eden-emu/mbedtls
15
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Mark static int SSL functions CHECK_RETURN_CRITICAL

Browse source 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
This commit is contained in:
Manuel Pégourié-Gonnard 2022-06-17 10:52:54 +02:00 committed by Manuel Pégourié-Gonnard
parent 66b0d61718
commit a3115dc0e6
13 changed files with 243 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

36
library/ssl_tls13_client.c
View file

@ -42,6 +42,7 @@
* ProtocolVersion versions<2..254>;
* } SupportedVersions;
*/
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_write_supported_versions_ext( mbedtls_ssl_context *ssl,
unsigned char *buf,
unsigned char *end,
@ -91,6 +92,7 @@ static int ssl_tls13_write_supported_versions_ext( mbedtls_ssl_context *ssl,
return( 0 );
}
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_parse_supported_versions_ext( mbedtls_ssl_context *ssl,
const unsigned char *buf,
const unsigned char *end )
@ -120,6 +122,7 @@ static int ssl_tls13_parse_supported_versions_ext( mbedtls_ssl_context *ssl,
}
#if defined(MBEDTLS_SSL_ALPN)
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_parse_alpn_ext( mbedtls_ssl_context *ssl,
const unsigned char *buf, size_t len )
{
@ -166,6 +169,7 @@ static int ssl_tls13_parse_alpn_ext( mbedtls_ssl_context *ssl,
}
#endif /* MBEDTLS_SSL_ALPN */
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_reset_key_share( mbedtls_ssl_context *ssl )
{
uint16_t group_id = ssl->handshake->offered_group_id;
@ -204,6 +208,7 @@ static int ssl_tls13_reset_key_share( mbedtls_ssl_context *ssl )
/*
* Functions for writing key_share extension.
*/
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_get_default_group_id( mbedtls_ssl_context *ssl,
uint16_t *group_id )
{
@ -253,6 +258,7 @@ static int ssl_tls13_get_default_group_id( mbedtls_ssl_context *ssl,
* KeyShareEntry client_shares<0..2^16-1>;
* } KeyShareClientHello;
*/
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_write_key_share_ext( mbedtls_ssl_context *ssl,
unsigned char *buf,
unsigned char *end,
@ -366,6 +372,7 @@ cleanup:
* NamedGroup selected_group;
* } KeyShareHelloRetryRequest;
*/
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_parse_hrr_key_share_ext( mbedtls_ssl_context *ssl,
const unsigned char *buf,
const unsigned char *end )
@ -440,6 +447,7 @@ static int ssl_tls13_parse_hrr_key_share_ext( mbedtls_ssl_context *ssl,
* opaque key_exchange<1..2^16-1>;
* } KeyShareEntry;
*/
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_parse_key_share_ext( mbedtls_ssl_context *ssl,
const unsigned char *buf,
const unsigned char *end )
@ -514,6 +522,7 @@ static int ssl_tls13_parse_key_share_ext( mbedtls_ssl_context *ssl,
* a "cookie" extension in the new ClientHello. Clients MUST NOT use
* cookies in their initial ClientHello in subsequent connections.
*/
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_parse_cookie_ext( mbedtls_ssl_context *ssl,
const unsigned char *buf,
const unsigned char *end )
@ -547,6 +556,7 @@ static int ssl_tls13_parse_cookie_ext( mbedtls_ssl_context *ssl,
return( 0 );
}
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_write_cookie_ext( mbedtls_ssl_context *ssl,
unsigned char *buf,
unsigned char *end,
@ -640,6 +650,7 @@ int mbedtls_ssl_tls13_write_client_hello_exts( mbedtls_ssl_context *ssl,
* \return 1 if the ServerHello contains a supported_versions extension
* \return A negative value if an error occurred while parsing the ServerHello.
*/
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_is_supported_versions_ext_present(
mbedtls_ssl_context *ssl,
const unsigned char *buf,
@ -714,6 +725,7 @@ static int ssl_tls13_is_supported_versions_ext_present(
* the server is TLS 1.3 capable but negotiating TLS 1.2 or below.
* - 0 otherwise
*/
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_is_downgrade_negotiation( mbedtls_ssl_context *ssl,
const unsigned char *buf,
const unsigned char *end )
@ -746,6 +758,7 @@ static int ssl_tls13_is_downgrade_negotiation( mbedtls_ssl_context *ssl,
*/
#define SSL_SERVER_HELLO_COORDINATE_HELLO 0
#define SSL_SERVER_HELLO_COORDINATE_HRR 1
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_server_hello_is_hrr( mbedtls_ssl_context *ssl,
const unsigned char *buf,
const unsigned char *end )
@ -785,6 +798,7 @@ static int ssl_server_hello_is_hrr( mbedtls_ssl_context *ssl,
* - SSL_SERVER_HELLO_COORDINATE_TLS1_2
*/
#define SSL_SERVER_HELLO_COORDINATE_TLS1_2 2
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_server_hello_coordinate( mbedtls_ssl_context *ssl,
unsigned char **buf,
size_t *buf_len )
@ -878,6 +892,7 @@ cleanup:
return( ret );
}
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_check_server_hello_session_id_echo( mbedtls_ssl_context *ssl,
const unsigned char **buf,
const unsigned char *end )
@ -925,6 +940,7 @@ static int ssl_tls13_check_server_hello_session_id_echo( mbedtls_ssl_context *ss
* Extension extensions<6..2^16-1>;
* } ServerHello;
*/
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_parse_server_hello( mbedtls_ssl_context *ssl,
const unsigned char *buf,
const unsigned char *end,
@ -1183,6 +1199,7 @@ cleanup:
return( ret );
}
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_postprocess_server_hello( mbedtls_ssl_context *ssl )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@ -1263,6 +1280,7 @@ cleanup:
return( ret );
}
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_postprocess_hrr( mbedtls_ssl_context *ssl )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@ -1297,6 +1315,7 @@ static int ssl_tls13_postprocess_hrr( mbedtls_ssl_context *ssl )
* Wait and parse ServerHello handshake message.
* Handler for MBEDTLS_SSL_SERVER_HELLO
*/
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_process_server_hello( mbedtls_ssl_context *ssl )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@ -1359,16 +1378,20 @@ cleanup:
*/
/* Main entry point; orchestrates the other functions */
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_process_encrypted_extensions( mbedtls_ssl_context *ssl );
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_parse_encrypted_extensions( mbedtls_ssl_context *ssl,
const unsigned char *buf,
const unsigned char *end );
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_postprocess_encrypted_extensions( mbedtls_ssl_context *ssl );
/*
* Handler for MBEDTLS_SSL_ENCRYPTED_EXTENSIONS
*/
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_process_encrypted_extensions( mbedtls_ssl_context *ssl )
{
int ret;
@ -1402,6 +1425,7 @@ cleanup:
* Extension extensions<0..2^16-1>;
* } EncryptedExtensions;
*/
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_parse_encrypted_extensions( mbedtls_ssl_context *ssl,
const unsigned char *buf,
const unsigned char *end )
@ -1483,6 +1507,7 @@ static int ssl_tls13_parse_encrypted_extensions( mbedtls_ssl_context *ssl,
return( ret );
}
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_postprocess_encrypted_extensions( mbedtls_ssl_context *ssl )
{
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
@ -1512,6 +1537,7 @@ static int ssl_tls13_postprocess_encrypted_extensions( mbedtls_ssl_context *ssl
* - SSL_CERTIFICATE_REQUEST_SKIP
* indicating if a Certificate Request is expected or not.
*/
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_certificate_request_coordinate( mbedtls_ssl_context *ssl )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@ -1546,6 +1572,7 @@ static int ssl_tls13_certificate_request_coordinate( mbedtls_ssl_context *ssl )
* Extension extensions<2..2^16-1>;
* } CertificateRequest;
*/
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_parse_certificate_request( mbedtls_ssl_context *ssl,
const unsigned char *buf,
const unsigned char *end )
@ -1662,6 +1689,7 @@ decode_error:
/*
* Handler for MBEDTLS_SSL_CERTIFICATE_REQUEST
*/
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_process_certificate_request( mbedtls_ssl_context *ssl )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@ -1711,6 +1739,7 @@ cleanup:
/*
* Handler for MBEDTLS_SSL_SERVER_CERTIFICATE
*/
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_process_server_certificate( mbedtls_ssl_context *ssl )
{
int ret;
@ -1726,6 +1755,7 @@ static int ssl_tls13_process_server_certificate( mbedtls_ssl_context *ssl )
/*
* Handler for MBEDTLS_SSL_CERTIFICATE_VERIFY
*/
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_process_certificate_verify( mbedtls_ssl_context *ssl )
{
int ret;
@ -1742,6 +1772,7 @@ static int ssl_tls13_process_certificate_verify( mbedtls_ssl_context *ssl )
/*
* Handler for MBEDTLS_SSL_SERVER_FINISHED
*/
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_process_server_finished( mbedtls_ssl_context *ssl )
{
int ret;
@ -1773,6 +1804,7 @@ static int ssl_tls13_process_server_finished( mbedtls_ssl_context *ssl )
/*
* Handler for MBEDTLS_SSL_CLIENT_CERTIFICATE
*/
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_write_client_certificate( mbedtls_ssl_context *ssl )
{
int non_empty_certificate_msg = 0;
@ -1812,6 +1844,7 @@ static int ssl_tls13_write_client_certificate( mbedtls_ssl_context *ssl )
/*
* Handler for MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY
*/
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_write_client_certificate_verify( mbedtls_ssl_context *ssl )
{
int ret = mbedtls_ssl_tls13_write_certificate_verify( ssl );
@ -1826,6 +1859,7 @@ static int ssl_tls13_write_client_certificate_verify( mbedtls_ssl_context *ssl )
/*
* Handler for MBEDTLS_SSL_CLIENT_FINISHED
*/
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_write_client_finished( mbedtls_ssl_context *ssl )
{
int ret;
@ -1849,6 +1883,7 @@ static int ssl_tls13_write_client_finished( mbedtls_ssl_context *ssl )
/*
* Handler for MBEDTLS_SSL_FLUSH_BUFFERS
*/
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_flush_buffers( mbedtls_ssl_context *ssl )
{
MBEDTLS_SSL_DEBUG_MSG( 2, ( "handshake: done" ) );
@ -1859,6 +1894,7 @@ static int ssl_tls13_flush_buffers( mbedtls_ssl_context *ssl )
/*
* Handler for MBEDTLS_SSL_HANDSHAKE_WRAPUP
*/
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_handshake_wrapup( mbedtls_ssl_context *ssl )
{