diff --git a/library/common.h b/library/common.h index a2c8a1e726..9e4b0312b1 100644 --- a/library/common.h +++ b/library/common.h @@ -46,6 +46,19 @@ #define MBEDTLS_STATIC_TESTABLE static #endif +#if defined(MBEDTLS_TEST_HOOKS) +extern void (*mbedtls_test_hook_test_fail)( const char * test, int line, const char * file ); +#define MBEDTLS_TEST_HOOK_TEST_ASSERT( TEST ) \ + do { \ + if( ( ! ( TEST ) ) && ( ( *mbedtls_test_hook_test_fail ) != NULL ) ) \ + { \ + ( *mbedtls_test_hook_test_fail )( #TEST, __LINE__, __FILE__ ); \ + } \ + } while( 0 ) +#else +#define MBEDTLS_TEST_HOOK_TEST_ASSERT( TEST ) +#endif /* defined(MBEDTLS_TEST_HOOKS) */ + /** Allow library to access its structs' private members. * * Although structs defined in header files are publicly available, diff --git a/library/platform_util.c b/library/platform_util.c index 4e97e4d1b8..3d5cb5baa4 100644 --- a/library/platform_util.c +++ b/library/platform_util.c @@ -131,3 +131,8 @@ struct tm *mbedtls_platform_gmtime_r( const mbedtls_time_t *tt, #endif /* _WIN32 && !EFIX64 && !EFI32 */ } #endif /* MBEDTLS_HAVE_TIME_DATE && MBEDTLS_PLATFORM_GMTIME_R_ALT */ + +#if defined(MBEDTLS_TEST_HOOKS) +void (*mbedtls_test_hook_test_fail)( const char *, int, const char *); +#endif /* MBEDTLS_TEST_HOOKS */ + diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 6e73d12c68..3574b9842a 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1000,8 +1000,17 @@ psa_status_t psa_wipe_key_slot( psa_key_slot_t *slot ) { psa_status_t status = psa_remove_key_data_from_memory( slot ); + /* + * As the return error code may not be handled in case of multiple errors, + * do our best to report an unexpected lock counter. Assert with + * MBEDTLS_TEST_HOOK_TEST_ASSERT that the lock counter is equal to one: + * if the MBEDTLS_TEST_HOOKS configuration option is enabled and the + * function is called as part of the execution of a test suite, the + * execution of the test suite is stopped in error if the assertion fails. + */ if( slot->lock_count != 1 ) { + MBEDTLS_TEST_HOOK_TEST_ASSERT( slot->lock_count == 1 ); status = PSA_ERROR_CORRUPTION_DETECTED; } diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c index 4131e3cc47..a5c43b1b2c 100644 --- a/library/psa_crypto_slot_management.c +++ b/library/psa_crypto_slot_management.c @@ -412,6 +412,15 @@ psa_status_t psa_unlock_key_slot( psa_key_slot_t *slot ) return( PSA_SUCCESS ); } + /* + * As the return error code may not be handled in case of multiple errors, + * do our best to report if the lock counter is equal to zero. Assert with + * MBEDTLS_TEST_HOOK_TEST_ASSERT that the lock counter is strictly greater + * than zero: if the MBEDTLS_TEST_HOOKS configuration option is enabled and + * the function is called as part of the execution of a test suite, the + * execution of the test suite is stopped in error if the assertion fails. + */ + MBEDTLS_TEST_HOOK_TEST_ASSERT( slot->lock_count > 0 ); return( PSA_ERROR_CORRUPTION_DETECTED ); } diff --git a/tests/suites/main_test.function b/tests/suites/main_test.function index 52b586eaad..e016865348 100644 --- a/tests/suites/main_test.function +++ b/tests/suites/main_test.function @@ -237,8 +237,12 @@ $platform_code */ int main( int argc, const char *argv[] ) { -#if defined(MBEDTLS_TEST_HOOKS) && defined (MBEDTLS_ERROR_C) +#if defined(MBEDTLS_TEST_HOOKS) + extern void (*mbedtls_test_hook_test_fail)( const char * test, int line, const char * file ); + mbedtls_test_hook_test_fail = &mbedtls_test_fail; +#if defined(MBEDTLS_ERROR_C) mbedtls_test_hook_error_add = &mbedtls_test_err_add_check; +#endif #endif int ret = mbedtls_test_platform_setup();