[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
VALIDATE_PARAMETERS macro
From: |
Jeffrey Walton |
Subject: |
VALIDATE_PARAMETERS macro |
Date: |
Thu, 25 Nov 2010 02:35:41 -0500 |
Hi All,
I'd like to introduce a VALIDATE_PARAMETERS macro. The macro would
guard full parameter validation in library functions.
I think full parameter validation would greatly enhance the robustness
of the library by hardening the library from user land errors and
mis-use. For those who are interested in performance ("the user needs
to RTFM" philosophy), the macro can remain undefined to retain
existing behavior.
In addition, the asserts (or gnutls_assert) will aide in finding the
point of first failure quickly, which frees developers up to do other
things. (VALIDATE_PARAMETERS and asserts are tightly coupled in
well-instrumented code). A proper assert strategy would include:
Release, off; Debug, on; and Test, off.
Below is a sample of existing and augmented code.
Could anyone help with comments?
Jeff
==========
int
gnutls_dh_params_import_raw (gnutls_dh_params_t dh_params,
const gnutls_datum_t * prime,
const gnutls_datum_t * generator)
{
bigint_t tmp_prime, tmp_g;
size_t size;
size = prime->size;
if (_gnutls_mpi_scan_nz (&tmp_prime, prime->data, size))
{
gnutls_assert ();
return GNUTLS_E_MPI_SCAN_FAILED;
}
size = generator->size;
if (_gnutls_mpi_scan_nz (&tmp_g, generator->data, size))
{
_gnutls_mpi_release (&tmp_prime);
gnutls_assert ();
return GNUTLS_E_MPI_SCAN_FAILED;
}
/* store the generated values
*/
dh_params->params[0] = tmp_prime;
dh_params->params[1] = tmp_g;
return 0;
}
==========
int
gnutls_dh_params_import_raw (gnutls_dh_params_t dh_params,
const gnutls_datum_t * prime,
const gnutls_datum_t * generator)
{
bigint_t tmp_prime, tmp_g;
size_t size;
#if defined VALIDATE_PARAMETERS
if (dh_params == NULL || dh_params->params[0] == NULL
|| dh_params->params[1] == NULL)
{
gnutls_assert ();
return GNUTLS_E_INVALID_REQUEST;
}
if (prime == NULL || generator == NULL)
{
gnutls_assert ();
return GNUTLS_E_INVALID_REQUEST;
}
if (prime->data == NULL || prime->size < 6
|| generator->data == NULL || generator->size < 6)
{
gnutls_assert ();
return GNUTLS_E_INVALID_REQUEST;
}
#endif /* VALIDATE_PARAMETERS */
size = prime->size;
if (_gnutls_mpi_scan_nz (&tmp_prime, prime->data, size))
{
gnutls_assert ();
return GNUTLS_E_MPI_SCAN_FAILED;
}
size = generator->size;
if (_gnutls_mpi_scan_nz (&tmp_g, generator->data, size))
{
_gnutls_mpi_release (&tmp_prime);
gnutls_assert ();
return GNUTLS_E_MPI_SCAN_FAILED;
}
/* store the generated values
*/
dh_params->params[0] = tmp_prime;
dh_params->params[1] = tmp_g;
return 0;
}
- VALIDATE_PARAMETERS macro,
Jeffrey Walton <=