diff --git a/ChangeLog.d/error-unification.txt b/ChangeLog.d/error-unification.txt new file mode 100644 index 0000000000..bcf5ba1f3d --- /dev/null +++ b/ChangeLog.d/error-unification.txt @@ -0,0 +1,11 @@ +API changes + * The PSA and Mbed TLS error spaces are now unified. mbedtls_xxx() + functions can now return PSA_ERROR_xxx values. + There is no longer a distinction between "low-level" and "high-level" + Mbed TLS error codes. + This will not affect most applications since the error values are + between -32767 and -1 as before. + +Removals + * Remove mbedtls_low_level_sterr() and mbedtls_high_level_strerr(), + since these concepts no longer exists. There is just mbedtls_strerror(). diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h index 8b7c19aa5f..7abb00fd03 100644 --- a/include/mbedtls/error.h +++ b/include/mbedtls/error.h @@ -30,36 +30,6 @@ extern "C" { */ void mbedtls_strerror(int errnum, char *buffer, size_t buflen); -/** - * \brief Translate the high-level part of an Mbed TLS error code into a string - * representation. - * - * This function returns a const pointer to an un-modifiable string. The caller - * must not try to modify the string. It is intended to be used mostly for - * logging purposes. - * - * \param error_code error code - * - * \return The string representation of the error code, or \c NULL if the error - * code is unknown. - */ -const char *mbedtls_high_level_strerr(int error_code); - -/** - * \brief Translate the low-level part of an Mbed TLS error code into a string - * representation. - * - * This function returns a const pointer to an un-modifiable string. The caller - * must not try to modify the string. It is intended to be used mostly for - * logging purposes. - * - * \param error_code error code - * - * \return The string representation of the error code, or \c NULL if the error - * code is unknown. - */ -const char *mbedtls_low_level_strerr(int error_code); - #ifdef __cplusplus } #endif diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 46fb92464d..7eb181e373 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -7004,7 +7004,7 @@ static int ssl_parse_certificate_chain(mbedtls_ssl_context *ssl, #endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ switch (ret) { case 0: /*ok*/ - case MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG + MBEDTLS_ERR_OID_NOT_FOUND: + case MBEDTLS_ERR_OID_NOT_FOUND: /* Ignore certificate with an unknown algorithm: maybe a prior certificate was already trusted. */ break; diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 6a7d502723..1076dea393 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -518,7 +518,7 @@ int mbedtls_ssl_tls13_parse_certificate(mbedtls_ssl_context *ssl, switch (ret) { case 0: /*ok*/ break; - case MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG + MBEDTLS_ERR_OID_NOT_FOUND: + case MBEDTLS_ERR_OID_NOT_FOUND: /* Ignore certificate with an unknown algorithm: maybe a prior certificate was already trusted. */ break; diff --git a/scripts/data_files/error.fmt b/scripts/data_files/error.fmt index b75a9ab4ec..14522ecd20 100644 --- a/scripts/data_files/error.fmt +++ b/scripts/data_files/error.fmt @@ -20,7 +20,7 @@ HEADER_INCLUDED -const char *mbedtls_high_level_strerr(int error_code) +static const char *mbedtls_high_level_strerr(int error_code) { int high_level_error_code; @@ -43,7 +43,7 @@ const char *mbedtls_high_level_strerr(int error_code) return NULL; } -const char *mbedtls_low_level_strerr(int error_code) +static const char *mbedtls_low_level_strerr(int error_code) { int low_level_error_code; diff --git a/tf-psa-crypto b/tf-psa-crypto index 399c5f9e1d..332798582b 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit 399c5f9e1d71cb177eb0c16cb934755b409abe23 +Subproject commit 332798582bccda6e5f90dbe85dd8898d5dbdf652