TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 8472a10594a49e428439888cd1ff561aa0065e21^! / . / include / mbedtls
commit8472a10594a49e428439888cd1ff561aa0065e21[log] [tgz]
authorGilles Peskine <Gilles.Peskine@arm.com>Thu Sep 23 18:07:36 2021 +0200
committerGilles Peskine <Gilles.Peskine@arm.com>Wed Sep 29 20:42:51 2021 +0200
treed69602d9867e0a2d3ae7cfafd20d5628a44cb04f
parente568ebade1ab199e3dcb4f1384cad8dd5b5cf913 [diff]
New configuration option MBEDTLS_CHECK_RETURN_WARNING

MBEDTLS_CHECK_RETURN_TYPICAL defaults off, but is enabled if
MBEDTLS_CHECK_RETURN_WARNING is enabled at compile time.
(MBEDTLS_CHECK_RETURN_CRITICAL is always enabled.)

The default is off so that a plausible program that builds with one version
of Mbed TLS in the default configuration will still build under the next
version.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>

diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index 40b20bd..f5fe085 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h

@@ -617,6 +617,29 @@
 //#define MBEDTLS_CAMELLIA_SMALL_MEMORY
 
 /**
+ * \def MBEDTLS_CHECK_RETURN_WARNING
+ *
+ * If this macro is defined, emit a compile-time warning if application code
+ * calls a function without checking its return value, but the return value
+ * should generally be checked in portable applications.
+ *
+ * This is only supported on platforms where #MBEDTLS_CHECK_RETURN is
+ * implemented. Otherwise this option has no effect.
+ *
+ * Uncomment to get warnings on using fallible functions without checking
+ * their return value.
+ *
+ * \note  This feature is a work in progress.
+ *        Warnings will be added to more functions in the future.
+ *
+ * \note  A few functions are considered critical, and ignoring the return
+ *        value of these functions will trigger a warning even if this
+ *        macro is not defined. To completely disable return value check
+ *        warnings, define #MBEDTLS_CHECK_RETURN with an empty expansion.
+ */
+//#define MBEDTLS_CHECK_RETURN_WARNING
+
+/**
  * \def MBEDTLS_CIPHER_MODE_CBC
  *
  * Enable Cipher Block Chaining mode (CBC) for symmetric ciphers.

diff --git a/include/mbedtls/platform_util.h b/include/mbedtls/platform_util.h
index 22ccc89..7e04c4f 100644
--- a/include/mbedtls/platform_util.h
+++ b/include/mbedtls/platform_util.h

@@ -173,7 +173,8 @@
  * This macro appearing at the beginning of the declaration of a function
  * indicates that its return value should be generally be checked in portable
  * applications. Omitting the check will result in a compile-time warning if
- * #MBEDTLS_CHECK_RETURN is implemented for the compiler in use.
+ * #MBEDTLS_CHECK_RETURN is implemented for the compiler in use and
+ * #MBEDTLS_CHECK_RETURN_WARNING is enabled in the compile-time configuration.
  *
  * \note  The use of this macro is a work in progress.
  *        This macro will be added to more functions in the future.
@@ -181,7 +182,11 @@
  *        an error code (as \c int in the \c mbedtls_xxx API or
  *        as ::psa_status_t in the \c psa_xxx API).
  */
+#if defined(MBEDTLS_CHECK_RETURN_WARNING)
 #define MBEDTLS_CHECK_RETURN_TYPICAL MBEDTLS_CHECK_RETURN
+#else
+#define MBEDTLS_CHECK_RETURN_TYPICAL
+#endif
 
 /** Benign-failure function
  *