lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-10-26 00:37:41 +03:00
Code Activity

Merge pull request #9926 from gilles-peskine-arm/error-codes-add-force-low-mbedtls

Browse Source 
Do not add error codes
This commit is contained in:
Manuel Pégourié-Gonnard
2025-03-25 12:01:55 +00:00
committed by GitHub
parent 0a69f14abc 61621cbb5d
commit 44b3b91556
6 changed files with 16 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
ChangeLog.d/error-unification.txt Normal file
View File

@@ -0,0 +1,11 @@
API changes
* The PSA and Mbed TLS error spaces are now unified. mbedtls_xxx()
functions can now return PSA_ERROR_xxx values.
There is no longer a distinction between "low-level" and "high-level"
Mbed TLS error codes.
This will not affect most applications since the error values are
between -32767 and -1 as before.
Removals
* Remove mbedtls_low_level_sterr() and mbedtls_high_level_strerr(),
since these concepts no longer exists. There is just mbedtls_strerror().

30
include/mbedtls/error.h
View File

@@ -30,36 +30,6 @@ extern "C" {
*/ */
void mbedtls_strerror(int errnum, char *buffer, size_t buflen); void mbedtls_strerror(int errnum, char *buffer, size_t buflen);
/**
* \brief Translate the high-level part of an Mbed TLS error code into a string
* representation.
*
* This function returns a const pointer to an un-modifiable string. The caller
* must not try to modify the string. It is intended to be used mostly for
* logging purposes.
*
* \param error_code error code
*
* \return The string representation of the error code, or \c NULL if the error
* code is unknown.
*/
const char *mbedtls_high_level_strerr(int error_code);
/**
* \brief Translate the low-level part of an Mbed TLS error code into a string
* representation.
*
* This function returns a const pointer to an un-modifiable string. The caller
* must not try to modify the string. It is intended to be used mostly for
* logging purposes.
*
* \param error_code error code
*
* \return The string representation of the error code, or \c NULL if the error
* code is unknown.
*/
const char *mbedtls_low_level_strerr(int error_code);
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif #endif

2
library/ssl_tls.c
View File

@@ -7004,7 +7004,7 @@ static int ssl_parse_certificate_chain(mbedtls_ssl_context *ssl,
#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ #endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
switch (ret) { switch (ret) {
case 0: /*ok*/ case 0: /*ok*/
case MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG + MBEDTLS_ERR_OID_NOT_FOUND: case MBEDTLS_ERR_OID_NOT_FOUND:
/* Ignore certificate with an unknown algorithm: maybe a /* Ignore certificate with an unknown algorithm: maybe a
prior certificate was already trusted. */ prior certificate was already trusted. */
break; break;

2
library/ssl_tls13_generic.c
View File

@@ -518,7 +518,7 @@ int mbedtls_ssl_tls13_parse_certificate(mbedtls_ssl_context *ssl,
switch (ret) { switch (ret) {
case 0: /*ok*/ case 0: /*ok*/
break; break;
case MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG + MBEDTLS_ERR_OID_NOT_FOUND: case MBEDTLS_ERR_OID_NOT_FOUND:
/* Ignore certificate with an unknown algorithm: maybe a /* Ignore certificate with an unknown algorithm: maybe a
prior certificate was already trusted. */ prior certificate was already trusted. */
break; break;

4
scripts/data_files/error.fmt
View File

@@ -20,7 +20,7 @@
HEADER_INCLUDED HEADER_INCLUDED
const char *mbedtls_high_level_strerr(int error_code) static const char *mbedtls_high_level_strerr(int error_code)
{ {
int high_level_error_code; int high_level_error_code;
@@ -43,7 +43,7 @@ const char *mbedtls_high_level_strerr(int error_code)
return NULL; return NULL;
} }
const char *mbedtls_low_level_strerr(int error_code) static const char *mbedtls_low_level_strerr(int error_code)
{ {
int low_level_error_code; int low_level_error_code;

2
tf-psa-crypto

Submodule tf-psa-crypto updated: 399c5f9e1d...332798582b