Add initial options and support for parameter validation

This function adds the additional config.h option of MBEDTLS_CHECK_PARAMS which
allows additional validation of parameters passed to the library.
This commit is contained in:
Simon Butcher 2018-12-06 17:36:34 +00:00 committed by Manuel Pégourié-Gonnard
parent 01b34fb316
commit b4868034dd
3 changed files with 59 additions and 0 deletions

View file

@ -256,6 +256,25 @@
*/
//#define MBEDTLS_DEPRECATED_REMOVED
/**
* \def MBEDTLS_CHECK_PARAMS
*
* This configuration controls whether the library validates parameters passed
* to it.
*
* Application code that deals with 3rd party input may wish to enable such
* validation, whilst code on closed systems, such as embedded systems, where
* the input is controlled and predictable, may wish to disable it entirely to
* reduce the code size of the library.
*
* When the symbol is not defined, no parameter validation except that required
* to ensure the integrity or security of the library are performed.
*
* When the symbol is defined, all parameters will be validated, and an error
* code returned where appropriate.
*/
#define MBEDTLS_CHECK_PARAMS
/* \} name SECTION: System support */
/**
@ -2996,6 +3015,9 @@
//#define MBEDTLS_PLATFORM_NV_SEED_READ_MACRO mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */
//#define MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */
//#define MBEDTLS_PARAM_FAILED(x) mbedtls_param_failed( #x ) /**< Default parameter validation callback to use. Can be undefined */
/* SSL Cache options */
//#define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT 86400 /**< 1 day */
//#define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES 50 /**< Maximum entries in cache */

View file

@ -41,6 +41,34 @@
extern "C" {
#endif
#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) && \
!defined(MBEDTLS_PARAM_FAILED)
#define MBEDTLS_PARAM_FAILED( cond, file, line ) \
mbedtls_param_failed( cond, file, line )
/**
* \brief User supplied callback function for parameter validation failure.
*
* When the MBEDTLS_CHECK_PARAMS option is enabled, the library
* provides additional validation of all input parameters to
* confirm that they conform to what the interface can accept.
* For example - NULL paramater checks.
*
* These checks are designed to check programmatic issues in the
* application software using Mbed TLS, or catch other runtime
* errors which may be due to issues in the application software.
*
* This function will be called unless an alternative function is
* defined through the MBEDTLS_PARAM_FAILURE function.
*
* This function can return, and the operation will be aborted, or
* alternatively, through use of setjmp()/longjmp() can resume
* execution in the application code.
*/
void mbedtls_param_failed( char* failure_condition, char* file, int line );
#endif /* MBEDTLS_CHECK_PARAMS && MBEDTLS_PLATFORM_C && !MBEDTLS_PARAM_FAILED */
/**
* \brief Securely zeroize a buffer
*

View file

@ -35,6 +35,7 @@
#endif
#include "mbedtls/platform_util.h"
#include "mbedtls/platform.h"
#include "mbedtls/threading.h"
#include <stddef.h>
@ -133,3 +134,11 @@ struct tm *mbedtls_platform_gmtime_r( const mbedtls_time_t *tt,
#endif /* _WIN32 && !EFIX64 && !EFI32 */
}
#endif /* MBEDTLS_HAVE_TIME_DATE && MBEDTLS_PLATFORM_GMTIME_R_ALT */
#if defined( MBEDTLS_CHECK_PARAMS ) && defined(MBEDTLS_PLATFORM_C) && \
defined(MBEDTLS_DEBUG_INVALID_PARAMS)
void mbedtls_param_failed( char* failure_condition )
{
mbedtls_printf("%s:%i: Input param failed - %s\n", __FILE__, __LINE__, failure_condition );
}
#endif