Unify PSA to Mbed TLS error translation

Move all error translation utilities to psa_util.c. Introduce macros and functions to avoid having a local copy of the error translating function in each place. Identify overlapping errors and introduce a generic function. Provide a single macro for all error translations (unless one file needs a couple of different ones). Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2025-07-28 00:21:48 +03:00 · 2022-12-23 11:00:06 -05:00
parent 05b80a4eee
commit 8a045ce5e6
29 changed files with 459 additions and 147 deletions
--- a/library/ssl_tls12_client.c
+++ b/library/ssl_tls12_client.c
@ -33,6 +33,9 @@
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
 #include "mbedtls/psa_util.h"
 #include "psa/crypto.h"
+#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status,   \
+                                                           psa_to_ssl_errors,             \
+                                                           psa_generic_status_to_mbedtls)
 #endif /* MBEDTLS_USE_PSA_CRYPTO */

 #include <string.h>
@ -2951,7 +2954,7 @@ ecdh_calc_secret:
        status = psa_generate_key(&key_attributes,
                                  &handshake->ecdh_psa_privkey);
        if (status != PSA_SUCCESS) {
-            return psa_ssl_status_to_mbedtls(status);
+            return PSA_TO_MBEDTLS_ERR(status);
        }

        /* Export the public part of the ECDH private key from PSA.
@ -2968,7 +2971,7 @@ ecdh_calc_secret:
        if (status != PSA_SUCCESS) {
            psa_destroy_key(handshake->ecdh_psa_privkey);
            handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
-            return psa_ssl_status_to_mbedtls(status);
+            return PSA_TO_MBEDTLS_ERR(status);
        }

        *p = (unsigned char) own_pubkey_len;
@ -3000,9 +3003,9 @@ ecdh_calc_secret:
        handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;

        if (status != PSA_SUCCESS) {
-            return psa_ssl_status_to_mbedtls(status);
+            return PSA_TO_MBEDTLS_ERR(status);
        } else if (destruction_status != PSA_SUCCESS) {
-            return psa_ssl_status_to_mbedtls(destruction_status);
+            return PSA_TO_MBEDTLS_ERR(destruction_status);
        }

        /* Write the ECDH computation length before the ECDH computation */