diff options
author | Gilles Peskine <gilles.peskine@arm.com> | 2020-06-02 16:55:48 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-06-02 16:55:48 +0200 |
commit | d6916d74c5801dd2583d679d05667a41b1107af3 (patch) | |
tree | 243fb8f32d9ac27beef972335502579de14fda90 /include | |
parent | 73b394290ac1abb1f0abbd692c6596a0245d8644 (diff) | |
parent | 24ba42cef776324d82877e1fd1abec2c85153a26 (diff) | |
download | mbedtls-d6916d74c5801dd2583d679d05667a41b1107af3.zip mbedtls-d6916d74c5801dd2583d679d05667a41b1107af3.tar.gz mbedtls-d6916d74c5801dd2583d679d05667a41b1107af3.tar.bz2 |
Merge pull request #3121 from gilles-peskine-arm/invasive_testing_strategy-crypto
Invasive testing strategy
Create a new header `common.h`.
Introduce a configuration option `MBEDTLS_TEST_HOOKS` for test-specific code, to be used in accordance with the invasive testing strategy.
Diffstat (limited to 'include')
-rw-r--r-- | include/mbedtls/config.h | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 901e26d..de7c664 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -1866,6 +1866,26 @@ //#define MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH /** + * \def MBEDTLS_TEST_HOOKS + * + * Enable features for invasive testing such as introspection functions and + * hooks for fault injection. This enables additional unit tests. + * + * Merely enabling this feature should not change the behavior of the product. + * It only adds new code, and new branching points where the default behavior + * is the same as when this feature is disabled. + * However, this feature increases the attack surface: there is an added + * risk of vulnerabilities, and more gadgets that can make exploits easier. + * Therefore this feature must never be enabled in production. + * + * See `docs/architecture/testing/mbed-crypto-invasive-testing.md` for more + * information. + * + * Uncomment to enable invasive tests. + */ +//#define MBEDTLS_TEST_HOOKS + +/** * \def MBEDTLS_THREADING_ALT * * Provide your own alternate threading implementation. |