lib/algorithms: add UB warnings on late allowlisting API invocations

Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

diff --git a/lib/algorithms/ecc.c b/lib/algorithms/ecc.c
index 736e5dd07fe062b02d1c0ba452de1c24c686e405..52ae1db0e4ba212b6748f10549ce895480933cfb 100644 (file)
--- a/lib/algorithms/ecc.c
+++ b/lib/algorithms/ecc.c
@@ -389,6 +389,9 @@ void _gnutls_ecc_curve_mark_disabled_all(void)
  * enabled through the allowlisting mode in the configuration file, or
  * when the setting is modified with a prior call to this function.
  *
+ * This function must be called prior to any session priority setting functions;
+ * otherwise the behavior is undefined.
+ *
  * Returns: 0 on success or negative error code otherwise.
  *
  * Since: 3.7.3

diff --git a/lib/algorithms/mac.c b/lib/algorithms/mac.c
index a2c66e76bbaffdaa3d5c34ca79f3a02f670e2401..166d51d5529ba373776c5bee8f11f5b925831b5e 100644 (file)
--- a/lib/algorithms/mac.c
+++ b/lib/algorithms/mac.c
@@ -332,6 +332,9 @@ void _gnutls_digest_mark_insecure_all(void)
  * through the allowlisting mode in the configuration file, or when
  * the setting is modified with a prior call to this function.
  *
+ * This function must be called prior to any session priority setting functions;
+ * otherwise the behavior is undefined.
+ *
  * Since: 3.7.3
  */
 int

diff --git a/lib/algorithms/protocols.c b/lib/algorithms/protocols.c
index b0f3e0bc30765708b3c51742737a1de7dc2846be..64c86eba3c0b86dac7cf202358baf9d1cdcbbb7a 100644 (file)
--- a/lib/algorithms/protocols.c
+++ b/lib/algorithms/protocols.c
@@ -237,6 +237,9 @@ void _gnutls_version_mark_revertible_all(void)
  * enabled through the allowlisting mode in the configuration file, or
  * when the setting is modified with a prior call to this function.
  *
+ * This function must be called prior to any session priority setting functions;
+ * otherwise the behavior is undefined.
+ *
  * Returns: 0 on success or negative error code otherwise.
  *
  * Since: 3.7.3

diff --git a/lib/algorithms/sign.c b/lib/algorithms/sign.c
index 543bd19bb5c9f63c2d4e98e1a2960b16e963ed0a..06abdb4cf830cf6db18f2ce563afb55f1b331947 100644 (file)
--- a/lib/algorithms/sign.c
+++ b/lib/algorithms/sign.c
@@ -516,6 +516,9 @@ void _gnutls_sign_mark_insecure_all(hash_security_level_t level)
  * use in certificates.  Use gnutls_sign_set_secure_for_certs() to
  * mark it secure as well for certificates.
  *
+ * This function must be called prior to any session priority setting functions;
+ * otherwise the behavior is undefined.
+ *
  * Since: 3.7.3
  */
 int
@@ -560,6 +563,9 @@ gnutls_sign_set_secure(gnutls_sign_algorithm_t sign,
  * for the use in certificates.  Use gnutls_sign_set_secure() to mark
  * it insecure for any uses.
  *
+ * This function must be called prior to any session priority setting functions;
+ * otherwise the behavior is undefined.
+ *
  * Since: 3.7.3
  */
 int