VALIDATE_PARAMETERS macro

Jeffrey Walton noloader at gmail.com
Thu Nov 25 08:35:41 CET 2010


Hi All,

I'd like to introduce a VALIDATE_PARAMETERS macro. The macro would
guard full parameter validation in library functions.

I think full parameter validation would greatly enhance the robustness
of the library by hardening the library from user land errors and
mis-use. For those who are interested in performance ("the user needs
to RTFM" philosophy), the macro can remain undefined to retain
existing behavior.

In addition, the asserts (or gnutls_assert) will aide in finding the
point of first failure quickly, which frees developers up to do other
things. (VALIDATE_PARAMETERS and asserts are tightly coupled in
well-instrumented code). A proper assert strategy would include:
Release, off; Debug, on; and Test, off.

Below is a sample of existing and augmented code.

Could anyone help with comments?

Jeff

==========
int
gnutls_dh_params_import_raw (gnutls_dh_params_t dh_params,
			     const gnutls_datum_t * prime,
			     const gnutls_datum_t * generator)
{
  bigint_t tmp_prime, tmp_g;
  size_t size;

  size = prime->size;
  if (_gnutls_mpi_scan_nz (&tmp_prime, prime->data, size))
    {
      gnutls_assert ();
      return GNUTLS_E_MPI_SCAN_FAILED;
    }

  size = generator->size;
  if (_gnutls_mpi_scan_nz (&tmp_g, generator->data, size))
    {
      _gnutls_mpi_release (&tmp_prime);
      gnutls_assert ();
      return GNUTLS_E_MPI_SCAN_FAILED;
    }

  /* store the generated values
   */
  dh_params->params[0] = tmp_prime;
  dh_params->params[1] = tmp_g;

  return 0;
}
==========
int
gnutls_dh_params_import_raw (gnutls_dh_params_t dh_params,
			     const gnutls_datum_t * prime,
			     const gnutls_datum_t * generator)
{
  bigint_t tmp_prime, tmp_g;
  size_t size;

#if defined VALIDATE_PARAMETERS
  if (dh_params == NULL || dh_params->params[0] == NULL
      || dh_params->params[1] == NULL)
    {
      gnutls_assert ();
      return GNUTLS_E_INVALID_REQUEST;
    }

  if (prime == NULL || generator == NULL)
    {
      gnutls_assert ();
      return GNUTLS_E_INVALID_REQUEST;
    }

  if (prime->data == NULL || prime->size < 6
      || generator->data == NULL || generator->size < 6)
    {
      gnutls_assert ();
      return GNUTLS_E_INVALID_REQUEST;
    }
#endif /* VALIDATE_PARAMETERS */

  size = prime->size;
  if (_gnutls_mpi_scan_nz (&tmp_prime, prime->data, size))
    {
      gnutls_assert ();
      return GNUTLS_E_MPI_SCAN_FAILED;
    }

  size = generator->size;
  if (_gnutls_mpi_scan_nz (&tmp_g, generator->data, size))
    {
      _gnutls_mpi_release (&tmp_prime);
      gnutls_assert ();
      return GNUTLS_E_MPI_SCAN_FAILED;
    }

  /* store the generated values
   */
  dh_params->params[0] = tmp_prime;
  dh_params->params[1] = tmp_g;

  return 0;
}




More information about the Gnutls-devel mailing list