Add constant-flow testing for PKCS7 padding
Signed-off-by: David Horstmann <david.horstmann@arm.com>
diff --git a/library/cipher.c b/library/cipher.c
index 7f4c121..5e14e1e 100644
--- a/library/cipher.c
+++ b/library/cipher.c
@@ -14,6 +14,7 @@
#if defined(MBEDTLS_CIPHER_C)
#include "mbedtls/cipher.h"
+#include "cipher_invasive.h"
#include "cipher_wrap.h"
#include "mbedtls/platform_util.h"
#include "mbedtls/error.h"
@@ -838,8 +839,9 @@
}
}
-static int get_pkcs_padding(unsigned char *input, size_t input_len,
- size_t *data_len)
+MBEDTLS_STATIC_TESTABLE int get_pkcs_padding(unsigned char *input,
+ size_t input_len,
+ size_t *data_len)
{
size_t i, pad_idx;
unsigned char padding_len;
diff --git a/library/cipher_invasive.h b/library/cipher_invasive.h
new file mode 100644
index 0000000..2dbd1d2
--- /dev/null
+++ b/library/cipher_invasive.h
@@ -0,0 +1,27 @@
+/**
+ * \file cipher_invasive.h
+ *
+ * \brief Cipher module: interfaces for invasive testing only.
+ *
+ * The interfaces in this file are intended for testing purposes only.
+ * They SHOULD NOT be made available in library integrations except when
+ * building the library for testing.
+ */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+#ifndef MBEDTLS_CIPHER_INVASIVE_H
+#define MBEDTLS_CIPHER_INVASIVE_H
+
+#include "common.h"
+
+#if defined(MBEDTLS_TEST_HOOKS) && defined(MBEDTLS_CIPHER_C)
+
+MBEDTLS_STATIC_TESTABLE int get_pkcs_padding(unsigned char *input,
+ size_t input_len,
+ size_t *data_len);
+
+#endif
+
+#endif /* MBEDTLS_CIPHER_INVASIVE_H */