mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-30 04:34:27 +01:00
58a39e02da
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
728 lines
22 KiB
Plaintext
728 lines
22 KiB
Plaintext
#line 2 "helpers.function"
|
|
/*----------------------------------------------------------------------------*/
|
|
/* Headers */
|
|
|
|
#include <stdlib.h>
|
|
|
|
#if defined(MBEDTLS_PLATFORM_C)
|
|
#include "mbedtls/platform.h"
|
|
#else
|
|
#include <stdio.h>
|
|
#define mbedtls_fprintf fprintf
|
|
#define mbedtls_snprintf snprintf
|
|
#define mbedtls_calloc calloc
|
|
#define mbedtls_free free
|
|
#define mbedtls_exit exit
|
|
#define mbedtls_time time
|
|
#define mbedtls_time_t time_t
|
|
#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
|
|
#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
|
|
#endif
|
|
|
|
#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
|
|
#include "mbedtls/memory_buffer_alloc.h"
|
|
#endif
|
|
|
|
#ifdef _MSC_VER
|
|
#include <basetsd.h>
|
|
typedef UINT32 uint32_t;
|
|
#define strncasecmp _strnicmp
|
|
#define strcasecmp _stricmp
|
|
#else
|
|
#include <stdint.h>
|
|
#endif
|
|
|
|
#include <string.h>
|
|
|
|
#if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__))
|
|
#include <unistd.h>
|
|
#endif
|
|
|
|
#if defined(MBEDTLS_THREADING_C) && defined(MBEDTLS_THREADING_PTHREAD) && \
|
|
defined(MBEDTLS_TEST_HOOKS)
|
|
#include "mbedtls/threading.h"
|
|
#define MBEDTLS_TEST_MUTEX_USAGE
|
|
#endif
|
|
|
|
/*
|
|
* Define the two macros
|
|
*
|
|
* #define TEST_CF_SECRET(ptr, size)
|
|
* #define TEST_CF_PUBLIC(ptr, size)
|
|
*
|
|
* that can be used in tests to mark a memory area as secret (no branch or
|
|
* memory access should depend on it) or public (default, only needs to be
|
|
* marked explicitly when it was derived from secret data).
|
|
*
|
|
* Arguments:
|
|
* - ptr: a pointer to the memory area to be marked
|
|
* - size: the size in bytes of the memory area
|
|
*
|
|
* Implementation:
|
|
* The basic idea is that of ctgrind <https://github.com/agl/ctgrind>: we can
|
|
* re-use tools that were designed for checking use of uninitialized memory.
|
|
* This file contains two implementations: one based on MemorySanitizer, the
|
|
* other on valgrind's memcheck. If none of them is enabled, dummy macros that
|
|
* do nothing are defined for convenience.
|
|
*/
|
|
#if defined(MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN)
|
|
#include <sanitizer/msan_interface.h>
|
|
|
|
/* Use macros to avoid messing up with origin tracking */
|
|
#define TEST_CF_SECRET __msan_allocated_memory
|
|
// void __msan_allocated_memory(const volatile void* data, size_t size);
|
|
#define TEST_CF_PUBLIC __msan_unpoison
|
|
// void __msan_unpoison(const volatile void *a, size_t size);
|
|
|
|
#elif defined(MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND)
|
|
#include <valgrind/memcheck.h>
|
|
|
|
#define TEST_CF_SECRET VALGRIND_MAKE_MEM_UNDEFINED
|
|
// VALGRIND_MAKE_MEM_UNDEFINED(_qzz_addr, _qzz_len)
|
|
#define TEST_CF_PUBLIC VALGRIND_MAKE_MEM_DEFINED
|
|
// VALGRIND_MAKE_MEM_DEFINED(_qzz_addr, _qzz_len)
|
|
|
|
#else /* MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN ||
|
|
MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND */
|
|
|
|
#define TEST_CF_SECRET(ptr, size)
|
|
#define TEST_CF_PUBLIC(ptr, size)
|
|
|
|
#endif /* MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN */
|
|
|
|
/*----------------------------------------------------------------------------*/
|
|
/* Constants */
|
|
|
|
#define DEPENDENCY_SUPPORTED 0
|
|
#define DEPENDENCY_NOT_SUPPORTED 1
|
|
|
|
#define KEY_VALUE_MAPPING_FOUND 0
|
|
#define KEY_VALUE_MAPPING_NOT_FOUND -1
|
|
|
|
#define DISPATCH_TEST_SUCCESS 0
|
|
#define DISPATCH_TEST_FN_NOT_FOUND 1
|
|
#define DISPATCH_INVALID_TEST_DATA 2
|
|
#define DISPATCH_UNSUPPORTED_SUITE 3
|
|
|
|
|
|
/*----------------------------------------------------------------------------*/
|
|
/* Macros */
|
|
|
|
#define TEST_ASSERT( TEST ) \
|
|
do { \
|
|
if( ! (TEST) ) \
|
|
{ \
|
|
test_fail( #TEST, __LINE__, __FILE__ ); \
|
|
goto exit; \
|
|
} \
|
|
} while( 0 )
|
|
|
|
#define assert(a) if( !( a ) ) \
|
|
{ \
|
|
mbedtls_fprintf( stderr, "Assertion Failed at %s:%d - %s\n", \
|
|
__FILE__, __LINE__, #a ); \
|
|
mbedtls_exit( 1 ); \
|
|
}
|
|
|
|
#if defined(__GNUC__)
|
|
/* Test if arg and &(arg)[0] have the same type. This is true if arg is
|
|
* an array but not if it's a pointer. */
|
|
#define IS_ARRAY_NOT_POINTER( arg ) \
|
|
( ! __builtin_types_compatible_p( __typeof__( arg ), \
|
|
__typeof__( &( arg )[0] ) ) )
|
|
#else
|
|
/* On platforms where we don't know how to implement this check,
|
|
* omit it. Oh well, a non-portable check is better than nothing. */
|
|
#define IS_ARRAY_NOT_POINTER( arg ) 1
|
|
#endif
|
|
|
|
/* A compile-time constant with the value 0. If `const_expr` is not a
|
|
* compile-time constant with a nonzero value, cause a compile-time error. */
|
|
#define STATIC_ASSERT_EXPR( const_expr ) \
|
|
( 0 && sizeof( struct { unsigned int STATIC_ASSERT : 1 - 2 * ! ( const_expr ); } ) )
|
|
/* Return the scalar value `value` (possibly promoted). This is a compile-time
|
|
* constant if `value` is. `condition` must be a compile-time constant.
|
|
* If `condition` is false, arrange to cause a compile-time error. */
|
|
#define STATIC_ASSERT_THEN_RETURN( condition, value ) \
|
|
( STATIC_ASSERT_EXPR( condition ) ? 0 : ( value ) )
|
|
|
|
#define ARRAY_LENGTH_UNSAFE( array ) \
|
|
( sizeof( array ) / sizeof( *( array ) ) )
|
|
/** Return the number of elements of a static or stack array.
|
|
*
|
|
* \param array A value of array (not pointer) type.
|
|
*
|
|
* \return The number of elements of the array.
|
|
*/
|
|
#define ARRAY_LENGTH( array ) \
|
|
( STATIC_ASSERT_THEN_RETURN( IS_ARRAY_NOT_POINTER( array ), \
|
|
ARRAY_LENGTH_UNSAFE( array ) ) )
|
|
|
|
|
|
/*
|
|
* 32-bit integer manipulation macros (big endian)
|
|
*/
|
|
#ifndef GET_UINT32_BE
|
|
#define GET_UINT32_BE(n,b,i) \
|
|
{ \
|
|
(n) = ( (uint32_t) (b)[(i) ] << 24 ) \
|
|
| ( (uint32_t) (b)[(i) + 1] << 16 ) \
|
|
| ( (uint32_t) (b)[(i) + 2] << 8 ) \
|
|
| ( (uint32_t) (b)[(i) + 3] ); \
|
|
}
|
|
#endif
|
|
|
|
#ifndef PUT_UINT32_BE
|
|
#define PUT_UINT32_BE(n,b,i) \
|
|
{ \
|
|
(b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
|
|
(b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
|
|
(b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
|
|
(b)[(i) + 3] = (unsigned char) ( (n) ); \
|
|
}
|
|
#endif
|
|
|
|
|
|
/*----------------------------------------------------------------------------*/
|
|
/* Global variables */
|
|
|
|
|
|
static struct
|
|
{
|
|
int failed;
|
|
const char *test;
|
|
const char *filename;
|
|
int line_no;
|
|
#if defined(MBEDTLS_TEST_MUTEX_USAGE)
|
|
const char *mutex_usage_error;
|
|
#endif
|
|
}
|
|
test_info;
|
|
|
|
|
|
/*----------------------------------------------------------------------------*/
|
|
/* Helper flags for complex dependencies */
|
|
|
|
/* Indicates whether we expect mbedtls_entropy_init
|
|
* to initialize some strong entropy source. */
|
|
#if defined(MBEDTLS_TEST_NULL_ENTROPY) || \
|
|
( !defined(MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES) && \
|
|
( !defined(MBEDTLS_NO_PLATFORM_ENTROPY) || \
|
|
defined(MBEDTLS_HAVEGE_C) || \
|
|
defined(MBEDTLS_ENTROPY_HARDWARE_ALT) || \
|
|
defined(ENTROPY_NV_SEED) ) )
|
|
#define ENTROPY_HAVE_STRONG
|
|
#endif
|
|
|
|
|
|
/*----------------------------------------------------------------------------*/
|
|
/* Helper Functions */
|
|
|
|
void test_fail( const char *test, int line_no, const char* filename )
|
|
{
|
|
if( test_info.failed )
|
|
{
|
|
/* We've already recorded the test as having failed. Don't
|
|
* overwrite any previous information about the failure. */
|
|
return;
|
|
}
|
|
test_info.failed = 1;
|
|
test_info.test = test;
|
|
test_info.line_no = line_no;
|
|
test_info.filename = filename;
|
|
}
|
|
|
|
#if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__))
|
|
static int redirect_output( FILE* out_stream, const char* path )
|
|
{
|
|
int out_fd, dup_fd;
|
|
FILE* path_stream;
|
|
|
|
out_fd = fileno( out_stream );
|
|
dup_fd = dup( out_fd );
|
|
|
|
if( dup_fd == -1 )
|
|
{
|
|
return( -1 );
|
|
}
|
|
|
|
path_stream = fopen( path, "w" );
|
|
if( path_stream == NULL )
|
|
{
|
|
close( dup_fd );
|
|
return( -1 );
|
|
}
|
|
|
|
fflush( out_stream );
|
|
if( dup2( fileno( path_stream ), out_fd ) == -1 )
|
|
{
|
|
close( dup_fd );
|
|
fclose( path_stream );
|
|
return( -1 );
|
|
}
|
|
|
|
fclose( path_stream );
|
|
return( dup_fd );
|
|
}
|
|
|
|
static int restore_output( FILE* out_stream, int dup_fd )
|
|
{
|
|
int out_fd = fileno( out_stream );
|
|
|
|
fflush( out_stream );
|
|
if( dup2( dup_fd, out_fd ) == -1 )
|
|
{
|
|
close( out_fd );
|
|
close( dup_fd );
|
|
return( -1 );
|
|
}
|
|
|
|
close( dup_fd );
|
|
return( 0 );
|
|
}
|
|
#endif /* __unix__ || __APPLE__ __MACH__ */
|
|
|
|
int unhexify( unsigned char *obuf, const char *ibuf )
|
|
{
|
|
unsigned char c, c2;
|
|
int len = strlen( ibuf ) / 2;
|
|
assert( strlen( ibuf ) % 2 == 0 ); /* must be even number of bytes */
|
|
|
|
while( *ibuf != 0 )
|
|
{
|
|
c = *ibuf++;
|
|
if( c >= '0' && c <= '9' )
|
|
c -= '0';
|
|
else if( c >= 'a' && c <= 'f' )
|
|
c -= 'a' - 10;
|
|
else if( c >= 'A' && c <= 'F' )
|
|
c -= 'A' - 10;
|
|
else
|
|
assert( 0 );
|
|
|
|
c2 = *ibuf++;
|
|
if( c2 >= '0' && c2 <= '9' )
|
|
c2 -= '0';
|
|
else if( c2 >= 'a' && c2 <= 'f' )
|
|
c2 -= 'a' - 10;
|
|
else if( c2 >= 'A' && c2 <= 'F' )
|
|
c2 -= 'A' - 10;
|
|
else
|
|
assert( 0 );
|
|
|
|
*obuf++ = ( c << 4 ) | c2;
|
|
}
|
|
|
|
return len;
|
|
}
|
|
|
|
void hexify( unsigned char *obuf, const unsigned char *ibuf, int len )
|
|
{
|
|
unsigned char l, h;
|
|
|
|
while( len != 0 )
|
|
{
|
|
h = *ibuf / 16;
|
|
l = *ibuf % 16;
|
|
|
|
if( h < 10 )
|
|
*obuf++ = '0' + h;
|
|
else
|
|
*obuf++ = 'a' + h - 10;
|
|
|
|
if( l < 10 )
|
|
*obuf++ = '0' + l;
|
|
else
|
|
*obuf++ = 'a' + l - 10;
|
|
|
|
++ibuf;
|
|
len--;
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Allocate and zeroize a buffer.
|
|
*
|
|
* If the size if zero, a pointer to a zeroized 1-byte buffer is returned.
|
|
*
|
|
* For convenience, dies if allocation fails.
|
|
*/
|
|
static unsigned char *zero_alloc( size_t len )
|
|
{
|
|
void *p;
|
|
size_t actual_len = ( len != 0 ) ? len : 1;
|
|
|
|
p = mbedtls_calloc( 1, actual_len );
|
|
assert( p != NULL );
|
|
|
|
memset( p, 0x00, actual_len );
|
|
|
|
return( p );
|
|
}
|
|
|
|
/**
|
|
* Allocate and fill a buffer from hex data.
|
|
*
|
|
* The buffer is sized exactly as needed. This allows to detect buffer
|
|
* overruns (including overreads) when running the test suite under valgrind.
|
|
*
|
|
* If the size if zero, a pointer to a zeroized 1-byte buffer is returned.
|
|
*
|
|
* For convenience, dies if allocation fails.
|
|
*/
|
|
unsigned char *unhexify_alloc( const char *ibuf, size_t *olen )
|
|
{
|
|
unsigned char *obuf;
|
|
|
|
*olen = strlen( ibuf ) / 2;
|
|
|
|
if( *olen == 0 )
|
|
return( zero_alloc( *olen ) );
|
|
|
|
obuf = mbedtls_calloc( 1, *olen );
|
|
assert( obuf != NULL );
|
|
|
|
(void) unhexify( obuf, ibuf );
|
|
|
|
return( obuf );
|
|
}
|
|
|
|
/**
|
|
* This function just returns data from rand().
|
|
* Although predictable and often similar on multiple
|
|
* runs, this does not result in identical random on
|
|
* each run. So do not use this if the results of a
|
|
* test depend on the random data that is generated.
|
|
*
|
|
* rng_state shall be NULL.
|
|
*/
|
|
static int rnd_std_rand( void *rng_state, unsigned char *output, size_t len )
|
|
{
|
|
#if !defined(__OpenBSD__) && !defined(__NetBSD__)
|
|
size_t i;
|
|
|
|
if( rng_state != NULL )
|
|
rng_state = NULL;
|
|
|
|
for( i = 0; i < len; ++i )
|
|
output[i] = rand();
|
|
#else
|
|
if( rng_state != NULL )
|
|
rng_state = NULL;
|
|
|
|
arc4random_buf( output, len );
|
|
#endif /* !OpenBSD && !NetBSD */
|
|
|
|
return( 0 );
|
|
}
|
|
|
|
/**
|
|
* This function only returns zeros
|
|
*
|
|
* rng_state shall be NULL.
|
|
*/
|
|
int rnd_zero_rand( void *rng_state, unsigned char *output, size_t len )
|
|
{
|
|
if( rng_state != NULL )
|
|
rng_state = NULL;
|
|
|
|
memset( output, 0, len );
|
|
|
|
return( 0 );
|
|
}
|
|
|
|
typedef struct
|
|
{
|
|
unsigned char *buf;
|
|
size_t length;
|
|
} rnd_buf_info;
|
|
|
|
/**
|
|
* This function returns random based on a buffer it receives.
|
|
*
|
|
* rng_state shall be a pointer to a rnd_buf_info structure.
|
|
*
|
|
* The number of bytes released from the buffer on each call to
|
|
* the random function is specified by per_call. (Can be between
|
|
* 1 and 4)
|
|
*
|
|
* After the buffer is empty it will return rand();
|
|
*/
|
|
int rnd_buffer_rand( void *rng_state, unsigned char *output, size_t len )
|
|
{
|
|
rnd_buf_info *info = (rnd_buf_info *) rng_state;
|
|
size_t use_len;
|
|
|
|
if( rng_state == NULL )
|
|
return( rnd_std_rand( NULL, output, len ) );
|
|
|
|
use_len = len;
|
|
if( len > info->length )
|
|
use_len = info->length;
|
|
|
|
if( use_len )
|
|
{
|
|
memcpy( output, info->buf, use_len );
|
|
info->buf += use_len;
|
|
info->length -= use_len;
|
|
}
|
|
|
|
if( len - use_len > 0 )
|
|
return( rnd_std_rand( NULL, output + use_len, len - use_len ) );
|
|
|
|
return( 0 );
|
|
}
|
|
|
|
/**
|
|
* Info structure for the pseudo random function
|
|
*
|
|
* Key should be set at the start to a test-unique value.
|
|
* Do not forget endianness!
|
|
* State( v0, v1 ) should be set to zero.
|
|
*/
|
|
typedef struct
|
|
{
|
|
uint32_t key[16];
|
|
uint32_t v0, v1;
|
|
} rnd_pseudo_info;
|
|
|
|
/**
|
|
* This function returns random based on a pseudo random function.
|
|
* This means the results should be identical on all systems.
|
|
* Pseudo random is based on the XTEA encryption algorithm to
|
|
* generate pseudorandom.
|
|
*
|
|
* rng_state shall be a pointer to a rnd_pseudo_info structure.
|
|
*/
|
|
int rnd_pseudo_rand( void *rng_state, unsigned char *output, size_t len )
|
|
{
|
|
rnd_pseudo_info *info = (rnd_pseudo_info *) rng_state;
|
|
uint32_t i, *k, sum, delta=0x9E3779B9;
|
|
unsigned char result[4], *out = output;
|
|
|
|
if( rng_state == NULL )
|
|
return( rnd_std_rand( NULL, output, len ) );
|
|
|
|
k = info->key;
|
|
|
|
while( len > 0 )
|
|
{
|
|
size_t use_len = ( len > 4 ) ? 4 : len;
|
|
sum = 0;
|
|
|
|
for( i = 0; i < 32; i++ )
|
|
{
|
|
info->v0 += ( ( ( info->v1 << 4 ) ^ ( info->v1 >> 5 ) )
|
|
+ info->v1 ) ^ ( sum + k[sum & 3] );
|
|
sum += delta;
|
|
info->v1 += ( ( ( info->v0 << 4 ) ^ ( info->v0 >> 5 ) )
|
|
+ info->v0 ) ^ ( sum + k[( sum>>11 ) & 3] );
|
|
}
|
|
|
|
PUT_UINT32_BE( info->v0, result, 0 );
|
|
memcpy( out, result, use_len );
|
|
len -= use_len;
|
|
out += 4;
|
|
}
|
|
|
|
return( 0 );
|
|
}
|
|
|
|
#if defined(MBEDTLS_TEST_MUTEX_USAGE)
|
|
/** Mutex usage verification framework.
|
|
*
|
|
* The mutex usage verification code below aims to detect bad usage of
|
|
* Mbed TLS's mutex abstraction layer at runtime. Note that this is solely
|
|
* about the use of the mutex itself, not about checking whether the mutex
|
|
* correctly protects whatever it is supposed to protect.
|
|
*
|
|
* The normal usage of a mutex is:
|
|
* ```
|
|
* digraph mutex_states {
|
|
* "UNINITIALIZED"; // the initial state
|
|
* "IDLE";
|
|
* "FREED";
|
|
* "LOCKED";
|
|
* "UNINITIALIZED" -> "IDLE" [label="init"];
|
|
* "FREED" -> "IDLE" [label="init"];
|
|
* "IDLE" -> "LOCKED" [label="lock"];
|
|
* "LOCKED" -> "IDLE" [label="unlock"];
|
|
* "IDLE" -> "FREED" [label="free"];
|
|
* }
|
|
* ```
|
|
*
|
|
* All bad transitions that can be unambiguously detected are reported.
|
|
* An attempt to use an uninitialized mutex cannot be detected in general
|
|
* since the memory content may happen to denote a valid state. For the same
|
|
* reason, a double init cannot be detected.
|
|
* All-bits-zero is the state of a freed mutex, which is distinct from an
|
|
* initialized mutex, so attempting to use zero-initialized memory as a mutex
|
|
* without calling the init function is detected.
|
|
*
|
|
* The framework attempts to detect missing calls to init and free by counting
|
|
* calls to init and free. If there are more calls to init than free, this
|
|
* means that a mutex is not being freed somewhere, which is a memory leak
|
|
* on platforms where a mutex consumes resources other than the
|
|
* mbedtls_threading_mutex_t object itself. If there are more calls to free
|
|
* than init, this indicates a missing init, which is likely to be detected
|
|
* by an attempt to lock the mutex as well. A limitation of this framework is
|
|
* that it cannot detect scenarios where there is exactly the same number of
|
|
* calls to init and free but the calls don't match. A bug like this is
|
|
* unlikely to happen uniformly throughout the whole test suite though.
|
|
*
|
|
* If an error is detected, this framework will report what happened and the
|
|
* test case will be marked as failed. Unfortunately, the error report cannot
|
|
* indicate the exact location of the problematic call. To locate the error,
|
|
* use a debugger and set a breakpoint on mbedtls_test_mutex_usage_error().
|
|
*/
|
|
enum value_of_mutex_is_valid_field
|
|
{
|
|
/* Potential values for the is_valid field of mbedtls_threading_mutex_t.
|
|
* Note that MUTEX_FREED must be 0 and MUTEX_IDLE must be 1 for
|
|
* compatibility with threading_mutex_init_pthread() and
|
|
* threading_mutex_free_pthread(). MUTEX_LOCKED could be any nonzero
|
|
* value. */
|
|
MUTEX_FREED = 0, //!< Set by threading_mutex_free_pthread
|
|
MUTEX_IDLE = 1, //!< Set by threading_mutex_init_pthread and by our unlock
|
|
MUTEX_LOCKED = 2, //!< Set by our lock
|
|
};
|
|
|
|
typedef struct
|
|
{
|
|
void (*init)( mbedtls_threading_mutex_t * );
|
|
void (*free)( mbedtls_threading_mutex_t * );
|
|
int (*lock)( mbedtls_threading_mutex_t * );
|
|
int (*unlock)( mbedtls_threading_mutex_t * );
|
|
} mutex_functions_t;
|
|
static mutex_functions_t mutex_functions;
|
|
|
|
/** The total number of calls to mbedtls_mutex_init(), minus the total number
|
|
* of calls to mbedtls_mutex_free().
|
|
*
|
|
* Reset to 0 after each test case.
|
|
*/
|
|
static int live_mutexes;
|
|
|
|
static void mbedtls_test_mutex_usage_error( mbedtls_threading_mutex_t *mutex,
|
|
const char *msg )
|
|
{
|
|
(void) mutex;
|
|
if( test_info.mutex_usage_error == NULL )
|
|
test_info.mutex_usage_error = msg;
|
|
mbedtls_fprintf( stdout, "[mutex: %s] ", msg );
|
|
/* Don't mark the test as failed yet. This way, if the test fails later
|
|
* for a functional reason, the test framework will report the message
|
|
* and location for this functional reason. If the test passes,
|
|
* mbedtls_test_mutex_usage_check() will mark it as failed. */
|
|
}
|
|
|
|
static void mbedtls_test_wrap_mutex_init( mbedtls_threading_mutex_t *mutex )
|
|
{
|
|
mutex_functions.init( mutex );
|
|
if( mutex->is_valid )
|
|
++live_mutexes;
|
|
}
|
|
|
|
static void mbedtls_test_wrap_mutex_free( mbedtls_threading_mutex_t *mutex )
|
|
{
|
|
switch( mutex->is_valid )
|
|
{
|
|
case MUTEX_FREED:
|
|
mbedtls_test_mutex_usage_error( mutex, "free without init or double free" );
|
|
break;
|
|
case MUTEX_IDLE:
|
|
/* Do nothing. The underlying free function will reset is_valid
|
|
* to 0. */
|
|
break;
|
|
case MUTEX_LOCKED:
|
|
mbedtls_test_mutex_usage_error( mutex, "free without unlock" );
|
|
break;
|
|
default:
|
|
mbedtls_test_mutex_usage_error( mutex, "corrupted state" );
|
|
break;
|
|
}
|
|
if( mutex->is_valid )
|
|
--live_mutexes;
|
|
mutex_functions.free( mutex );
|
|
}
|
|
|
|
static int mbedtls_test_wrap_mutex_lock( mbedtls_threading_mutex_t *mutex )
|
|
{
|
|
int ret = mutex_functions.lock( mutex );
|
|
switch( mutex->is_valid )
|
|
{
|
|
case MUTEX_FREED:
|
|
mbedtls_test_mutex_usage_error( mutex, "lock without init" );
|
|
break;
|
|
case MUTEX_IDLE:
|
|
if( ret == 0 )
|
|
mutex->is_valid = 2;
|
|
break;
|
|
case MUTEX_LOCKED:
|
|
mbedtls_test_mutex_usage_error( mutex, "double lock" );
|
|
break;
|
|
default:
|
|
mbedtls_test_mutex_usage_error( mutex, "corrupted state" );
|
|
break;
|
|
}
|
|
return( ret );
|
|
}
|
|
|
|
static int mbedtls_test_wrap_mutex_unlock( mbedtls_threading_mutex_t *mutex )
|
|
{
|
|
int ret = mutex_functions.unlock( mutex );
|
|
switch( mutex->is_valid )
|
|
{
|
|
case MUTEX_FREED:
|
|
mbedtls_test_mutex_usage_error( mutex, "unlock without init" );
|
|
break;
|
|
case MUTEX_IDLE:
|
|
mbedtls_test_mutex_usage_error( mutex, "unlock without lock" );
|
|
break;
|
|
case MUTEX_LOCKED:
|
|
if( ret == 0 )
|
|
mutex->is_valid = MUTEX_IDLE;
|
|
break;
|
|
default:
|
|
mbedtls_test_mutex_usage_error( mutex, "corrupted state" );
|
|
break;
|
|
}
|
|
return( ret );
|
|
}
|
|
|
|
static void mbedtls_test_mutex_usage_init( void )
|
|
{
|
|
mutex_functions.init = mbedtls_mutex_init;
|
|
mutex_functions.free = mbedtls_mutex_free;
|
|
mutex_functions.lock = mbedtls_mutex_lock;
|
|
mutex_functions.unlock = mbedtls_mutex_unlock;
|
|
mbedtls_mutex_init = &mbedtls_test_wrap_mutex_init;
|
|
mbedtls_mutex_free = &mbedtls_test_wrap_mutex_free;
|
|
mbedtls_mutex_lock = &mbedtls_test_wrap_mutex_lock;
|
|
mbedtls_mutex_unlock = &mbedtls_test_wrap_mutex_unlock;
|
|
}
|
|
|
|
static void mbedtls_test_mutex_usage_check( void )
|
|
{
|
|
if( live_mutexes != 0 )
|
|
{
|
|
/* A positive number (more init than free) means that a mutex resource
|
|
* is leaking (on platforms where a mutex consumes more than the
|
|
* mbedtls_threading_mutex_t object itself). The rare case of a
|
|
* negative number means a missing init somewhere. */
|
|
mbedtls_fprintf( stdout, "[mutex: %d leaked] ", live_mutexes );
|
|
live_mutexes = 0;
|
|
if( test_info.mutex_usage_error == NULL )
|
|
test_info.mutex_usage_error = "missing free";
|
|
}
|
|
if( test_info.mutex_usage_error != NULL && ! test_info.failed )
|
|
{
|
|
/* Functionally, the test passed. But there was a mutex usage error,
|
|
* so mark the test as failed after all. */
|
|
test_fail( "Mutex usage error", __LINE__, __FILE__ );
|
|
}
|
|
test_info.mutex_usage_error = NULL;
|
|
}
|
|
|
|
#endif /* MBEDTLS_TEST_MUTEX_USAGE */
|