TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls.git / d5c82fb821d88fa23841ce3f03759ab41c67fa92^1..d5c82fb821d88fa23841ce3f03759ab41c67fa92 / .
commitd5c82fb821d88fa23841ce3f03759ab41c67fa92[log] [tgz]
authorManuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>Thu Sep 22 09:10:13 2022 +0200
committerGitHub <noreply@github.com>Thu Sep 22 09:10:13 2022 +0200
treeb7ab653d6bb1503d58328bfe70116dda4956b1d2
parente5833c182cd05b15fe3450bc792abfe34e7e52dd [diff]
parentd5ebedffd0f926629f542ad75c173385b1d37ebc [diff]
Merge pull request #6085 from Zaya-dyno/validation_remove_change_cipher

Validation remove and change in files related to cipher in library
diff --git a/library/aes.c b/library/aes.c
index ca94e0a..03eccef 100644
--- a/library/aes.c
+++ b/library/aes.c

@@ -51,12 +51,6 @@
 
 #if !defined(MBEDTLS_AES_ALT)
 
-/* Parameter validation macros based on platform_util.h */
-#define AES_VALIDATE_RET( cond )    \
-    MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_AES_BAD_INPUT_DATA )
-#define AES_VALIDATE( cond )        \
-    MBEDTLS_INTERNAL_VALIDATE( cond )
-
 #if defined(MBEDTLS_PADLOCK_C) &&                      \
     ( defined(MBEDTLS_HAVE_X86) || defined(MBEDTLS_PADLOCK_ALIGN16) )
 static int aes_padlock_ace = -1;
@@ -489,8 +483,6 @@
 
 void mbedtls_aes_init( mbedtls_aes_context *ctx )
 {
-    AES_VALIDATE( ctx != NULL );
-
     memset( ctx, 0, sizeof( mbedtls_aes_context ) );
 }
 
@@ -505,8 +497,6 @@
 #if defined(MBEDTLS_CIPHER_MODE_XTS)
 void mbedtls_aes_xts_init( mbedtls_aes_xts_context *ctx )
 {
-    AES_VALIDATE( ctx != NULL );
-
     mbedtls_aes_init( &ctx->crypt );
     mbedtls_aes_init( &ctx->tweak );
 }
@@ -531,9 +521,6 @@
     unsigned int i;
     uint32_t *RK;
 
-    AES_VALIDATE_RET( ctx != NULL );
-    AES_VALIDATE_RET( key != NULL );
-
     switch( keybits )
     {
         case 128: ctx->nr = 10; break;
@@ -649,9 +636,6 @@
     uint32_t *RK;
     uint32_t *SK;
 
-    AES_VALIDATE_RET( ctx != NULL );
-    AES_VALIDATE_RET( key != NULL );
-
     mbedtls_aes_init( &cty );
 
     ctx->rk_offset = 0;
@@ -743,9 +727,6 @@
     const unsigned char *key1, *key2;
     unsigned int key1bits, key2bits;
 
-    AES_VALIDATE_RET( ctx != NULL );
-    AES_VALIDATE_RET( key != NULL );
-
     ret = mbedtls_aes_xts_decode_keys( key, keybits, &key1, &key1bits,
                                        &key2, &key2bits );
     if( ret != 0 )
@@ -768,9 +749,6 @@
     const unsigned char *key1, *key2;
     unsigned int key1bits, key2bits;
 
-    AES_VALIDATE_RET( ctx != NULL );
-    AES_VALIDATE_RET( key != NULL );
-
     ret = mbedtls_aes_xts_decode_keys( key, keybits, &key1, &key1bits,
                                        &key2, &key2bits );
     if( ret != 0 )
@@ -970,11 +948,8 @@
                            const unsigned char input[16],
                            unsigned char output[16] )
 {
-    AES_VALIDATE_RET( ctx != NULL );
-    AES_VALIDATE_RET( input != NULL );
-    AES_VALIDATE_RET( output != NULL );
-    AES_VALIDATE_RET( mode == MBEDTLS_AES_ENCRYPT ||
-                      mode == MBEDTLS_AES_DECRYPT );
+    if( mode != MBEDTLS_AES_ENCRYPT && mode != MBEDTLS_AES_DECRYPT )
+        return MBEDTLS_ERR_AES_BAD_INPUT_DATA;
 
 #if defined(MBEDTLS_AESNI_C) && defined(MBEDTLS_HAVE_X86_64)
     if( mbedtls_aesni_has_support( MBEDTLS_AESNI_AES ) )
@@ -1014,12 +989,8 @@
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     unsigned char temp[16];
 
-    AES_VALIDATE_RET( ctx != NULL );
-    AES_VALIDATE_RET( mode == MBEDTLS_AES_ENCRYPT ||
-                      mode == MBEDTLS_AES_DECRYPT );
-    AES_VALIDATE_RET( iv != NULL );
-    AES_VALIDATE_RET( input != NULL );
-    AES_VALIDATE_RET( output != NULL );
+    if( mode != MBEDTLS_AES_ENCRYPT && mode != MBEDTLS_AES_DECRYPT )
+        return MBEDTLS_ERR_AES_BAD_INPUT_DATA;
 
     if( length % 16 )
         return( MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH );
@@ -1123,12 +1094,8 @@
     unsigned char prev_tweak[16];
     unsigned char tmp[16];
 
-    AES_VALIDATE_RET( ctx != NULL );
-    AES_VALIDATE_RET( mode == MBEDTLS_AES_ENCRYPT ||
-                      mode == MBEDTLS_AES_DECRYPT );
-    AES_VALIDATE_RET( data_unit != NULL );
-    AES_VALIDATE_RET( input != NULL );
-    AES_VALIDATE_RET( output != NULL );
+    if( mode != MBEDTLS_AES_ENCRYPT && mode != MBEDTLS_AES_DECRYPT )
+        return MBEDTLS_ERR_AES_BAD_INPUT_DATA;
 
     /* Data units must be at least 16 bytes long. */
     if( length < 16 )
@@ -1232,13 +1199,8 @@
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t n;
 
-    AES_VALIDATE_RET( ctx != NULL );
-    AES_VALIDATE_RET( mode == MBEDTLS_AES_ENCRYPT ||
-                      mode == MBEDTLS_AES_DECRYPT );
-    AES_VALIDATE_RET( iv_off != NULL );
-    AES_VALIDATE_RET( iv != NULL );
-    AES_VALIDATE_RET( input != NULL );
-    AES_VALIDATE_RET( output != NULL );
+    if( mode != MBEDTLS_AES_ENCRYPT && mode != MBEDTLS_AES_DECRYPT )
+        return MBEDTLS_ERR_AES_BAD_INPUT_DATA;
 
     n = *iv_off;
 
@@ -1301,12 +1263,8 @@
     unsigned char c;
     unsigned char ov[17];
 
-    AES_VALIDATE_RET( ctx != NULL );
-    AES_VALIDATE_RET( mode == MBEDTLS_AES_ENCRYPT ||
-                      mode == MBEDTLS_AES_DECRYPT );
-    AES_VALIDATE_RET( iv != NULL );
-    AES_VALIDATE_RET( input != NULL );
-    AES_VALIDATE_RET( output != NULL );
+    if( mode != MBEDTLS_AES_ENCRYPT && mode != MBEDTLS_AES_DECRYPT )
+        return MBEDTLS_ERR_AES_BAD_INPUT_DATA;
     while( length-- )
     {
         memcpy( ov, iv, 16 );
@@ -1345,12 +1303,6 @@
     int ret = 0;
     size_t n;
 
-    AES_VALIDATE_RET( ctx != NULL );
-    AES_VALIDATE_RET( iv_off != NULL );
-    AES_VALIDATE_RET( iv != NULL );
-    AES_VALIDATE_RET( input != NULL );
-    AES_VALIDATE_RET( output != NULL );
-
     n = *iv_off;
 
     if( n > 15 )
@@ -1392,13 +1344,6 @@
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t n;
 
-    AES_VALIDATE_RET( ctx != NULL );
-    AES_VALIDATE_RET( nc_off != NULL );
-    AES_VALIDATE_RET( nonce_counter != NULL );
-    AES_VALIDATE_RET( stream_block != NULL );
-    AES_VALIDATE_RET( input != NULL );
-    AES_VALIDATE_RET( output != NULL );
-
     n = *nc_off;
 
     if ( n > 0x0F )

diff --git a/library/camellia.c b/library/camellia.c
index 29d730a..c29e6c1 100644
--- a/library/camellia.c
+++ b/library/camellia.c

@@ -43,12 +43,6 @@
 
 #if !defined(MBEDTLS_CAMELLIA_ALT)
 
-/* Parameter validation macros */
-#define CAMELLIA_VALIDATE_RET( cond )                                       \
-    MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA )
-#define CAMELLIA_VALIDATE( cond )                                           \
-    MBEDTLS_INTERNAL_VALIDATE( cond )
-
 static const unsigned char SIGMA_CHARS[6][8] =
 {
     { 0xa0, 0x9e, 0x66, 0x7f, 0x3b, 0xcc, 0x90, 0x8b },
@@ -298,7 +292,6 @@
 
 void mbedtls_camellia_init( mbedtls_camellia_context *ctx )
 {
-    CAMELLIA_VALIDATE( ctx != NULL );
     memset( ctx, 0, sizeof( mbedtls_camellia_context ) );
 }
 
@@ -325,9 +318,6 @@
     uint32_t KC[16];
     uint32_t TK[20];
 
-    CAMELLIA_VALIDATE_RET( ctx != NULL );
-    CAMELLIA_VALIDATE_RET( key != NULL );
-
     RK = ctx->rk;
 
     memset( t, 0, 64 );
@@ -431,8 +421,6 @@
     mbedtls_camellia_context cty;
     uint32_t *RK;
     uint32_t *SK;
-    CAMELLIA_VALIDATE_RET( ctx != NULL );
-    CAMELLIA_VALIDATE_RET( key != NULL );
 
     mbedtls_camellia_init( &cty );
 
@@ -480,11 +468,8 @@
 {
     int NR;
     uint32_t *RK, X[4];
-    CAMELLIA_VALIDATE_RET( ctx != NULL );
-    CAMELLIA_VALIDATE_RET( mode == MBEDTLS_CAMELLIA_ENCRYPT ||
-                           mode == MBEDTLS_CAMELLIA_DECRYPT );
-    CAMELLIA_VALIDATE_RET( input  != NULL );
-    CAMELLIA_VALIDATE_RET( output != NULL );
+    if( mode != MBEDTLS_CAMELLIA_ENCRYPT && mode != MBEDTLS_CAMELLIA_DECRYPT )
+        return MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA;
 
     ( (void) mode );
 
@@ -550,12 +535,8 @@
 {
     int i;
     unsigned char temp[16];
-    CAMELLIA_VALIDATE_RET( ctx != NULL );
-    CAMELLIA_VALIDATE_RET( mode == MBEDTLS_CAMELLIA_ENCRYPT ||
-                           mode == MBEDTLS_CAMELLIA_DECRYPT );
-    CAMELLIA_VALIDATE_RET( iv != NULL );
-    CAMELLIA_VALIDATE_RET( length == 0 || input  != NULL );
-    CAMELLIA_VALIDATE_RET( length == 0 || output != NULL );
+    if( mode != MBEDTLS_CAMELLIA_ENCRYPT && mode != MBEDTLS_CAMELLIA_DECRYPT )
+        return MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA;
 
     if( length % 16 )
         return( MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH );
@@ -611,13 +592,8 @@
 {
     int c;
     size_t n;
-    CAMELLIA_VALIDATE_RET( ctx != NULL );
-    CAMELLIA_VALIDATE_RET( mode == MBEDTLS_CAMELLIA_ENCRYPT ||
-                           mode == MBEDTLS_CAMELLIA_DECRYPT );
-    CAMELLIA_VALIDATE_RET( iv     != NULL );
-    CAMELLIA_VALIDATE_RET( iv_off != NULL );
-    CAMELLIA_VALIDATE_RET( length == 0 || input  != NULL );
-    CAMELLIA_VALIDATE_RET( length == 0 || output != NULL );
+    if( mode != MBEDTLS_CAMELLIA_ENCRYPT && mode != MBEDTLS_CAMELLIA_DECRYPT )
+        return MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA;
 
     n = *iv_off;
     if( n >= 16 )
@@ -670,12 +646,6 @@
 {
     int c, i;
     size_t n;
-    CAMELLIA_VALIDATE_RET( ctx != NULL );
-    CAMELLIA_VALIDATE_RET( nonce_counter != NULL );
-    CAMELLIA_VALIDATE_RET( stream_block  != NULL );
-    CAMELLIA_VALIDATE_RET( nc_off != NULL );
-    CAMELLIA_VALIDATE_RET( length == 0 || input  != NULL );
-    CAMELLIA_VALIDATE_RET( length == 0 || output != NULL );
 
     n = *nc_off;
     if( n >= 16 )

diff --git a/library/chacha20.c b/library/chacha20.c
index 658f046..f6d6e25 100644
--- a/library/chacha20.c
+++ b/library/chacha20.c

@@ -48,12 +48,6 @@
 #define inline __inline
 #endif
 
-/* Parameter validation macros */
-#define CHACHA20_VALIDATE_RET( cond )                                       \
-    MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA )
-#define CHACHA20_VALIDATE( cond )                                           \
-    MBEDTLS_INTERNAL_VALIDATE( cond )
-
 #define ROTL32( value, amount ) \
     ( (uint32_t) ( (value) << (amount) ) | ( (value) >> ( 32 - (amount) ) ) )
 
@@ -172,8 +166,6 @@
 
 void mbedtls_chacha20_init( mbedtls_chacha20_context *ctx )
 {
-    CHACHA20_VALIDATE( ctx != NULL );
-
     mbedtls_platform_zeroize( ctx->state, sizeof( ctx->state ) );
     mbedtls_platform_zeroize( ctx->keystream8, sizeof( ctx->keystream8 ) );
 
@@ -192,9 +184,6 @@
 int mbedtls_chacha20_setkey( mbedtls_chacha20_context *ctx,
                             const unsigned char key[32] )
 {
-    CHACHA20_VALIDATE_RET( ctx != NULL );
-    CHACHA20_VALIDATE_RET( key != NULL );
-
     /* ChaCha20 constants - the string "expand 32-byte k" */
     ctx->state[0] = 0x61707865;
     ctx->state[1] = 0x3320646e;
@@ -218,9 +207,6 @@
                              const unsigned char nonce[12],
                              uint32_t counter )
 {
-    CHACHA20_VALIDATE_RET( ctx != NULL );
-    CHACHA20_VALIDATE_RET( nonce != NULL );
-
     /* Counter */
     ctx->state[12] = counter;
 
@@ -245,10 +231,6 @@
     size_t offset = 0U;
     size_t i;
 
-    CHACHA20_VALIDATE_RET( ctx != NULL );
-    CHACHA20_VALIDATE_RET( size == 0 || input  != NULL );
-    CHACHA20_VALIDATE_RET( size == 0 || output != NULL );
-
     /* Use leftover keystream bytes, if available */
     while( size > 0U && ctx->keystream_bytes_used < CHACHA20_BLOCK_SIZE_BYTES )
     {
@@ -312,11 +294,6 @@
     mbedtls_chacha20_context ctx;
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
-    CHACHA20_VALIDATE_RET( key != NULL );
-    CHACHA20_VALIDATE_RET( nonce != NULL );
-    CHACHA20_VALIDATE_RET( data_len == 0 || input  != NULL );
-    CHACHA20_VALIDATE_RET( data_len == 0 || output != NULL );
-
     mbedtls_chacha20_init( &ctx );
 
     ret = mbedtls_chacha20_setkey( &ctx, key );

diff --git a/library/cipher.c b/library/cipher.c
index 0bac4ee..752d1fe 100644
--- a/library/cipher.c
+++ b/library/cipher.c

@@ -70,11 +70,6 @@
 #define mbedtls_free   free
 #endif
 
-#define CIPHER_VALIDATE_RET( cond )    \
-    MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA )
-#define CIPHER_VALIDATE( cond )        \
-    MBEDTLS_INTERNAL_VALIDATE( cond )
-
 static int supported_init = 0;
 
 const int *mbedtls_cipher_list( void )
@@ -143,7 +138,6 @@
 
 void mbedtls_cipher_init( mbedtls_cipher_context_t *ctx )
 {
-    CIPHER_VALIDATE( ctx != NULL );
     memset( ctx, 0, sizeof( mbedtls_cipher_context_t ) );
 }
 
@@ -193,7 +187,6 @@
 int mbedtls_cipher_setup( mbedtls_cipher_context_t *ctx,
                           const mbedtls_cipher_info_t *cipher_info )
 {
-    CIPHER_VALIDATE_RET( ctx != NULL );
     if( cipher_info == NULL )
         return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
 
@@ -257,10 +250,8 @@
                            int key_bitlen,
                            const mbedtls_operation_t operation )
 {
-    CIPHER_VALIDATE_RET( ctx != NULL );
-    CIPHER_VALIDATE_RET( key != NULL );
-    CIPHER_VALIDATE_RET( operation == MBEDTLS_ENCRYPT ||
-                         operation == MBEDTLS_DECRYPT );
+    if( operation != MBEDTLS_ENCRYPT && operation != MBEDTLS_DECRYPT )
+        return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
     if( ctx->cipher_info == NULL )
         return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
 
@@ -356,8 +347,6 @@
 {
     size_t actual_iv_size;
 
-    CIPHER_VALIDATE_RET( ctx != NULL );
-    CIPHER_VALIDATE_RET( iv_len == 0 || iv != NULL );
     if( ctx->cipher_info == NULL )
         return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
@@ -453,7 +442,6 @@
 
 int mbedtls_cipher_reset( mbedtls_cipher_context_t *ctx )
 {
-    CIPHER_VALIDATE_RET( ctx != NULL );
     if( ctx->cipher_info == NULL )
         return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
 
@@ -475,8 +463,6 @@
 int mbedtls_cipher_update_ad( mbedtls_cipher_context_t *ctx,
                       const unsigned char *ad, size_t ad_len )
 {
-    CIPHER_VALIDATE_RET( ctx != NULL );
-    CIPHER_VALIDATE_RET( ad_len == 0 || ad != NULL );
     if( ctx->cipher_info == NULL )
         return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
 
@@ -529,10 +515,6 @@
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t block_size;
 
-    CIPHER_VALIDATE_RET( ctx != NULL );
-    CIPHER_VALIDATE_RET( ilen == 0 || input != NULL );
-    CIPHER_VALIDATE_RET( output != NULL );
-    CIPHER_VALIDATE_RET( olen != NULL );
     if( ctx->cipher_info == NULL )
         return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
 
@@ -952,9 +934,6 @@
 int mbedtls_cipher_finish( mbedtls_cipher_context_t *ctx,
                    unsigned char *output, size_t *olen )
 {
-    CIPHER_VALIDATE_RET( ctx != NULL );
-    CIPHER_VALIDATE_RET( output != NULL );
-    CIPHER_VALIDATE_RET( olen != NULL );
     if( ctx->cipher_info == NULL )
         return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
 
@@ -1054,8 +1033,6 @@
 int mbedtls_cipher_set_padding_mode( mbedtls_cipher_context_t *ctx,
                                      mbedtls_cipher_padding_t mode )
 {
-    CIPHER_VALIDATE_RET( ctx != NULL );
-
     if( NULL == ctx->cipher_info || MBEDTLS_MODE_CBC != ctx->cipher_info->mode )
     {
         return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
@@ -1117,8 +1094,6 @@
 int mbedtls_cipher_write_tag( mbedtls_cipher_context_t *ctx,
                       unsigned char *tag, size_t tag_len )
 {
-    CIPHER_VALIDATE_RET( ctx != NULL );
-    CIPHER_VALIDATE_RET( tag_len == 0 || tag != NULL );
     if( ctx->cipher_info == NULL )
         return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
 
@@ -1168,8 +1143,6 @@
     unsigned char check_tag[16];
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
-    CIPHER_VALIDATE_RET( ctx != NULL );
-    CIPHER_VALIDATE_RET( tag_len == 0 || tag != NULL );
     if( ctx->cipher_info == NULL )
         return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
 
@@ -1261,12 +1234,6 @@
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t finish_olen;
 
-    CIPHER_VALIDATE_RET( ctx != NULL );
-    CIPHER_VALIDATE_RET( iv_len == 0 || iv != NULL );
-    CIPHER_VALIDATE_RET( ilen == 0 || input != NULL );
-    CIPHER_VALIDATE_RET( output != NULL );
-    CIPHER_VALIDATE_RET( olen != NULL );
-
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
     if( ctx->psa_enabled == 1 )
     {
@@ -1542,13 +1509,6 @@
                          unsigned char *output, size_t output_len,
                          size_t *olen, size_t tag_len )
 {
-    CIPHER_VALIDATE_RET( ctx != NULL );
-    CIPHER_VALIDATE_RET( iv_len == 0 || iv != NULL );
-    CIPHER_VALIDATE_RET( ad_len == 0 || ad != NULL );
-    CIPHER_VALIDATE_RET( ilen == 0 || input != NULL );
-    CIPHER_VALIDATE_RET( output != NULL );
-    CIPHER_VALIDATE_RET( olen != NULL );
-
 #if defined(MBEDTLS_NIST_KW_C)
     if(
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
@@ -1598,13 +1558,6 @@
                          unsigned char *output, size_t output_len,
                          size_t *olen, size_t tag_len )
 {
-    CIPHER_VALIDATE_RET( ctx != NULL );
-    CIPHER_VALIDATE_RET( iv_len == 0 || iv != NULL );
-    CIPHER_VALIDATE_RET( ad_len == 0 || ad != NULL );
-    CIPHER_VALIDATE_RET( ilen == 0 || input != NULL );
-    CIPHER_VALIDATE_RET( output_len == 0 || output != NULL );
-    CIPHER_VALIDATE_RET( olen != NULL );
-
 #if defined(MBEDTLS_NIST_KW_C)
     if(
 #if defined(MBEDTLS_USE_PSA_CRYPTO)

diff --git a/library/gcm.c b/library/gcm.c
index 6d07f87..ac329e3 100644
--- a/library/gcm.c
+++ b/library/gcm.c

@@ -52,18 +52,11 @@
 
 #if !defined(MBEDTLS_GCM_ALT)
 
-/* Parameter validation macros */
-#define GCM_VALIDATE_RET( cond ) \
-    MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_GCM_BAD_INPUT )
-#define GCM_VALIDATE( cond ) \
-    MBEDTLS_INTERNAL_VALIDATE( cond )
-
 /*
  * Initialize a context
  */
 void mbedtls_gcm_init( mbedtls_gcm_context *ctx )
 {
-    GCM_VALIDATE( ctx != NULL );
     memset( ctx, 0, sizeof( mbedtls_gcm_context ) );
 }
 
@@ -143,9 +136,8 @@
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     const mbedtls_cipher_info_t *cipher_info;
 
-    GCM_VALIDATE_RET( ctx != NULL );
-    GCM_VALIDATE_RET( key != NULL );
-    GCM_VALIDATE_RET( keybits == 128 || keybits == 192 || keybits == 256 );
+    if( keybits != 128 && keybits != 192 && keybits != 256 )
+        return MBEDTLS_ERR_GCM_BAD_INPUT;
 
     cipher_info = mbedtls_cipher_info_from_values( cipher, keybits,
                                                    MBEDTLS_MODE_ECB );
@@ -256,9 +248,6 @@
     size_t use_len, olen = 0;
     uint64_t iv_bits;
 
-    GCM_VALIDATE_RET( ctx != NULL );
-    GCM_VALIDATE_RET( iv != NULL );
-
     /* IV is limited to 2^64 bits, so 2^61 bytes */
     /* IV is not allowed to be zero length */
     if( iv_len == 0 || (uint64_t) iv_len >> 61 != 0 )
@@ -334,8 +323,6 @@
     const unsigned char *p;
     size_t use_len, i, offset;
 
-    GCM_VALIDATE_RET( add_len == 0 || add != NULL );
-
     /* IV is limited to 2^64 bits, so 2^61 bytes */
     if( (uint64_t) add_len >> 61 != 0 )
         return( MBEDTLS_ERR_GCM_BAD_INPUT );
@@ -434,7 +421,6 @@
 
     if( output_size < input_length )
         return( MBEDTLS_ERR_GCM_BUFFER_TOO_SMALL );
-    GCM_VALIDATE_RET( output_length != NULL );
     *output_length = input_length;
 
     /* Exit early if input_length==0 so that we don't do any pointer arithmetic
@@ -444,10 +430,6 @@
     if( input_length == 0 )
         return( 0 );
 
-    GCM_VALIDATE_RET( ctx != NULL );
-    GCM_VALIDATE_RET( input != NULL );
-    GCM_VALIDATE_RET( output != NULL );
-
     if( output > input && (size_t) ( output - input ) < input_length )
         return( MBEDTLS_ERR_GCM_BAD_INPUT );
 
@@ -519,9 +501,6 @@
     uint64_t orig_len;
     uint64_t orig_add_len;
 
-    GCM_VALIDATE_RET( ctx != NULL );
-    GCM_VALIDATE_RET( tag != NULL );
-
     /* We never pass any output in finish(). The output parameter exists only
      * for the sake of alternative implementations. */
     (void) output;
@@ -580,13 +559,6 @@
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t olen;
 
-    GCM_VALIDATE_RET( ctx != NULL );
-    GCM_VALIDATE_RET( iv != NULL );
-    GCM_VALIDATE_RET( add_len == 0 || add != NULL );
-    GCM_VALIDATE_RET( length == 0 || input != NULL );
-    GCM_VALIDATE_RET( length == 0 || output != NULL );
-    GCM_VALIDATE_RET( tag != NULL );
-
     if( ( ret = mbedtls_gcm_starts( ctx, mode, iv, iv_len ) ) != 0 )
         return( ret );
 
@@ -619,13 +591,6 @@
     size_t i;
     int diff;
 
-    GCM_VALIDATE_RET( ctx != NULL );
-    GCM_VALIDATE_RET( iv != NULL );
-    GCM_VALIDATE_RET( add_len == 0 || add != NULL );
-    GCM_VALIDATE_RET( tag != NULL );
-    GCM_VALIDATE_RET( length == 0 || input != NULL );
-    GCM_VALIDATE_RET( length == 0 || output != NULL );
-
     if( ( ret = mbedtls_gcm_crypt_and_tag( ctx, MBEDTLS_GCM_DECRYPT, length,
                                    iv, iv_len, add, add_len,
                                    input, output, tag_len, check_tag ) ) != 0 )

diff --git a/tests/suites/test_suite_aes.function b/tests/suites/test_suite_aes.function
index 5ab265a..10e53c2 100644
--- a/tests/suites/test_suite_aes.function
+++ b/tests/suites/test_suite_aes.function

@@ -358,7 +358,7 @@
 }
 /* END_CASE */
 
-/* BEGIN_CASE depends_on:NOT_DEFINED */
+/* BEGIN_CASE */
 void aes_invalid_mode( )
 {
     mbedtls_aes_context aes_ctx;

diff --git a/tests/suites/test_suite_camellia.function b/tests/suites/test_suite_camellia.function
index cc18d5b..3d318c8 100644
--- a/tests/suites/test_suite_camellia.function
+++ b/tests/suites/test_suite_camellia.function

@@ -7,7 +7,7 @@
  * END_DEPENDENCIES
  */
 
-/* BEGIN_CASE depends_on:NOT_DEFINED */
+/* BEGIN_CASE */
 void camellia_invalid_param( )
 {
     mbedtls_camellia_context ctx;

diff --git a/tests/suites/test_suite_cipher.function b/tests/suites/test_suite_cipher.function
index dd5226c..37468df 100644
--- a/tests/suites/test_suite_cipher.function
+++ b/tests/suites/test_suite_cipher.function

@@ -304,7 +304,7 @@
 }
 /* END_CASE */
 
-/* BEGIN_CASE depends_on:NOT_DEFINED */
+/* BEGIN_CASE */
 void cipher_invalid_param_conditional( )
 {
     mbedtls_cipher_context_t valid_ctx;
@@ -313,8 +313,6 @@
     unsigned char valid_buffer[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 };
     int valid_size = sizeof(valid_buffer);
     int valid_bitlen = valid_size * 8;
-    const mbedtls_cipher_info_t *valid_info = mbedtls_cipher_info_from_type(
-        *( mbedtls_cipher_list() ) );
 
     TEST_EQUAL(
         MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,

diff --git a/tests/suites/test_suite_gcm.function b/tests/suites/test_suite_gcm.function
index 5696679..ea8d6a0 100644
--- a/tests/suites/test_suite_gcm.function
+++ b/tests/suites/test_suite_gcm.function

@@ -411,7 +411,7 @@
 }
 /* END_CASE */
 
-/* BEGIN_CASE depends_on:NOT_DEFINED */
+/* BEGIN_CASE */
 void gcm_invalid_param( )
 {
     mbedtls_gcm_context ctx;