Rework documentation.

This commit is contained in:
Manuel Pégourié-Gonnard 2018-12-10 16:04:46 +01:00
parent a2b0e27378
commit ab588529e1
2 changed files with 61 additions and 16 deletions

View file

@ -259,19 +259,41 @@
/** /**
* \def MBEDTLS_CHECK_PARAMS * \def MBEDTLS_CHECK_PARAMS
* *
* This configuration controls whether the library validates parameters passed * This configuration controls whether the library validates more of the
* to it. * parameters passed to it.
* *
* Application code that deals with 3rd party input may wish to enable such * When this flag is not defined, the library only attempts to validate input
* validation, whilst code on closed systems, such as embedded systems, where * parameter if: (1) they may come from the outside world (such as the
* the input is controlled and predictable, may wish to disable it entirely to * network, the filesystem, etc.) or (2) not validating them could result in
* reduce the code size of the library. * internal memory errors such as overflowing a buffer controlled by the
* library. On the other hand, it doesn't attempt to validate parameters whose
* values are fully controlled by the application (such as pointers).
* *
* When the symbol is not defined, no parameter validation except that required * When this flag is defined, the library additionally attempts to validate
* to ensure the integrity or security of the library are performed. * parameters that are fully controlled by the application, and should always
* be valid if the application code is fully correct and trusted.
* *
* When the symbol is defined, all parameters will be validated, and an error * For example, when a function accepts a input a pointer to a buffer than may
* code returned where appropriate. * contain untrusted data, and its documentation mentions that this pointer
* must not be NULL:
* - the pointer is checked to be non-NULL only if this option is enabled
* - the content of the buffer is always validated
*
* When this flag is defined, if a library function receives a parameter that
* is invalid, it will:
* - invoke the macro MBEDTLS_PARAM_FAILED() which by default expands to a
* call to the function mbedtls_param_failed()
* - immediately return (with a specific error code unless the function
* returns void and can't communicate an error).
*
* When defining this flag, you also need to:
* - either provide a definition of the function mbedtls_param_failed() in
* your application (see platform_util.h for its prototype) as the library
* calls that function, but does not provide a default definition for it,
* - or provide a different definition of the macro MBEDTLS_PARAM_FAILED()
* below if the above mechanism is not enough flexible to suit your needs.
*
* Uncomment to enable validation of application-controlled parameters.
*/ */
#define MBEDTLS_CHECK_PARAMS #define MBEDTLS_CHECK_PARAMS
@ -3015,7 +3037,26 @@
//#define MBEDTLS_PLATFORM_NV_SEED_READ_MACRO mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */ //#define MBEDTLS_PLATFORM_NV_SEED_READ_MACRO mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */
//#define MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */ //#define MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */
//#define MBEDTLS_PARAM_FAILED(x) mbedtls_param_failed( #x, __FILE__, __LINE__ ) /**< Default parameter validation callback to use. Can be undefined */ /**
* \brief This macro is invoked by the library when an invalid parameter
* is detected that is only checked with MBEDTLS_CHECK_PARAMS
* (see the document of the flag for context).
*
* When you leave this undefined here, a default definition is
* provided the invokes the function mbedtls_param_failed(),
* which is declared in platform_util.h for the benefit of the
* library, but that you need to define in your application.
*
* When you define this here, this replaces the default
* definition in platform_util.h (which no longer declares the
* function mbedtls_param_failed()) and it is your responsability
* to make sure this macro expands to something suitable (in
* particular, that all the necessary declarations are visible
* from within the library).
*
* \param cond The expression that should evaluate to true, but doesn't.
*/
//#define MBEDTLS_PARAM_FAILED( cond ) assert( cond )
/* SSL Cache options */ /* SSL Cache options */

View file

@ -52,7 +52,7 @@ extern "C" {
#define MBEDTLS_PARAM_FAILED_ALT #define MBEDTLS_PARAM_FAILED_ALT
#else #else
#define MBEDTLS_PARAM_FAILED( cond ) \ #define MBEDTLS_PARAM_FAILED( cond ) \
mbedtls_param_failed( cond, __FILE__, __LINE__ ) mbedtls_param_failed( #cond, __FILE__, __LINE__ )
/** /**
* \brief User supplied callback function for parameter validation failure. * \brief User supplied callback function for parameter validation failure.
@ -66,15 +66,19 @@ extern "C" {
* application software using Mbed TLS, or catch other runtime * application software using Mbed TLS, or catch other runtime
* errors which may be due to issues in the application software. * errors which may be due to issues in the application software.
* *
* This function will be called unless an alternative function is * This function will be called unless an alternative treatement
* defined through the MBEDTLS_PARAM_FAILURE function. * is defined through the MBEDTLS_PARAM_FAILURE() macro.
* *
* This function can return, and the operation will be aborted, or * This function can return, and the operation will be aborted, or
* alternatively, through use of setjmp()/longjmp() can resume * alternatively, through use of setjmp()/longjmp() can resume
* execution in the application code. * execution in the application code.
*
* \param failure_condition The assertion that didn't hold.
* \param file The file where the assertion failed.
* \param line The line in the file where the assertion failed.
*/ */
void mbedtls_param_failed( const char* failure_condition, void mbedtls_param_failed( const char *failure_condition,
const char* file, const char *file,
int line ); int line );
#endif /* MBEDTLS_PARAM_FAILED */ #endif /* MBEDTLS_PARAM_FAILED */
#endif /* MBEDTLS_CHECK_PARAMS */ #endif /* MBEDTLS_CHECK_PARAMS */