
|
|
|
|
#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
|
|
#include "mbedtls/memory_buffer_alloc.h"
|
|
#endif
|
|
|
|
/**
|
|
* \brief This macro tests the expression passed to it as a test step or
|
|
* individual test in a test case.
|
|
*
|
|
* It allows a library function to return a value and return an error
|
|
* code that can be tested.
|
|
*
|
|
* When MBEDTLS_CHECK_PARAMS is enabled, calls to the parameter failure
|
|
* callback, MBEDTLS_PARAM_FAILED(), will be assumed to be a test
|
|
* failure.
|
|
*
|
|
* This macro is not suitable for negative parameter validation tests,
|
|
* as it assumes the test step will not create an error.
|
|
*
|
|
* Failing the test means:
|
|
* - Mark this test case as failed.
|
|
* - Print a message identifying the failure.
|
|
* - Jump to the \c exit label.
|
|
*
|
|
* This macro expands to an instruction, not an expression.
|
|
* It may jump to the \c exit label.
|
|
*
|
|
* \param TEST The test expression to be tested.
|
|
*/
|
|
#define TEST_ASSERT( TEST ) \
|
|
do { \
|
|
if( ! (TEST) ) \
|
|
{ \
|
|
mbedtls_test_fail( #TEST, __LINE__, __FILE__ ); \
|
|
goto exit; \
|
|
} \
|
|
} while( 0 )
|
|
|
|
/** Evaluate two expressions and fail the test case if they have different
|
|
* values.
|
|
*
|
|
* \param expr1 An expression to evaluate.
|
|
* \param expr2 The expected value of \p expr1. This can be any
|
|
* expression, but it is typically a constant.
|
|
*/
|
|
#define TEST_EQUAL( expr1, expr2 ) \
|
|
TEST_ASSERT( ( expr1 ) == ( expr2 ) )
|
|
|
|
/** Allocate memory dynamically and fail the test case if this fails.
|
|
* The allocated memory will be filled with zeros.
|
|
*
|
|
* You must set \p pointer to \c NULL before calling this macro and
|
|
* put `mbedtls_free( pointer )` in the test's cleanup code.
|
|
*
|
|
* If \p length is zero, the resulting \p pointer will be \c NULL.
|
|
* This is usually what we want in tests since API functions are
|
|
* supposed to accept null pointers when a buffer size is zero.
|
|
*
|
|
* This macro expands to an instruction, not an expression.
|
|
* It may jump to the \c exit label.
|
|
*
|
|
* \param pointer An lvalue where the address of the allocated buffer
|
|
* will be stored.
|
|
* This expression may be evaluated multiple times.
|
|
* \param length Number of elements to allocate.
|
|
* This expression may be evaluated multiple times.
|
|
*
|
|
*/
|
|
#define ASSERT_ALLOC( pointer, length ) \
|
|
do \
|
|
{ \
|
|
TEST_ASSERT( ( pointer ) == NULL ); \
|
|
if( ( length ) != 0 ) \
|
|
{ \
|
|
( pointer ) = mbedtls_calloc( sizeof( *( pointer ) ), \
|
|
( length ) ); \
|
|
TEST_ASSERT( ( pointer ) != NULL ); \
|
|
} \
|
|
} \
|
|
while( 0 )
|
|
|
|
/** Allocate memory dynamically. If the allocation fails, skip the test case.
|
|
*
|
|
* This macro behaves like #ASSERT_ALLOC, except that if the allocation
|
|
* fails, it marks the test as skipped rather than failed.
|
|
*/
|
|
#define ASSERT_ALLOC_WEAK( pointer, length ) \
|
|
do \
|
|
{ \
|
|
TEST_ASSERT( ( pointer ) == NULL ); \
|
|
if( ( length ) != 0 ) \
|
|
{ \
|
|
( pointer ) = mbedtls_calloc( sizeof( *( pointer ) ), \
|
|
( length ) ); \
|
|
TEST_ASSUME( ( pointer ) != NULL ); \
|
|
} \
|
|
} \
|
|
while( 0 )
|
|
|
|
/** Compare two buffers and fail the test case if they differ.
|
|
*
|
|
* This macro expands to an instruction, not an expression.
|
|
* It may jump to the \c exit label.
|
|
*
|
|
* \param p1 Pointer to the start of the first buffer.
|
|
* \param size1 Size of the first buffer in bytes.
|
|
* This expression may be evaluated multiple times.
|
|
* \param p2 Pointer to the start of the second buffer.
|
|
* \param size2 Size of the second buffer in bytes.
|
|
* This expression may be evaluated multiple times.
|
|
*/
|
|
#define ASSERT_COMPARE( p1, size1, p2, size2 ) \
|
|
do \
|
|
{ \
|
|
TEST_ASSERT( ( size1 ) == ( size2 ) ); \
|
|
if( ( size1 ) != 0 ) \
|
|
TEST_ASSERT( memcmp( ( p1 ), ( p2 ), ( size1 ) ) == 0 ); \
|
|
} \
|
|
while( 0 )
|
|
|
|
/**
|
|
* \brief This macro tests the expression passed to it and skips the
|
|
* running test if it doesn't evaluate to 'true'.
|
|
*
|
|
* \param TEST The test expression to be tested.
|
|
*/
|
|
#define TEST_ASSUME( TEST ) \
|
|
do { \
|
|
if( ! (TEST) ) \
|
|
{ \
|
|
mbedtls_test_skip( #TEST, __LINE__, __FILE__ ); \
|
|
goto exit; \
|
|
} \
|
|
} while( 0 )
|
|
|
|
#if defined(MBEDTLS_CHECK_PARAMS) && !defined(MBEDTLS_PARAM_FAILED_ALT)
|
|
/**
|
|
* \brief This macro tests the statement passed to it as a test step or
|
|
* individual test in a test case. The macro assumes the test will fail
|
|
* and will generate an error.
|
|
*
|
|
* It allows a library function to return a value and tests the return
|
|
* code on return to confirm the given error code was returned.
|
|
*
|
|
* When MBEDTLS_CHECK_PARAMS is enabled, calls to the parameter failure
|
|
* callback, MBEDTLS_PARAM_FAILED(), are assumed to indicate the
|
|
* expected failure, and the test will pass.
|
|
*
|
|
* This macro is intended for negative parameter validation tests,
|
|
* where the failing function may return an error value or call
|
|
* MBEDTLS_PARAM_FAILED() to indicate the error.
|
|
*
|
|
* \param PARAM_ERROR_VALUE The expected error code.
|
|
*
|
|
* \param TEST The test expression to be tested.
|
|
*/
|
|
#define TEST_INVALID_PARAM_RET( PARAM_ERR_VALUE, TEST ) \
|
|
do { \
|
|
mbedtls_test_param_failed_expect_call( ); \
|
|
if( ( ( TEST ) != ( PARAM_ERR_VALUE ) ) || \
|
|
( mbedtls_test_param_failed_check_expected_call( ) != 0 ) ) \
|
|
{ \
|
|
mbedtls_test_fail( #TEST, __LINE__, __FILE__ ); \
|
|
goto exit; \
|
|
} \
|
|
mbedtls_test_param_failed_check_expected_call( ); \
|
|
} while( 0 )
|
|
|
|
/**
|
|
* \brief This macro tests the statement passed to it as a test step or
|
|
* individual test in a test case. The macro assumes the test will fail
|
|
* and will generate an error.
|
|
*
|
|
* It assumes the library function under test cannot return a value and
|
|
* assumes errors can only be indicated byt calls to
|
|
* MBEDTLS_PARAM_FAILED().
|
|
*
|
|
* When MBEDTLS_CHECK_PARAMS is enabled, calls to the parameter failure
|
|
* callback, MBEDTLS_PARAM_FAILED(), are assumed to indicate the
|
|
* expected failure. If MBEDTLS_CHECK_PARAMS is not enabled, no test
|
|
* can be made.
|
|
*
|
|
* This macro is intended for negative parameter validation tests,
|
|
* where the failing function can only return an error by calling
|
|
* MBEDTLS_PARAM_FAILED() to indicate the error.
|
|
*
|
|
* \param TEST The test expression to be tested.
|
|
*/
|
|
#define TEST_INVALID_PARAM( TEST ) \
|
|
do { \
|
|
memcpy( jmp_tmp, mbedtls_test_param_failed_get_state_buf( ), \
|
|
sizeof( jmp_tmp ) ); \
|
|
if( setjmp( mbedtls_test_param_failed_get_state_buf( ) ) == 0 ) \
|
|
{ \
|
|
TEST; \
|
|
mbedtls_test_fail( #TEST, __LINE__, __FILE__ ); \
|
|
goto exit; \
|
|
} \
|
|
mbedtls_test_param_failed_reset_state( ); \
|
|
} while( 0 )
|
|
#endif /* MBEDTLS_CHECK_PARAMS && !MBEDTLS_PARAM_FAILED_ALT */
|
|
|
|
/**
|
|
* \brief This macro tests the statement passed to it as a test step or
|
|
* individual test in a test case. The macro assumes the test will not fail.
|
|
*
|
|
* It assumes the library function under test cannot return a value and
|
|
* assumes errors can only be indicated by calls to
|
|
* MBEDTLS_PARAM_FAILED().
|
|
*
|
|
* When MBEDTLS_CHECK_PARAMS is enabled, calls to the parameter failure
|
|
* callback, MBEDTLS_PARAM_FAILED(), are assumed to indicate the
|
|
* expected failure. If MBEDTLS_CHECK_PARAMS is not enabled, no test
|
|
* can be made.
|
|
*
|
|
* This macro is intended to test that functions returning void
|
|
* accept all of the parameter values they're supposed to accept - eg
|
|
* that they don't call MBEDTLS_PARAM_FAILED() when a parameter
|
|
* that's allowed to be NULL happens to be NULL.
|
|
*
|
|
* Note: for functions that return something other that void,
|
|
* checking that they accept all the parameters they're supposed to
|
|
* accept is best done by using TEST_ASSERT() and checking the return
|
|
* value as well.
|
|
*
|
|
* Note: this macro is available even when #MBEDTLS_CHECK_PARAMS is
|
|
* disabled, as it makes sense to check that the functions accept all
|
|
* legal values even if this option is disabled - only in that case,
|
|
* the test is more about whether the function segfaults than about
|
|
* whether it invokes MBEDTLS_PARAM_FAILED().
|
|
*
|
|
* \param TEST The test expression to be tested.
|
|
*/
|
|
#define TEST_VALID_PARAM( TEST ) \
|
|
TEST_ASSERT( ( TEST, 1 ) );
|
|
|
|
/** Allocate memory dynamically and fail the test case if this fails.
|
|
*
|
|
* You must set \p pointer to \c NULL before calling this macro and
|
|
* put `mbedtls_free( pointer )` in the test's cleanup code.
|
|
*
|
|
* If \p length is zero, the resulting \p pointer will be \c NULL.
|
|
* This is usually what we want in tests since API functions are
|
|
* supposed to accept null pointers when a buffer size is zero.
|
|
*
|
|
* This macro expands to an instruction, not an expression.
|
|
* It may jump to the \c exit label.
|
|
*
|
|
* \param pointer An lvalue where the address of the allocated buffer
|
|
* will be stored.
|
|
* This expression may be evaluated multiple times.
|
|
* \param length Number of elements to allocate.
|
|
* This expression may be evaluated multiple times.
|
|
*
|
|
*/
|
|
#define ASSERT_ALLOC( pointer, length ) \
|
|
do \
|
|
{ \
|
|
TEST_ASSERT( ( pointer ) == NULL ); \
|
|
if( ( length ) != 0 ) \
|
|
{ \
|
|
( pointer ) = mbedtls_calloc( sizeof( *( pointer ) ), \
|
|
( length ) ); \
|
|
TEST_ASSERT( ( pointer ) != NULL ); \
|
|
} \
|
|
} \
|
|
while( 0 )
|
|
|
|
#define TEST_HELPER_ASSERT(a) if( !( a ) ) \
|
|
{ \
|
|
mbedtls_fprintf( stderr, "Assertion Failed at %s:%d - %s\n", \
|
|
__FILE__, __LINE__, #a ); \
|
|
mbedtls_exit( 1 ); \
|
|
}
|
|
|
|
/** \def ARRAY_LENGTH
|
|
* Return the number of elements of a static or stack array.
|
|
*
|
|
* \param array A value of array (not pointer) type.
|
|
*
|
|
* \return The number of elements of the array.
|
|
*/
|
|
/* A correct implementation of ARRAY_LENGTH, but which silently gives
|
|
* a nonsensical result if called with a pointer rather than an array. */
|
|
#define ARRAY_LENGTH_UNSAFE( array ) \
|
|
( sizeof( array ) / sizeof( *( array ) ) )
|
|
|
|
#if defined(__GNUC__)
|
|
/* Test if arg and &(arg)[0] have the same type. This is true if arg is
|
|
* an array but not if it's a pointer. */
|
|
#define IS_ARRAY_NOT_POINTER( arg ) \
|
|
( ! __builtin_types_compatible_p( __typeof__( arg ), \
|
|
__typeof__( &( arg )[0] ) ) )
|
|
/* A compile-time constant with the value 0. If `const_expr` is not a
|
|
* compile-time constant with a nonzero value, cause a compile-time error. */
|
|
#define STATIC_ASSERT_EXPR( const_expr ) \
|
|
( 0 && sizeof( struct { unsigned int STATIC_ASSERT : 1 - 2 * ! ( const_expr ); } ) )
|
|
|
|
/* Return the scalar value `value` (possibly promoted). This is a compile-time
|
|
* constant if `value` is. `condition` must be a compile-time constant.
|
|
* If `condition` is false, arrange to cause a compile-time error. */
|
|
#define STATIC_ASSERT_THEN_RETURN( condition, value ) \
|
|
( STATIC_ASSERT_EXPR( condition ) ? 0 : ( value ) )
|
|
|
|
#define ARRAY_LENGTH( array ) \
|
|
( STATIC_ASSERT_THEN_RETURN( IS_ARRAY_NOT_POINTER( array ), \
|
|
ARRAY_LENGTH_UNSAFE( array ) ) )
|
|
|
|
#else
|
|
/* If we aren't sure the compiler supports our non-standard tricks,
|
|
* fall back to the unsafe implementation. */
|
|
#define ARRAY_LENGTH( array ) ARRAY_LENGTH_UNSAFE( array )
|
|
#endif
|
|
|
|
/** Return the smaller of two values.
|
|
*
|
|
* \param x An integer-valued expression without side effects.
|
|
* \param y An integer-valued expression without side effects.
|
|
*
|
|
* \return The smaller of \p x and \p y.
|
|
*/
|
|
#define MIN( x, y ) ( ( x ) < ( y ) ? ( x ) : ( y ) )
|
|
|
|
/** Return the larger of two values.
|
|
*
|
|
* \param x An integer-valued expression without side effects.
|
|
* \param y An integer-valued expression without side effects.
|
|
*
|
|
* \return The larger of \p x and \p y.
|
|
*/
|
|
#define MAX( x, y ) ( ( x ) > ( y ) ? ( x ) : ( y ) )
|
|
|
|
/*
|
|
* 32-bit integer manipulation macros (big endian)
|
|
*/
|
|
#ifndef GET_UINT32_BE
|
|
#define GET_UINT32_BE(n,b,i) \
|
|
{ \
|
|
(n) = ( (uint32_t) (b)[(i) ] << 24 ) \
|
|
| ( (uint32_t) (b)[(i) + 1] << 16 ) \
|
|
| ( (uint32_t) (b)[(i) + 2] << 8 ) \
|
|
| ( (uint32_t) (b)[(i) + 3] ); \
|
|
}
|
|
#endif
|
|
|
|
#ifndef PUT_UINT32_BE
|
|
#define PUT_UINT32_BE(n,b,i) \
|
|
{ \
|
|
(b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
|
|
(b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
|
|
(b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
|
|
(b)[(i) + 3] = (unsigned char) ( (n) ); \
|
|
}
|
|
#endif
|
|
|
|
#endif /* TEST_MACROS_H */
|