ecf6bebb9c
Declare mbedtls_md functions as MBEDTLS_CHECK_RETURN_TYPICAL, meaning that their return values should be checked. Do check the return values in our code. We were already doing that everywhere for hash calculations, but not for HMAC calculations. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
20 lines
1.1 KiB
Plaintext
20 lines
1.1 KiB
Plaintext
Bugfix
|
|
* Failures of alternative implementations of AES or DES single-block
|
|
functions enabled with MBEDTLS_AES_ENCRYPT_ALT, MBEDTLS_AES_DECRYPT_ALT,
|
|
MBEDTLS_DES_CRYPT_ECB_ALT or MBEDTLS_DES3_CRYPT_ECB_ALT were ignored.
|
|
This does not concern the implementation provided with Mbed TLS,
|
|
where this function cannot fail, or full-module replacements with
|
|
MBEDTLS_AES_ALT or MBEDTLS_DES_ALT. Reported by Armelle Duboc in #1092.
|
|
* Some failures of HMAC operations were ignored. These failures could only
|
|
happen with an alternative implementation of the underlying hash module.
|
|
|
|
Features
|
|
* Warn if errors from certain functions are ignored. This is currently
|
|
supported on GCC-like compilers and on MSVC and can be configured through
|
|
the macro MBEDTLS_CHECK_RETURN. The warnings are always enabled
|
|
(where supported) for critical functions where ignoring the return
|
|
value is almost always a bug. Enable the new configuration option
|
|
MBEDTLS_CHECK_RETURN_WARNING to get warnings for other functions. This
|
|
is currently implemented in the AES, DES and md modules, and will be
|
|
extended to other modules in the future.
|