Mark static int SSL functions CHECK_RETURN_CRITICAL
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index e9250fc..b298184 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -42,6 +42,7 @@
* ProtocolVersion versions<2..254>;
* } SupportedVersions;
*/
+MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_write_supported_versions_ext( mbedtls_ssl_context *ssl,
unsigned char *buf,
unsigned char *end,
@@ -91,6 +92,7 @@
return( 0 );
}
+MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_parse_supported_versions_ext( mbedtls_ssl_context *ssl,
const unsigned char *buf,
const unsigned char *end )
@@ -120,6 +122,7 @@
}
#if defined(MBEDTLS_SSL_ALPN)
+MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_parse_alpn_ext( mbedtls_ssl_context *ssl,
const unsigned char *buf, size_t len )
{
@@ -166,6 +169,7 @@
}
#endif /* MBEDTLS_SSL_ALPN */
+MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_reset_key_share( mbedtls_ssl_context *ssl )
{
uint16_t group_id = ssl->handshake->offered_group_id;
@@ -204,6 +208,7 @@
/*
* Functions for writing key_share extension.
*/
+MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_get_default_group_id( mbedtls_ssl_context *ssl,
uint16_t *group_id )
{
@@ -253,6 +258,7 @@
* KeyShareEntry client_shares<0..2^16-1>;
* } KeyShareClientHello;
*/
+MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_write_key_share_ext( mbedtls_ssl_context *ssl,
unsigned char *buf,
unsigned char *end,
@@ -366,6 +372,7 @@
* NamedGroup selected_group;
* } KeyShareHelloRetryRequest;
*/
+MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_parse_hrr_key_share_ext( mbedtls_ssl_context *ssl,
const unsigned char *buf,
const unsigned char *end )
@@ -440,6 +447,7 @@
* opaque key_exchange<1..2^16-1>;
* } KeyShareEntry;
*/
+MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_parse_key_share_ext( mbedtls_ssl_context *ssl,
const unsigned char *buf,
const unsigned char *end )
@@ -514,6 +522,7 @@
* a "cookie" extension in the new ClientHello. Clients MUST NOT use
* cookies in their initial ClientHello in subsequent connections.
*/
+MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_parse_cookie_ext( mbedtls_ssl_context *ssl,
const unsigned char *buf,
const unsigned char *end )
@@ -547,6 +556,7 @@
return( 0 );
}
+MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_write_cookie_ext( mbedtls_ssl_context *ssl,
unsigned char *buf,
unsigned char *end,
@@ -640,6 +650,7 @@
* \return 1 if the ServerHello contains a supported_versions extension
* \return A negative value if an error occurred while parsing the ServerHello.
*/
+MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_is_supported_versions_ext_present(
mbedtls_ssl_context *ssl,
const unsigned char *buf,
@@ -714,6 +725,7 @@
* the server is TLS 1.3 capable but negotiating TLS 1.2 or below.
* - 0 otherwise
*/
+MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_is_downgrade_negotiation( mbedtls_ssl_context *ssl,
const unsigned char *buf,
const unsigned char *end )
@@ -746,6 +758,7 @@
*/
#define SSL_SERVER_HELLO_COORDINATE_HELLO 0
#define SSL_SERVER_HELLO_COORDINATE_HRR 1
+MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_server_hello_is_hrr( mbedtls_ssl_context *ssl,
const unsigned char *buf,
const unsigned char *end )
@@ -785,6 +798,7 @@
* - SSL_SERVER_HELLO_COORDINATE_TLS1_2
*/
#define SSL_SERVER_HELLO_COORDINATE_TLS1_2 2
+MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_server_hello_coordinate( mbedtls_ssl_context *ssl,
unsigned char **buf,
size_t *buf_len )
@@ -878,6 +892,7 @@
return( ret );
}
+MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_check_server_hello_session_id_echo( mbedtls_ssl_context *ssl,
const unsigned char **buf,
const unsigned char *end )
@@ -925,6 +940,7 @@
* Extension extensions<6..2^16-1>;
* } ServerHello;
*/
+MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_parse_server_hello( mbedtls_ssl_context *ssl,
const unsigned char *buf,
const unsigned char *end,
@@ -1183,6 +1199,7 @@
return( ret );
}
+MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_postprocess_server_hello( mbedtls_ssl_context *ssl )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@@ -1263,6 +1280,7 @@
return( ret );
}
+MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_postprocess_hrr( mbedtls_ssl_context *ssl )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@@ -1297,6 +1315,7 @@
* Wait and parse ServerHello handshake message.
* Handler for MBEDTLS_SSL_SERVER_HELLO
*/
+MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_process_server_hello( mbedtls_ssl_context *ssl )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@@ -1359,16 +1378,20 @@
*/
/* Main entry point; orchestrates the other functions */
+MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_process_encrypted_extensions( mbedtls_ssl_context *ssl );
+MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_parse_encrypted_extensions( mbedtls_ssl_context *ssl,
const unsigned char *buf,
const unsigned char *end );
+MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_postprocess_encrypted_extensions( mbedtls_ssl_context *ssl );
/*
* Handler for MBEDTLS_SSL_ENCRYPTED_EXTENSIONS
*/
+MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_process_encrypted_extensions( mbedtls_ssl_context *ssl )
{
int ret;
@@ -1402,6 +1425,7 @@
* Extension extensions<0..2^16-1>;
* } EncryptedExtensions;
*/
+MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_parse_encrypted_extensions( mbedtls_ssl_context *ssl,
const unsigned char *buf,
const unsigned char *end )
@@ -1483,6 +1507,7 @@
return( ret );
}
+MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_postprocess_encrypted_extensions( mbedtls_ssl_context *ssl )
{
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
@@ -1512,6 +1537,7 @@
* - SSL_CERTIFICATE_REQUEST_SKIP
* indicating if a Certificate Request is expected or not.
*/
+MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_certificate_request_coordinate( mbedtls_ssl_context *ssl )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@@ -1546,6 +1572,7 @@
* Extension extensions<2..2^16-1>;
* } CertificateRequest;
*/
+MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_parse_certificate_request( mbedtls_ssl_context *ssl,
const unsigned char *buf,
const unsigned char *end )
@@ -1662,6 +1689,7 @@
/*
* Handler for MBEDTLS_SSL_CERTIFICATE_REQUEST
*/
+MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_process_certificate_request( mbedtls_ssl_context *ssl )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@@ -1711,6 +1739,7 @@
/*
* Handler for MBEDTLS_SSL_SERVER_CERTIFICATE
*/
+MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_process_server_certificate( mbedtls_ssl_context *ssl )
{
int ret;
@@ -1726,6 +1755,7 @@
/*
* Handler for MBEDTLS_SSL_CERTIFICATE_VERIFY
*/
+MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_process_certificate_verify( mbedtls_ssl_context *ssl )
{
int ret;
@@ -1742,6 +1772,7 @@
/*
* Handler for MBEDTLS_SSL_SERVER_FINISHED
*/
+MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_process_server_finished( mbedtls_ssl_context *ssl )
{
int ret;
@@ -1773,6 +1804,7 @@
/*
* Handler for MBEDTLS_SSL_CLIENT_CERTIFICATE
*/
+MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_write_client_certificate( mbedtls_ssl_context *ssl )
{
int non_empty_certificate_msg = 0;
@@ -1812,6 +1844,7 @@
/*
* Handler for MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY
*/
+MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_write_client_certificate_verify( mbedtls_ssl_context *ssl )
{
int ret = mbedtls_ssl_tls13_write_certificate_verify( ssl );
@@ -1826,6 +1859,7 @@
/*
* Handler for MBEDTLS_SSL_CLIENT_FINISHED
*/
+MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_write_client_finished( mbedtls_ssl_context *ssl )
{
int ret;
@@ -1849,6 +1883,7 @@
/*
* Handler for MBEDTLS_SSL_FLUSH_BUFFERS
*/
+MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_flush_buffers( mbedtls_ssl_context *ssl )
{
MBEDTLS_SSL_DEBUG_MSG( 2, ( "handshake: done" ) );
@@ -1859,6 +1894,7 @@
/*
* Handler for MBEDTLS_SSL_HANDSHAKE_WRAPUP
*/
+MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_handshake_wrapup( mbedtls_ssl_context *ssl )
{