lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-28 00:21:48 +03:00
Code Activity

Handle errors from functions that now return int

Browse Source 
A few functions were changed from returning void to returning int three
commits ago. Make sure their callers check the return values.

This commits was basically a matter of declaring newly-int-returning
functions MBEDTLS_CHECK_RETURN_CRITICAL and then fixing the resulting
warnings. A few functions had to be made int in the process; they were
applied the same process as well.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
This commit is contained in:
Manuel Pégourié-Gonnard
2023-02-06 00:34:21 +01:00
parent d7a7a23308
commit b8b07aa24a
9 changed files with 171 additions and 67 deletions
Download Patch File Download Diff File Expand all files Collapse all files

60
library/ssl_tls13_server.c
View File

@ -486,6 +486,7 @@ static int ssl_tls13_parse_pre_shared_key_ext(mbedtls_ssl_context *ssl,
const unsigned char *ciphersuites,
const unsigned char *ciphersuites_end)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
const unsigned char *identities = pre_shared_key_ext;
const unsigned char *p_identity_len;
size_t identities_len;
@ -521,8 +522,12 @@ static int ssl_tls13_parse_pre_shared_key_ext(mbedtls_ssl_context *ssl,
MBEDTLS_SSL_CHK_BUF_READ_PTR(p_binder_len, pre_shared_key_ext_end, binders_len);
binders_end = p_binder_len + binders_len;
ssl->handshake->update_checksum(ssl, pre_shared_key_ext,
identities_end - pre_shared_key_ext);
ret = ssl->handshake->update_checksum(ssl, pre_shared_key_ext,
identities_end - pre_shared_key_ext);
if (0 != ret) {
MBEDTLS_SSL_DEBUG_RET(1, ("update_checksum"), ret);
return ret;
}
while (p_identity_len < identities_end && p_binder_len < binders_end) {
const unsigned char *identity;
@ -530,7 +535,6 @@ static int ssl_tls13_parse_pre_shared_key_ext(mbedtls_ssl_context *ssl,
uint32_t obfuscated_ticket_age;
const unsigned char *binder;
size_t binder_len;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
int psk_type;
uint16_t cipher_suite;
const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
@ -642,9 +646,13 @@ static int ssl_tls13_parse_pre_shared_key_ext(mbedtls_ssl_context *ssl,
}
/* Update the handshake transcript with the binder list. */
ssl->handshake->update_checksum(ssl,
identities_end,
(size_t) (binders_end - identities_end));
ret = ssl->handshake->update_checksum(ssl,
identities_end,
(size_t) (binders_end - identities_end));
if (0 != ret) {
MBEDTLS_SSL_DEBUG_RET(1, ("update_checksum"), ret);
return ret;
}
if (matched_identity == -1) {
MBEDTLS_SSL_DEBUG_MSG(3, ("No matched PSK or ticket."));
return MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY;
@ -1590,9 +1598,13 @@ static int ssl_tls13_parse_client_hello(mbedtls_ssl_context *ssl,
MBEDTLS_SSL_PRINT_EXTS(3, MBEDTLS_SSL_HS_CLIENT_HELLO,
handshake->received_extensions);
mbedtls_ssl_add_hs_hdr_to_checksum(ssl,
MBEDTLS_SSL_HS_CLIENT_HELLO,
p - buf);
ret = mbedtls_ssl_add_hs_hdr_to_checksum(ssl,
MBEDTLS_SSL_HS_CLIENT_HELLO,
p - buf);
if (0 != ret) {
MBEDTLS_SSL_DEBUG_RET(1, ("mbedtls_ssl_add_hs_hdr_to_checksum"), ret);
return ret;
}
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED)
/* Update checksum with either
@ -1603,8 +1615,12 @@ static int ssl_tls13_parse_client_hello(mbedtls_ssl_context *ssl,
if (mbedtls_ssl_tls13_some_psk_enabled(ssl) &&
mbedtls_ssl_conf_tls13_some_psk_enabled(ssl) &&
(handshake->received_extensions & MBEDTLS_SSL_EXT_MASK(PRE_SHARED_KEY))) {
handshake->update_checksum(ssl, buf,
pre_shared_key_ext - buf);
ret = handshake->update_checksum(ssl, buf,
pre_shared_key_ext - buf);
if (0 != ret) {
MBEDTLS_SSL_DEBUG_RET(1, ("update_checksum"), ret);
return ret;
}
ret = ssl_tls13_parse_pre_shared_key_ext(ssl,
pre_shared_key_ext,
pre_shared_key_ext_end,
@ -1620,7 +1636,11 @@ static int ssl_tls13_parse_client_hello(mbedtls_ssl_context *ssl,
} else
#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED */
{
handshake->update_checksum(ssl, buf, p - buf);
ret = handshake->update_checksum(ssl, buf, p - buf);
if (0 != ret) {
MBEDTLS_SSL_DEBUG_RET(1, ("update_checksum"), ret);
return ret;
}
}
ret = ssl_tls13_determine_key_exchange_mode(ssl);
@ -2134,8 +2154,8 @@ static int ssl_tls13_write_server_hello(mbedtls_ssl_context *ssl)
&msg_len,
0));
mbedtls_ssl_add_hs_msg_to_checksum(
ssl, MBEDTLS_SSL_HS_SERVER_HELLO, buf, msg_len);
MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum(
ssl, MBEDTLS_SSL_HS_SERVER_HELLO, buf, msg_len));
MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_finish_handshake_msg(
ssl, buf_len, msg_len));
@ -2207,8 +2227,8 @@ static int ssl_tls13_write_hello_retry_request(mbedtls_ssl_context *ssl)
buf + buf_len,
&msg_len,
1));
mbedtls_ssl_add_hs_msg_to_checksum(
ssl, MBEDTLS_SSL_HS_SERVER_HELLO, buf, msg_len);
MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum(
ssl, MBEDTLS_SSL_HS_SERVER_HELLO, buf, msg_len));
MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_finish_handshake_msg(ssl, buf_len,
@ -2306,8 +2326,8 @@ static int ssl_tls13_write_encrypted_extensions(mbedtls_ssl_context *ssl)
MBEDTLS_SSL_PROC_CHK(ssl_tls13_write_encrypted_extensions_body(
ssl, buf, buf + buf_len, &msg_len));
mbedtls_ssl_add_hs_msg_to_checksum(
ssl, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS, buf, msg_len);
MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum(
ssl, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS, buf, msg_len));
MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_finish_handshake_msg(
ssl, buf_len, msg_len));
@ -2439,8 +2459,8 @@ static int ssl_tls13_write_certificate_request(mbedtls_ssl_context *ssl)
MBEDTLS_SSL_PROC_CHK(ssl_tls13_write_certificate_request_body(
ssl, buf, buf + buf_len, &msg_len));
mbedtls_ssl_add_hs_msg_to_checksum(
ssl, MBEDTLS_SSL_HS_CERTIFICATE_REQUEST, buf, msg_len);
MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum(
ssl, MBEDTLS_SSL_HS_CERTIFICATE_REQUEST, buf, msg_len));
MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_finish_handshake_msg(
ssl, buf_len, msg_len));