Change pkey parse methods to return s2n_result

crypto/s2n_certificate.c

@@ -36,7 +36,7 @@ int s2n_cert_set_cert_type(struct s2n_cert *cert, s2n_pkey_type pkey_type)
 {
     POSIX_ENSURE_REF(cert);
     cert->pkey_type = pkey_type;
-    POSIX_GUARD(s2n_pkey_setup_for_type(&cert->public_key, pkey_type));
+    POSIX_GUARD_RESULT(s2n_pkey_setup_for_type(&cert->public_key, pkey_type));
     return 0;
 }
 
@@ -127,7 +127,7 @@ int s2n_cert_chain_and_key_set_private_key_from_stuffer(struct s2n_cert_chain_an
     key_blob.data = s2n_stuffer_raw_read(key_out_stuffer, key_blob.size);
     POSIX_ENSURE_REF(key_blob.data);
 
-    POSIX_GUARD(s2n_asn1der_to_private_key(cert_and_key->private_key, &key_blob, type));
+    POSIX_GUARD_RESULT(s2n_asn1der_to_private_key(cert_and_key->private_key, &key_blob, type));
     return S2N_SUCCESS;
 }
 
@@ -364,7 +364,7 @@ int s2n_cert_chain_and_key_load(struct s2n_cert_chain_and_key *chain_and_key)
     /* Parse the leaf cert for the public key and certificate type */
     DEFER_CLEANUP(struct s2n_pkey public_key = { 0 }, s2n_pkey_free);
     s2n_pkey_type pkey_type = S2N_PKEY_TYPE_UNKNOWN;
-    POSIX_GUARD(s2n_asn1der_to_public_key_and_type(&public_key, &pkey_type, &head->raw));
+    POSIX_GUARD_RESULT(s2n_asn1der_to_public_key_and_type(&public_key, &pkey_type, &head->raw));
     POSIX_ENSURE(pkey_type != S2N_PKEY_TYPE_UNKNOWN, S2N_ERR_CERT_TYPE_UNSUPPORTED);
     POSIX_GUARD(s2n_cert_set_cert_type(head, pkey_type));
 

crypto/s2n_ecdsa.c

@@ -184,25 +184,25 @@ static int s2n_ecdsa_check_key_exists(const struct s2n_pkey *pkey)
     return 0;
 }
 
-int s2n_evp_pkey_to_ecdsa_private_key(s2n_ecdsa_private_key *ecdsa_key, EVP_PKEY *evp_private_key)
+S2N_RESULT s2n_evp_pkey_to_ecdsa_private_key(s2n_ecdsa_private_key *ecdsa_key, EVP_PKEY *evp_private_key)
 {
     const EC_KEY *ec_key = EVP_PKEY_get1_EC_KEY(evp_private_key);
-    S2N_ERROR_IF(ec_key == NULL, S2N_ERR_DECODE_PRIVATE_KEY);
+    RESULT_ENSURE(ec_key != NULL, S2N_ERR_DECODE_PRIVATE_KEY);
 
     ecdsa_key->ec_key = ec_key;
-    return 0;
+    return S2N_RESULT_OK;
 }
 
-int s2n_evp_pkey_to_ecdsa_public_key(s2n_ecdsa_public_key *ecdsa_key, EVP_PKEY *evp_public_key)
+S2N_RESULT s2n_evp_pkey_to_ecdsa_public_key(s2n_ecdsa_public_key *ecdsa_key, EVP_PKEY *evp_public_key)
 {
     const EC_KEY *ec_key = EVP_PKEY_get1_EC_KEY(evp_public_key);
-    S2N_ERROR_IF(ec_key == NULL, S2N_ERR_DECODE_CERTIFICATE);
+    RESULT_ENSURE(ec_key != NULL, S2N_ERR_DECODE_CERTIFICATE);
 
     ecdsa_key->ec_key = ec_key;
-    return 0;
+    return S2N_RESULT_OK;
 }
 
-int s2n_ecdsa_pkey_init(struct s2n_pkey *pkey)
+S2N_RESULT s2n_ecdsa_pkey_init(struct s2n_pkey *pkey)
 {
     pkey->size = &s2n_ecdsa_der_signature_size;
     pkey->sign = &s2n_ecdsa_sign;
@@ -212,8 +212,8 @@ int s2n_ecdsa_pkey_init(struct s2n_pkey *pkey)
     pkey->match = &s2n_ecdsa_keys_match;
     pkey->free = &s2n_ecdsa_key_free;
     pkey->check_key = &s2n_ecdsa_check_key_exists;
-    POSIX_GUARD_RESULT(s2n_evp_signing_set_pkey_overrides(pkey));
-    return 0;
+    RESULT_GUARD(s2n_evp_signing_set_pkey_overrides(pkey));
+    return S2N_RESULT_OK;
 }
 
 int s2n_ecdsa_pkey_matches_curve(const struct s2n_ecdsa_key *ecdsa_key, const struct s2n_ecc_named_curve *curve)

crypto/s2n_ecdsa.h

@@ -43,8 +43,8 @@ struct s2n_ecdsa_key {
 typedef struct s2n_ecdsa_key s2n_ecdsa_public_key;
 typedef struct s2n_ecdsa_key s2n_ecdsa_private_key;
 
-int s2n_ecdsa_pkey_init(struct s2n_pkey *pkey);
+S2N_RESULT s2n_ecdsa_pkey_init(struct s2n_pkey *pkey);
 int s2n_ecdsa_pkey_matches_curve(const struct s2n_ecdsa_key *ecdsa_key, const struct s2n_ecc_named_curve *curve);
 
-int s2n_evp_pkey_to_ecdsa_public_key(s2n_ecdsa_public_key *ecdsa_key, EVP_PKEY *pkey);
-int s2n_evp_pkey_to_ecdsa_private_key(s2n_ecdsa_private_key *ecdsa_key, EVP_PKEY *pkey);
+S2N_RESULT s2n_evp_pkey_to_ecdsa_public_key(s2n_ecdsa_public_key *ecdsa_key, EVP_PKEY *pkey);
+S2N_RESULT s2n_evp_pkey_to_ecdsa_private_key(s2n_ecdsa_private_key *ecdsa_key, EVP_PKEY *pkey);

crypto/s2n_pkey.c

@@ -40,7 +40,7 @@ int s2n_pkey_zero_init(struct s2n_pkey *pkey)
     return 0;
 }
 
-int s2n_pkey_setup_for_type(struct s2n_pkey *pkey, s2n_pkey_type pkey_type)
+S2N_RESULT s2n_pkey_setup_for_type(struct s2n_pkey *pkey, s2n_pkey_type pkey_type)
 {
     switch (pkey_type) {
         case S2N_PKEY_TYPE_RSA:
@@ -51,9 +51,9 @@ int s2n_pkey_setup_for_type(struct s2n_pkey *pkey, s2n_pkey_type pkey_type)
             return s2n_rsa_pss_pkey_init(pkey);
         case S2N_PKEY_TYPE_SENTINEL:
         case S2N_PKEY_TYPE_UNKNOWN:
-            POSIX_BAIL(S2N_ERR_CERT_TYPE_UNSUPPORTED);
+            RESULT_BAIL(S2N_ERR_CERT_TYPE_UNSUPPORTED);
     }
-    POSIX_BAIL(S2N_ERR_CERT_TYPE_UNSUPPORTED);
+    RESULT_BAIL(S2N_ERR_CERT_TYPE_UNSUPPORTED);
 }
 
 int s2n_pkey_check_key_exists(const struct s2n_pkey *pkey)
@@ -129,7 +129,7 @@ int s2n_pkey_free(struct s2n_pkey *key)
     return S2N_SUCCESS;
 }
 
-int s2n_asn1der_to_private_key(struct s2n_pkey *priv_key, struct s2n_blob *asn1der, int type_hint)
+S2N_RESULT s2n_asn1der_to_private_key(struct s2n_pkey *priv_key, struct s2n_blob *asn1der, int type_hint)
 {
     const unsigned char *key_to_parse = asn1der->data;
 
@@ -151,106 +151,81 @@ int s2n_asn1der_to_private_key(struct s2n_pkey *priv_key, struct s2n_blob *asn1d
     if (evp_private_key == NULL) {
         evp_private_key = d2i_PrivateKey(type_hint, NULL, &key_to_parse, asn1der->size);
     }
-    POSIX_ENSURE(evp_private_key, S2N_ERR_DECODE_PRIVATE_KEY);
+    RESULT_ENSURE(evp_private_key, S2N_ERR_DECODE_PRIVATE_KEY);
 
     /* If key parsing is successful, d2i_AutoPrivateKey increments *key_to_parse to the byte following the parsed data */
     uint32_t parsed_len = key_to_parse - asn1der->data;
-    if (parsed_len != asn1der->size) {
-        POSIX_BAIL(S2N_ERR_DECODE_PRIVATE_KEY);
-    }
+    RESULT_ENSURE(parsed_len == asn1der->size, S2N_ERR_DECODE_PRIVATE_KEY);
 
     /* Initialize s2n_pkey according to key type */
     int type = EVP_PKEY_base_id(evp_private_key);
-
-    int ret;
     switch (type) {
         case EVP_PKEY_RSA:
-            ret = s2n_rsa_pkey_init(priv_key);
-            if (ret != 0) {
-                break;
-            }
-            ret = s2n_evp_pkey_to_rsa_private_key(&priv_key->key.rsa_key, evp_private_key);
+            RESULT_GUARD(s2n_rsa_pkey_init(priv_key));
+            RESULT_GUARD(s2n_evp_pkey_to_rsa_private_key(&priv_key->key.rsa_key, evp_private_key));
             break;
         case EVP_PKEY_RSA_PSS:
-            ret = s2n_rsa_pss_pkey_init(priv_key);
-            if (ret != 0) {
-                break;
-            }
-            ret = s2n_evp_pkey_to_rsa_pss_private_key(&priv_key->key.rsa_key, evp_private_key);
+            RESULT_GUARD(s2n_rsa_pss_pkey_init(priv_key));
+            RESULT_GUARD(s2n_evp_pkey_to_rsa_pss_private_key(&priv_key->key.rsa_key, evp_private_key));
             break;
         case EVP_PKEY_EC:
-            ret = s2n_ecdsa_pkey_init(priv_key);
-            if (ret != 0) {
-                break;
-            }
-            ret = s2n_evp_pkey_to_ecdsa_private_key(&priv_key->key.ecdsa_key, evp_private_key);
+            RESULT_GUARD(s2n_ecdsa_pkey_init(priv_key));
+            RESULT_GUARD(s2n_evp_pkey_to_ecdsa_private_key(&priv_key->key.ecdsa_key, evp_private_key));
             break;
         default:
-            POSIX_BAIL(S2N_ERR_DECODE_PRIVATE_KEY);
+            RESULT_BAIL(S2N_ERR_DECODE_PRIVATE_KEY);
     }
 
     priv_key->pkey = evp_private_key;
-    /* Reset to avoid DEFER_CLEANUP freeing our key */
-    evp_private_key = NULL;
+    ZERO_TO_DISABLE_DEFER_CLEANUP(evp_private_key);
 
-    return ret;
+    return S2N_RESULT_OK;
 }
 
-int s2n_asn1der_to_public_key_and_type(struct s2n_pkey *pub_key, s2n_pkey_type *pkey_type_out, struct s2n_blob *asn1der)
+S2N_RESULT s2n_asn1der_to_public_key_and_type(struct s2n_pkey *pub_key,
+        s2n_pkey_type *pkey_type_out, struct s2n_blob *asn1der)
 {
     uint8_t *cert_to_parse = asn1der->data;
     DEFER_CLEANUP(X509 *cert = NULL, X509_free_pointer);
 
     cert = d2i_X509(NULL, (const unsigned char **) (void *) &cert_to_parse, asn1der->size);
-    S2N_ERROR_IF(cert == NULL, S2N_ERR_DECODE_CERTIFICATE);
+    RESULT_ENSURE(cert != NULL, S2N_ERR_DECODE_CERTIFICATE);
 
     /* If cert parsing is successful, d2i_X509 increments *cert_to_parse to the byte following the parsed data */
     uint32_t parsed_len = cert_to_parse - asn1der->data;
 
     /* Some TLS clients in the wild send extra trailing bytes after the Certificate.
      * Allow this in s2n for backwards compatibility with existing clients. */
     uint32_t trailing_bytes = asn1der->size - parsed_len;
-    POSIX_ENSURE(trailing_bytes <= S2N_MAX_ALLOWED_CERT_TRAILING_BYTES, S2N_ERR_DECODE_CERTIFICATE);
+    RESULT_ENSURE(trailing_bytes <= S2N_MAX_ALLOWED_CERT_TRAILING_BYTES, S2N_ERR_DECODE_CERTIFICATE);
 
     DEFER_CLEANUP(EVP_PKEY *evp_public_key = X509_get_pubkey(cert), EVP_PKEY_free_pointer);
-    S2N_ERROR_IF(evp_public_key == NULL, S2N_ERR_DECODE_CERTIFICATE);
+    RESULT_ENSURE(evp_public_key != NULL, S2N_ERR_DECODE_CERTIFICATE);
 
     /* Check for success in decoding certificate according to type */
     int type = EVP_PKEY_base_id(evp_public_key);
-
-    int ret;
     switch (type) {
         case EVP_PKEY_RSA:
-            ret = s2n_rsa_pkey_init(pub_key);
-            if (ret != 0) {
-                break;
-            }
-            ret = s2n_evp_pkey_to_rsa_public_key(&pub_key->key.rsa_key, evp_public_key);
+            RESULT_GUARD(s2n_rsa_pkey_init(pub_key));
+            RESULT_GUARD(s2n_evp_pkey_to_rsa_public_key(&pub_key->key.rsa_key, evp_public_key));
             *pkey_type_out = S2N_PKEY_TYPE_RSA;
             break;
         case EVP_PKEY_RSA_PSS:
-            ret = s2n_rsa_pss_pkey_init(pub_key);
-            if (ret != 0) {
-                break;
-            }
-            ret = s2n_evp_pkey_to_rsa_pss_public_key(&pub_key->key.rsa_key, evp_public_key);
+            RESULT_GUARD(s2n_rsa_pss_pkey_init(pub_key));
+            RESULT_GUARD(s2n_evp_pkey_to_rsa_pss_public_key(&pub_key->key.rsa_key, evp_public_key));
             *pkey_type_out = S2N_PKEY_TYPE_RSA_PSS;
             break;
         case EVP_PKEY_EC:
-            ret = s2n_ecdsa_pkey_init(pub_key);
-            if (ret != 0) {
-                break;
-            }
-            ret = s2n_evp_pkey_to_ecdsa_public_key(&pub_key->key.ecdsa_key, evp_public_key);
+            RESULT_GUARD(s2n_ecdsa_pkey_init(pub_key));
+            RESULT_GUARD(s2n_evp_pkey_to_ecdsa_public_key(&pub_key->key.ecdsa_key, evp_public_key));
             *pkey_type_out = S2N_PKEY_TYPE_ECDSA;
             break;
         default:
-            POSIX_BAIL(S2N_ERR_DECODE_CERTIFICATE);
+            RESULT_BAIL(S2N_ERR_DECODE_CERTIFICATE);
     }
 
     pub_key->pkey = evp_public_key;
-    /* Reset to avoid DEFER_CLEANUP freeing our key */
-    evp_public_key = NULL;
+    ZERO_TO_DISABLE_DEFER_CLEANUP(evp_public_key);
 
-    return ret;
+    return S2N_RESULT_OK;
 }

crypto/s2n_pkey.h

@@ -56,7 +56,7 @@ struct s2n_pkey {
 };
 
 int s2n_pkey_zero_init(struct s2n_pkey *pkey);
-int s2n_pkey_setup_for_type(struct s2n_pkey *pkey, s2n_pkey_type pkey_type);
+S2N_RESULT s2n_pkey_setup_for_type(struct s2n_pkey *pkey, s2n_pkey_type pkey_type);
 int s2n_pkey_check_key_exists(const struct s2n_pkey *pkey);
 
 S2N_RESULT s2n_pkey_size(const struct s2n_pkey *pkey, uint32_t *size_out);
@@ -69,5 +69,5 @@ int s2n_pkey_decrypt(const struct s2n_pkey *pkey, struct s2n_blob *in, struct s2
 int s2n_pkey_match(const struct s2n_pkey *pub_key, const struct s2n_pkey *priv_key);
 int s2n_pkey_free(struct s2n_pkey *pkey);
 
-int s2n_asn1der_to_private_key(struct s2n_pkey *priv_key, struct s2n_blob *asn1der, int type_hint);
-int s2n_asn1der_to_public_key_and_type(struct s2n_pkey *pub_key, s2n_pkey_type *pkey_type, struct s2n_blob *asn1der);
+S2N_RESULT s2n_asn1der_to_private_key(struct s2n_pkey *priv_key, struct s2n_blob *asn1der, int type_hint);
+S2N_RESULT s2n_asn1der_to_public_key_and_type(struct s2n_pkey *pub_key, s2n_pkey_type *pkey_type, struct s2n_blob *asn1der);

crypto/s2n_rsa.c

@@ -193,25 +193,25 @@ static int s2n_rsa_check_key_exists(const struct s2n_pkey *pkey)
     return 0;
 }
 
-int s2n_evp_pkey_to_rsa_public_key(s2n_rsa_public_key *rsa_key, EVP_PKEY *evp_public_key)
+S2N_RESULT s2n_evp_pkey_to_rsa_public_key(s2n_rsa_public_key *rsa_key, EVP_PKEY *evp_public_key)
 {
     const RSA *rsa = EVP_PKEY_get1_RSA(evp_public_key);
-    S2N_ERROR_IF(rsa == NULL, S2N_ERR_DECODE_CERTIFICATE);
+    RESULT_ENSURE(rsa != NULL, S2N_ERR_DECODE_CERTIFICATE);
 
     rsa_key->rsa = rsa;
-    return 0;
+    return S2N_RESULT_OK;
 }
 
-int s2n_evp_pkey_to_rsa_private_key(s2n_rsa_private_key *rsa_key, EVP_PKEY *evp_private_key)
+S2N_RESULT s2n_evp_pkey_to_rsa_private_key(s2n_rsa_private_key *rsa_key, EVP_PKEY *evp_private_key)
 {
     const RSA *rsa = EVP_PKEY_get1_RSA(evp_private_key);
-    S2N_ERROR_IF(rsa == NULL, S2N_ERR_DECODE_PRIVATE_KEY);
+    RESULT_ENSURE(rsa != NULL, S2N_ERR_DECODE_PRIVATE_KEY);
 
     rsa_key->rsa = rsa;
-    return 0;
+    return S2N_RESULT_OK;
 }
 
-int s2n_rsa_pkey_init(struct s2n_pkey *pkey)
+S2N_RESULT s2n_rsa_pkey_init(struct s2n_pkey *pkey)
 {
     pkey->size = &s2n_rsa_encrypted_size;
     pkey->sign = &s2n_rsa_sign;
@@ -221,6 +221,6 @@ int s2n_rsa_pkey_init(struct s2n_pkey *pkey)
     pkey->match = &s2n_rsa_keys_match;
     pkey->free = &s2n_rsa_key_free;
     pkey->check_key = &s2n_rsa_check_key_exists;
-    POSIX_GUARD_RESULT(s2n_evp_signing_set_pkey_overrides(pkey));
-    return 0;
+    RESULT_GUARD(s2n_evp_signing_set_pkey_overrides(pkey));
+    return S2N_RESULT_OK;
 }

crypto/s2n_rsa.h

@@ -43,7 +43,7 @@ RSA *s2n_unsafe_rsa_get_non_const(const struct s2n_rsa_key *rsa_key);
 typedef struct s2n_rsa_key s2n_rsa_public_key;
 typedef struct s2n_rsa_key s2n_rsa_private_key;
 
-int s2n_rsa_pkey_init(struct s2n_pkey *pkey);
+S2N_RESULT s2n_rsa_pkey_init(struct s2n_pkey *pkey);
 
-int s2n_evp_pkey_to_rsa_public_key(s2n_rsa_public_key *rsa_key, EVP_PKEY *pkey);
-int s2n_evp_pkey_to_rsa_private_key(s2n_rsa_private_key *rsa_key, EVP_PKEY *pkey);
+S2N_RESULT s2n_evp_pkey_to_rsa_public_key(s2n_rsa_public_key *rsa_key, EVP_PKEY *pkey);
+S2N_RESULT s2n_evp_pkey_to_rsa_private_key(s2n_rsa_private_key *rsa_key, EVP_PKEY *pkey);

crypto/s2n_rsa_pss.c

@@ -187,37 +187,37 @@ static int s2n_rsa_pss_key_free(struct s2n_pkey *pkey)
     return S2N_SUCCESS;
 }
 
-int s2n_evp_pkey_to_rsa_pss_public_key(struct s2n_rsa_key *rsa_key, EVP_PKEY *pkey)
+S2N_RESULT s2n_evp_pkey_to_rsa_pss_public_key(struct s2n_rsa_key *rsa_key, EVP_PKEY *pkey)
 {
     const RSA *pub_rsa_key = EVP_PKEY_get1_RSA(pkey);
-    POSIX_ENSURE_REF(pub_rsa_key);
+    RESULT_ENSURE_REF(pub_rsa_key);
 
-    S2N_ERROR_IF(s2n_rsa_is_private_key(pub_rsa_key), S2N_ERR_KEY_MISMATCH);
+    RESULT_ENSURE(!s2n_rsa_is_private_key(pub_rsa_key), S2N_ERR_KEY_MISMATCH);
 
     rsa_key->rsa = pub_rsa_key;
-    return 0;
+    return S2N_RESULT_OK;
 }
 
-int s2n_evp_pkey_to_rsa_pss_private_key(struct s2n_rsa_key *rsa_key, EVP_PKEY *pkey)
+S2N_RESULT s2n_evp_pkey_to_rsa_pss_private_key(struct s2n_rsa_key *rsa_key, EVP_PKEY *pkey)
 {
     const RSA *priv_rsa_key = EVP_PKEY_get1_RSA(pkey);
-    POSIX_ENSURE_REF(priv_rsa_key);
+    RESULT_ENSURE_REF(priv_rsa_key);
 
     /* Documentation: https://www.openssl.org/docs/man1.1.1/man3/RSA_check_key.html */
-    S2N_ERROR_IF(!s2n_rsa_is_private_key(priv_rsa_key), S2N_ERR_KEY_MISMATCH);
+    RESULT_ENSURE(s2n_rsa_is_private_key(priv_rsa_key), S2N_ERR_KEY_MISMATCH);
 
     /* Check that the mandatory properties of a RSA Private Key are valid.
      *  - Documentation: https://www.openssl.org/docs/man1.1.1/man3/RSA_check_key.html
      */
-    POSIX_GUARD_OSSL(RSA_check_key(priv_rsa_key), S2N_ERR_KEY_CHECK);
+    RESULT_GUARD_OSSL(RSA_check_key(priv_rsa_key), S2N_ERR_KEY_CHECK);
 
     rsa_key->rsa = priv_rsa_key;
-    return 0;
+    return S2N_RESULT_OK;
 }
 
-int s2n_rsa_pss_pkey_init(struct s2n_pkey *pkey)
+S2N_RESULT s2n_rsa_pss_pkey_init(struct s2n_pkey *pkey)
 {
-    POSIX_GUARD(s2n_rsa_pkey_init(pkey));
+    RESULT_GUARD(s2n_rsa_pkey_init(pkey));
 
     pkey->size = &s2n_rsa_pss_size;
     pkey->sign = &s2n_rsa_pss_key_sign;
@@ -231,25 +231,25 @@ int s2n_rsa_pss_pkey_init(struct s2n_pkey *pkey)
     pkey->match = &s2n_rsa_pss_keys_match;
     pkey->free = &s2n_rsa_pss_key_free;
 
-    POSIX_GUARD_RESULT(s2n_evp_signing_set_pkey_overrides(pkey));
-    return 0;
+    RESULT_GUARD(s2n_evp_signing_set_pkey_overrides(pkey));
+    return S2N_RESULT_OK;
 }
 
 #else
 
-int s2n_evp_pkey_to_rsa_pss_public_key(struct s2n_rsa_key *rsa_pss_key, EVP_PKEY *pkey)
+S2N_RESULT s2n_evp_pkey_to_rsa_pss_public_key(struct s2n_rsa_key *rsa_pss_key, EVP_PKEY *pkey)
 {
-    POSIX_BAIL(S2N_ERR_RSA_PSS_NOT_SUPPORTED);
+    RESULT_BAIL(S2N_ERR_RSA_PSS_NOT_SUPPORTED);
 }
 
-int s2n_evp_pkey_to_rsa_pss_private_key(struct s2n_rsa_key *rsa_pss_key, EVP_PKEY *pkey)
+S2N_RESULT s2n_evp_pkey_to_rsa_pss_private_key(struct s2n_rsa_key *rsa_pss_key, EVP_PKEY *pkey)
 {
-    POSIX_BAIL(S2N_ERR_RSA_PSS_NOT_SUPPORTED);
+    RESULT_BAIL(S2N_ERR_RSA_PSS_NOT_SUPPORTED);
 }
 
-int s2n_rsa_pss_pkey_init(struct s2n_pkey *pkey)
+S2N_RESULT s2n_rsa_pss_pkey_init(struct s2n_pkey *pkey)
 {
-    POSIX_BAIL(S2N_ERR_RSA_PSS_NOT_SUPPORTED);
+    RESULT_BAIL(S2N_ERR_RSA_PSS_NOT_SUPPORTED);
 }
 
 #endif