Mark static int SSL functions CHECK_RETURN_CRITICAL
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c
index 6502307..4ac822f 100644
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@@ -50,6 +50,7 @@
* ProtocolVersion versions<2..254>;
* } SupportedVersions;
*/
+MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_parse_supported_versions_ext( mbedtls_ssl_context *ssl,
const unsigned char *buf,
const unsigned char *end )
@@ -106,6 +107,7 @@
* NamedGroup named_group_list<2..2^16-1>;
* } NamedGroupList;
*/
+MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_parse_supported_groups_ext( mbedtls_ssl_context *ssl,
const unsigned char *buf,
const unsigned char *end )
@@ -168,6 +170,7 @@
* be needed.
* - A negative value for fatal errors.
*/
+MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_parse_key_shares_ext( mbedtls_ssl_context *ssl,
const unsigned char *buf,
const unsigned char *end )
@@ -306,6 +309,7 @@
}
#endif /* MBEDTLS_DEBUG_C */
+MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_client_hello_has_exts( mbedtls_ssl_context *ssl,
int exts_mask )
{
@@ -313,6 +317,7 @@
return( masked == exts_mask );
}
+MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_client_hello_has_exts_for_ephemeral_key_exchange(
mbedtls_ssl_context *ssl )
{
@@ -322,6 +327,7 @@
MBEDTLS_SSL_EXT_SIG_ALG ) );
}
+MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_check_ephemeral_key_exchange( mbedtls_ssl_context *ssl )
{
if( !mbedtls_ssl_conf_tls13_ephemeral_enabled( ssl ) )
@@ -379,6 +385,7 @@
#define SSL_CLIENT_HELLO_OK 0
#define SSL_CLIENT_HELLO_HRR_REQUIRED 1
+MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl,
const unsigned char *buf,
const unsigned char *end )
@@ -704,6 +711,7 @@
/* Update the handshake state machine */
+MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_postprocess_client_hello( mbedtls_ssl_context* ssl )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@@ -724,6 +732,7 @@
* Main entry point from the state machine; orchestrates the otherfunctions.
*/
+MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_process_client_hello( mbedtls_ssl_context *ssl )
{
@@ -762,6 +771,7 @@
/*
* Handler for MBEDTLS_SSL_SERVER_HELLO
*/
+MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_prepare_server_hello( mbedtls_ssl_context *ssl )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@@ -797,6 +807,7 @@
* ProtocolVersion selected_version;
* } SupportedVersions;
*/
+MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_write_server_hello_supported_versions_ext(
mbedtls_ssl_context *ssl,
unsigned char *buf,
@@ -834,6 +845,7 @@
/* Generate and export a single key share. For hybrid KEMs, this can
* be called multiple times with the different components of the hybrid. */
+MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_generate_and_write_key_share( mbedtls_ssl_context *ssl,
uint16_t named_group,
unsigned char *buf,
@@ -887,6 +899,7 @@
* KeyShareEntry server_share;
* } KeyShareServerHello;
*/
+MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_write_key_share_ext( mbedtls_ssl_context *ssl,
unsigned char *buf,
unsigned char *end,
@@ -930,6 +943,7 @@
return( 0 );
}
+MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_write_hrr_key_share_ext( mbedtls_ssl_context *ssl,
unsigned char *buf,
unsigned char *end,
@@ -1005,6 +1019,7 @@
* Extension extensions<6..2^16-1>;
* } ServerHello;
*/
+MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_write_server_hello_body( mbedtls_ssl_context *ssl,
unsigned char *buf,
unsigned char *end,
@@ -1131,6 +1146,7 @@
return( ret );
}
+MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_finalize_write_server_hello( mbedtls_ssl_context *ssl )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@@ -1151,6 +1167,7 @@
return( ret );
}
+MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_write_server_hello( mbedtls_ssl_context *ssl )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@@ -1189,6 +1206,7 @@
/*
* Handler for MBEDTLS_SSL_HELLO_RETRY_REQUEST
*/
+MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_write_hello_retry_request_coordinate(
mbedtls_ssl_context *ssl )
{
@@ -1216,6 +1234,7 @@
return( 0 );
}
+MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_write_hello_retry_request( mbedtls_ssl_context *ssl )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@@ -1260,6 +1279,7 @@
* } EncryptedExtensions;
*
*/
+MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_write_encrypted_extensions_body( mbedtls_ssl_context *ssl,
unsigned char *buf,
unsigned char *end,
@@ -1287,6 +1307,7 @@
return( 0 );
}
+MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_write_encrypted_extensions( mbedtls_ssl_context *ssl )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@@ -1333,6 +1354,7 @@
* indicating if the writing of the CertificateRequest
* should be skipped or not.
*/
+MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_certificate_request_coordinate( mbedtls_ssl_context *ssl )
{
int authmode;
@@ -1354,6 +1376,7 @@
* } CertificateRequest;
*
*/
+MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_write_certificate_request_body( mbedtls_ssl_context *ssl,
unsigned char *buf,
const unsigned char *end,
@@ -1400,6 +1423,7 @@
return( 0 );
}
+MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_write_certificate_request( mbedtls_ssl_context *ssl )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@@ -1447,6 +1471,7 @@
/*
* Handler for MBEDTLS_SSL_SERVER_CERTIFICATE
*/
+MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_write_server_certificate( mbedtls_ssl_context *ssl )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@@ -1468,6 +1493,7 @@
/*
* Handler for MBEDTLS_SSL_CERTIFICATE_VERIFY
*/
+MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_write_certificate_verify( mbedtls_ssl_context *ssl )
{
int ret = mbedtls_ssl_tls13_write_certificate_verify( ssl );
@@ -1481,6 +1507,7 @@
/*
* Handler for MBEDTLS_SSL_SERVER_FINISHED
*/
+MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_write_server_finished( mbedtls_ssl_context *ssl )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@@ -1513,6 +1540,7 @@
/*
* Handler for MBEDTLS_SSL_CLIENT_FINISHED
*/
+MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_process_client_finished( mbedtls_ssl_context *ssl )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@@ -1541,6 +1569,7 @@
/*
* Handler for MBEDTLS_SSL_HANDSHAKE_WRAPUP
*/
+MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_handshake_wrapup( mbedtls_ssl_context *ssl )
{
MBEDTLS_SSL_DEBUG_MSG( 2, ( "handshake: done" ) );