From a2b0e27378f1613c45fd324e4cf74a54654b2ebe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 10 Dec 2018 15:23:58 +0100 Subject: [PATCH] Skip param validation tests if custom macro used The test framework for validation of parameters depends on the macro MBEDTLS_PARAM_FAILED() being set to its default value when building the library. So far the test framework attempted to define this macro but this was the wrong place - this definition wouldn't be picked by the library. Instead, a different approach is taken: skip those tests when the macro is defined in config.h, as in that case we have no way to know if it will indeed end up calling mbedtls_param_failed() as we need it to. This commit was tested by manually ensuring that aes_invalid_params: - passes (and is not skipped) in the default configuration - is skipped when MBEDTLS_PARAM_FAILED() is defined in config.h --- include/mbedtls/platform_util.h | 14 ++++++++-- tests/suites/helpers.function | 38 ++++++++------------------- tests/suites/test_suite_aes.function | 2 +- tests/suites/test_suite_aes.rest.data | 1 - 4 files changed, 24 insertions(+), 31 deletions(-) diff --git a/include/mbedtls/platform_util.h b/include/mbedtls/platform_util.h index e8fab66a4..a712764a6 100644 --- a/include/mbedtls/platform_util.h +++ b/include/mbedtls/platform_util.h @@ -41,7 +41,16 @@ extern "C" { #endif -#if defined( MBEDTLS_CHECK_PARAMS ) && !defined(MBEDTLS_PARAM_FAILED) +#if defined( MBEDTLS_CHECK_PARAMS ) + +#if defined(MBEDTLS_PARAM_FAILED) +/** An alternative definition of MBEDTLS_PARAM_FAILED has been set in config.h. + * + * This flag can be used to check whether it is safe to assume that + * MBEDTLS_PARAM_FAILED() will expand to a call to mbedtls_param_failed(). + */ +#define MBEDTLS_PARAM_FAILED_ALT +#else #define MBEDTLS_PARAM_FAILED( cond ) \ mbedtls_param_failed( cond, __FILE__, __LINE__ ) @@ -67,7 +76,8 @@ extern "C" { void mbedtls_param_failed( const char* failure_condition, const char* file, int line ); -#endif /* MBEDTLS_CHECK_PARAMS && !MBEDTLS_PARAM_FAILED */ +#endif /* MBEDTLS_PARAM_FAILED */ +#endif /* MBEDTLS_CHECK_PARAMS */ /** * \brief Securely zeroize a buffer diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function index 472df425b..71390ecfe 100644 --- a/tests/suites/helpers.function +++ b/tests/suites/helpers.function @@ -24,10 +24,9 @@ #endif #if defined(MBEDTLS_CHECK_PARAMS) +#include "mbedtls/platform_util.h" #include -#define MBEDTLS_PARAM_FAILED(x) mbedtls_param_failed( #x, __FILE__, __LINE__ ) - -#endif /* MBEDTLS_CHECK_PARAMS */ +#endif #ifdef _MSC_VER #include @@ -92,7 +91,8 @@ typedef enum * code that can be tested. * * When MBEDTLS_CHECK_PARAMS is enabled, calls to the parameter failure - * callback, MBEDTLS_PARAM_FAIL, will be assumed to be a test failure. + * callback, MBEDTLS_PARAM_FAILED(), will be assumed to be a test + * failure. * * This macro is not suitable for negative parameter validation tests, * as it assumes the test step will not create an error. @@ -109,7 +109,7 @@ typedef enum } \ } while( 0 ) -#if defined(MBEDTLS_CHECK_PARAMS) +#if defined(MBEDTLS_CHECK_PARAMS) && !defined(MBEDTLS_PARAM_FAILED_ALT) /** * \brief This macro tests the statement passed to it as a test step or * individual test in a test case. The macro assumes the test will fail @@ -119,12 +119,12 @@ typedef enum * code on return to confirm the given error code was returned. * * When MBEDTLS_CHECK_PARAMS is enabled, calls to the parameter failure - * callback, MBEDTLS_PARAM_FAIL, are assumed to indicate the + * callback, MBEDTLS_PARAM_FAILED(), are assumed to indicate the * expected failure, and the test will pass. * * This macro is intended for negative parameter validation tests, * where the failing function may return an error value or call - * MBEDTLS_PARAM_FAIL to indicate the error. + * MBEDTLS_PARAM_FAILED() to indicate the error. * * \param PARAM_ERROR_VALUE The expected error code. * @@ -148,16 +148,16 @@ typedef enum * * It assumes the library function under test cannot return a value and * assumes errors can only be indicated byt calls to - * MBEDTLS_PARAM_FAIL. + * MBEDTLS_PARAM_FAILED(). * * When MBEDTLS_CHECK_PARAMS is enabled, calls to the parameter failure - * callback, MBEDTLS_PARAM_FAIL, are assumed to indicate the + * callback, MBEDTLS_PARAM_FAILED(), are assumed to indicate the * expected failure. If MBEDTLS_CHECK_PARAMS is not enabled, no test * can be made. * * This macro is intended for negative parameter validation tests, * where the failing function can only return an error by calling - * MBEDTLS_PARAM_FAIL to indicate the error. + * MBEDTLS_PARAM_FAILED() to indicate the error. * * \param TEST The test expression to be tested. */ @@ -173,23 +173,7 @@ typedef enum memcpy(param_fail_jmp, jmp_tmp, sizeof(jmp_buf)); \ } while( 0 ) -#else - -#define TEST_INVALID_PARAM_RET( PARAM_ERR_VALUE, TEST ) \ - do { \ - if( (TEST) != (PARAM_ERR_VALUE) ) \ - { \ - test_fail( #TEST, __LINE__, __FILE__ ); \ - goto exit; \ - } \ - } while( 0 ) - -#define TEST_INVALID_PARAM( TEST ) \ - do { \ - TEST; \ - } while( 0 ) - -#endif /* !defined( MBEDTLS_CHECK_PARAMS ) */ +#endif /* MBEDTLS_CHECK_PARAMS && !MBEDTLS_PARAM_FAILED_ALT */ #define assert(a) if( !( a ) ) \ { \ diff --git a/tests/suites/test_suite_aes.function b/tests/suites/test_suite_aes.function index 062234b50..7dab01b47 100644 --- a/tests/suites/test_suite_aes.function +++ b/tests/suites/test_suite_aes.function @@ -371,7 +371,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */ void aes_invalid_param( ) { mbedtls_aes_context dummy_ctx; diff --git a/tests/suites/test_suite_aes.rest.data b/tests/suites/test_suite_aes.rest.data index 3ec916ded..14b78a605 100644 --- a/tests/suites/test_suite_aes.rest.data +++ b/tests/suites/test_suite_aes.rest.data @@ -11,7 +11,6 @@ AES-256-CBC Decrypt (Invalid input length) aes_decrypt_cbc:"0000000000000000000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"623a52fcea5d443e48d9181ab32c74":"":MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH AES - Invalid parameters -depends_on:MBEDTLS_CHECK_PARAMS aes_invalid_param: AES Selftest