mirror of
https://github.com/yuzu-emu/mbedtls
synced 2024-11-24 08:38:15 +00:00
Rework documentation.
This commit is contained in:
parent
a2b0e27378
commit
ab588529e1
2 changed files with 61 additions and 16 deletions
|
@ -259,19 +259,41 @@
|
||||||
/**
|
/**
|
||||||
* \def MBEDTLS_CHECK_PARAMS
|
* \def MBEDTLS_CHECK_PARAMS
|
||||||
*
|
*
|
||||||
* This configuration controls whether the library validates parameters passed
|
* This configuration controls whether the library validates more of the
|
||||||
* to it.
|
* parameters passed to it.
|
||||||
*
|
*
|
||||||
* Application code that deals with 3rd party input may wish to enable such
|
* When this flag is not defined, the library only attempts to validate input
|
||||||
* validation, whilst code on closed systems, such as embedded systems, where
|
* parameter if: (1) they may come from the outside world (such as the
|
||||||
* the input is controlled and predictable, may wish to disable it entirely to
|
* network, the filesystem, etc.) or (2) not validating them could result in
|
||||||
* reduce the code size of the library.
|
* internal memory errors such as overflowing a buffer controlled by the
|
||||||
|
* library. On the other hand, it doesn't attempt to validate parameters whose
|
||||||
|
* values are fully controlled by the application (such as pointers).
|
||||||
*
|
*
|
||||||
* When the symbol is not defined, no parameter validation except that required
|
* When this flag is defined, the library additionally attempts to validate
|
||||||
* to ensure the integrity or security of the library are performed.
|
* parameters that are fully controlled by the application, and should always
|
||||||
|
* be valid if the application code is fully correct and trusted.
|
||||||
*
|
*
|
||||||
* When the symbol is defined, all parameters will be validated, and an error
|
* For example, when a function accepts a input a pointer to a buffer than may
|
||||||
* code returned where appropriate.
|
* contain untrusted data, and its documentation mentions that this pointer
|
||||||
|
* must not be NULL:
|
||||||
|
* - the pointer is checked to be non-NULL only if this option is enabled
|
||||||
|
* - the content of the buffer is always validated
|
||||||
|
*
|
||||||
|
* When this flag is defined, if a library function receives a parameter that
|
||||||
|
* is invalid, it will:
|
||||||
|
* - invoke the macro MBEDTLS_PARAM_FAILED() which by default expands to a
|
||||||
|
* call to the function mbedtls_param_failed()
|
||||||
|
* - immediately return (with a specific error code unless the function
|
||||||
|
* returns void and can't communicate an error).
|
||||||
|
*
|
||||||
|
* When defining this flag, you also need to:
|
||||||
|
* - either provide a definition of the function mbedtls_param_failed() in
|
||||||
|
* your application (see platform_util.h for its prototype) as the library
|
||||||
|
* calls that function, but does not provide a default definition for it,
|
||||||
|
* - or provide a different definition of the macro MBEDTLS_PARAM_FAILED()
|
||||||
|
* below if the above mechanism is not enough flexible to suit your needs.
|
||||||
|
*
|
||||||
|
* Uncomment to enable validation of application-controlled parameters.
|
||||||
*/
|
*/
|
||||||
#define MBEDTLS_CHECK_PARAMS
|
#define MBEDTLS_CHECK_PARAMS
|
||||||
|
|
||||||
|
@ -3015,7 +3037,26 @@
|
||||||
//#define MBEDTLS_PLATFORM_NV_SEED_READ_MACRO mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */
|
//#define MBEDTLS_PLATFORM_NV_SEED_READ_MACRO mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */
|
||||||
//#define MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */
|
//#define MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */
|
||||||
|
|
||||||
//#define MBEDTLS_PARAM_FAILED(x) mbedtls_param_failed( #x, __FILE__, __LINE__ ) /**< Default parameter validation callback to use. Can be undefined */
|
/**
|
||||||
|
* \brief This macro is invoked by the library when an invalid parameter
|
||||||
|
* is detected that is only checked with MBEDTLS_CHECK_PARAMS
|
||||||
|
* (see the document of the flag for context).
|
||||||
|
*
|
||||||
|
* When you leave this undefined here, a default definition is
|
||||||
|
* provided the invokes the function mbedtls_param_failed(),
|
||||||
|
* which is declared in platform_util.h for the benefit of the
|
||||||
|
* library, but that you need to define in your application.
|
||||||
|
*
|
||||||
|
* When you define this here, this replaces the default
|
||||||
|
* definition in platform_util.h (which no longer declares the
|
||||||
|
* function mbedtls_param_failed()) and it is your responsability
|
||||||
|
* to make sure this macro expands to something suitable (in
|
||||||
|
* particular, that all the necessary declarations are visible
|
||||||
|
* from within the library).
|
||||||
|
*
|
||||||
|
* \param cond The expression that should evaluate to true, but doesn't.
|
||||||
|
*/
|
||||||
|
//#define MBEDTLS_PARAM_FAILED( cond ) assert( cond )
|
||||||
|
|
||||||
|
|
||||||
/* SSL Cache options */
|
/* SSL Cache options */
|
||||||
|
|
|
@ -52,7 +52,7 @@ extern "C" {
|
||||||
#define MBEDTLS_PARAM_FAILED_ALT
|
#define MBEDTLS_PARAM_FAILED_ALT
|
||||||
#else
|
#else
|
||||||
#define MBEDTLS_PARAM_FAILED( cond ) \
|
#define MBEDTLS_PARAM_FAILED( cond ) \
|
||||||
mbedtls_param_failed( cond, __FILE__, __LINE__ )
|
mbedtls_param_failed( #cond, __FILE__, __LINE__ )
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* \brief User supplied callback function for parameter validation failure.
|
* \brief User supplied callback function for parameter validation failure.
|
||||||
|
@ -66,15 +66,19 @@ extern "C" {
|
||||||
* application software using Mbed TLS, or catch other runtime
|
* application software using Mbed TLS, or catch other runtime
|
||||||
* errors which may be due to issues in the application software.
|
* errors which may be due to issues in the application software.
|
||||||
*
|
*
|
||||||
* This function will be called unless an alternative function is
|
* This function will be called unless an alternative treatement
|
||||||
* defined through the MBEDTLS_PARAM_FAILURE function.
|
* is defined through the MBEDTLS_PARAM_FAILURE() macro.
|
||||||
*
|
*
|
||||||
* This function can return, and the operation will be aborted, or
|
* This function can return, and the operation will be aborted, or
|
||||||
* alternatively, through use of setjmp()/longjmp() can resume
|
* alternatively, through use of setjmp()/longjmp() can resume
|
||||||
* execution in the application code.
|
* execution in the application code.
|
||||||
|
*
|
||||||
|
* \param failure_condition The assertion that didn't hold.
|
||||||
|
* \param file The file where the assertion failed.
|
||||||
|
* \param line The line in the file where the assertion failed.
|
||||||
*/
|
*/
|
||||||
void mbedtls_param_failed( const char* failure_condition,
|
void mbedtls_param_failed( const char *failure_condition,
|
||||||
const char* file,
|
const char *file,
|
||||||
int line );
|
int line );
|
||||||
#endif /* MBEDTLS_PARAM_FAILED */
|
#endif /* MBEDTLS_PARAM_FAILED */
|
||||||
#endif /* MBEDTLS_CHECK_PARAMS */
|
#endif /* MBEDTLS_CHECK_PARAMS */
|
||||||
|
|
Loading…
Reference in a new issue