lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-29 11:41:15 +03:00
Code Activity

Merge pull request #6829 from AndrzejKurek/unify-psa-errors

Browse Source 
Unify PSA to Mbed TLS error translation
This commit is contained in:
Gilles Peskine
2023-03-07 19:55:44 +01:00
committed by GitHub
parent 12e3c8e019 270b3f9790
commit a2fc399f57
29 changed files with 523 additions and 163 deletions
Download Patch File Download Diff File Expand all files Collapse all files

53
library/ssl_tls.c
View File

@ -52,6 +52,15 @@
#include "mbedtls/oid.h"
#endif
#if defined(MBEDTLS_USE_PSA_CRYPTO)
#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \
psa_to_ssl_errors, \
psa_generic_status_to_mbedtls)
#define PSA_TO_MD_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \
psa_to_md_errors, \
psa_generic_status_to_mbedtls)
#endif
#if defined(MBEDTLS_TEST_HOOKS)
static mbedtls_ssl_chk_buf_ptr_args chk_buf_ptr_fail_args;
@ -832,11 +841,11 @@ int mbedtls_ssl_reset_checksum(mbedtls_ssl_context *ssl)
#if defined(MBEDTLS_USE_PSA_CRYPTO)
status = psa_hash_abort(&ssl->handshake->fin_sha256_psa);
if (status != PSA_SUCCESS) {
return mbedtls_md_error_from_psa(status);
return PSA_TO_MD_ERR(status);
}
status = psa_hash_setup(&ssl->handshake->fin_sha256_psa, PSA_ALG_SHA_256);
if (status != PSA_SUCCESS) {
return mbedtls_md_error_from_psa(status);
return PSA_TO_MD_ERR(status);
}
#else
mbedtls_md_free(&ssl->handshake->fin_sha256);
@ -857,11 +866,11 @@ int mbedtls_ssl_reset_checksum(mbedtls_ssl_context *ssl)
#if defined(MBEDTLS_USE_PSA_CRYPTO)
status = psa_hash_abort(&ssl->handshake->fin_sha384_psa);
if (status != PSA_SUCCESS) {
return mbedtls_md_error_from_psa(status);
return PSA_TO_MD_ERR(status);
}
status = psa_hash_setup(&ssl->handshake->fin_sha384_psa, PSA_ALG_SHA_384);
if (status != PSA_SUCCESS) {
return mbedtls_md_error_from_psa(status);
return PSA_TO_MD_ERR(status);
}
#else
mbedtls_md_free(&ssl->handshake->fin_sha384);
@ -899,7 +908,7 @@ static int ssl_update_checksum_start(mbedtls_ssl_context *ssl,
#if defined(MBEDTLS_USE_PSA_CRYPTO)
status = psa_hash_update(&ssl->handshake->fin_sha256_psa, buf, len);
if (status != PSA_SUCCESS) {
return mbedtls_md_error_from_psa(status);
return PSA_TO_MD_ERR(status);
}
#else
ret = mbedtls_md_update(&ssl->handshake->fin_sha256, buf, len);
@ -912,7 +921,7 @@ static int ssl_update_checksum_start(mbedtls_ssl_context *ssl,
#if defined(MBEDTLS_USE_PSA_CRYPTO)
status = psa_hash_update(&ssl->handshake->fin_sha384_psa, buf, len);
if (status != PSA_SUCCESS) {
return mbedtls_md_error_from_psa(status);
return PSA_TO_MD_ERR(status);
}
#else
ret = mbedtls_md_update(&ssl->handshake->fin_sha384, buf, len);
@ -929,8 +938,8 @@ static int ssl_update_checksum_sha256(mbedtls_ssl_context *ssl,
const unsigned char *buf, size_t len)
{
#if defined(MBEDTLS_USE_PSA_CRYPTO)
return mbedtls_md_error_from_psa(psa_hash_update(
&ssl->handshake->fin_sha256_psa, buf, len));
return PSA_TO_MD_ERR(psa_hash_update(
&ssl->handshake->fin_sha256_psa, buf, len));
#else
return mbedtls_md_update(&ssl->handshake->fin_sha256, buf, len);
#endif
@ -942,8 +951,8 @@ static int ssl_update_checksum_sha384(mbedtls_ssl_context *ssl,
const unsigned char *buf, size_t len)
{
#if defined(MBEDTLS_USE_PSA_CRYPTO)
return mbedtls_md_error_from_psa(psa_hash_update(
&ssl->handshake->fin_sha384_psa, buf, len));
return PSA_TO_MD_ERR(psa_hash_update(
&ssl->handshake->fin_sha384_psa, buf, len));
#else
return mbedtls_md_update(&ssl->handshake->fin_sha384, buf, len);
#endif
@ -5774,7 +5783,7 @@ exit:
!defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
(void) ssl;
#endif
return psa_ssl_status_to_mbedtls(status);
return PSA_TO_MBEDTLS_ERR(status);
}
#else /* MBEDTLS_USE_PSA_CRYPTO */
@ -6629,7 +6638,7 @@ int ssl_calc_verify_tls_sha256(const mbedtls_ssl_context *ssl,
exit:
psa_hash_abort(&sha256_psa);
return mbedtls_md_error_from_psa(status);
return PSA_TO_MD_ERR(status);
#else
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_md_context_t sha256;
@ -6691,7 +6700,7 @@ int ssl_calc_verify_tls_sha384(const mbedtls_ssl_context *ssl,
exit:
psa_hash_abort(&sha384_psa);
return mbedtls_md_error_from_psa(status);
return PSA_TO_MD_ERR(status);
#else
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_md_context_t sha384;
@ -7745,7 +7754,7 @@ static int ssl_calc_finished_tls_sha256(
exit:
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_hash_abort(&sha256_psa);
return mbedtls_md_error_from_psa(status);
return PSA_TO_MD_ERR(status);
#else
mbedtls_md_free(&sha256);
return ret;
@ -7834,7 +7843,7 @@ static int ssl_calc_finished_tls_sha384(
exit:
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_hash_abort(&sha384_psa);
return mbedtls_md_error_from_psa(status);
return PSA_TO_MD_ERR(status);
#else
mbedtls_md_free(&sha384);
return ret;
@ -8282,7 +8291,7 @@ static int ssl_tls12_populate_transform(mbedtls_ssl_transform *transform,
&alg,
&key_type,
&key_bits)) != PSA_SUCCESS) {
ret = psa_ssl_status_to_mbedtls(status);
ret = PSA_TO_MBEDTLS_ERR(status);
MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_cipher_to_psa", ret);
goto end;
}
@ -8530,7 +8539,7 @@ static int ssl_tls12_populate_transform(mbedtls_ssl_transform *transform,
PSA_BITS_TO_BYTES(key_bits),
&transform->psa_key_enc)) != PSA_SUCCESS) {
MBEDTLS_SSL_DEBUG_RET(3, "psa_import_key", (int) status);
ret = psa_ssl_status_to_mbedtls(status);
ret = PSA_TO_MBEDTLS_ERR(status);
MBEDTLS_SSL_DEBUG_RET(1, "psa_import_key", ret);
goto end;
}
@ -8541,7 +8550,7 @@ static int ssl_tls12_populate_transform(mbedtls_ssl_transform *transform,
key2,
PSA_BITS_TO_BYTES(key_bits),
&transform->psa_key_dec)) != PSA_SUCCESS) {
ret = psa_ssl_status_to_mbedtls(status);
ret = PSA_TO_MBEDTLS_ERR(status);
MBEDTLS_SSL_DEBUG_RET(1, "psa_import_key", ret);
goto end;
}
@ -8604,7 +8613,7 @@ static int ssl_tls12_populate_transform(mbedtls_ssl_transform *transform,
if ((status = psa_import_key(&attributes,
mac_enc, mac_key_len,
&transform->psa_mac_enc)) != PSA_SUCCESS) {
ret = psa_ssl_status_to_mbedtls(status);
ret = PSA_TO_MBEDTLS_ERR(status);
MBEDTLS_SSL_DEBUG_RET(1, "psa_import_mac_key", ret);
goto end;
}
@ -8625,7 +8634,7 @@ static int ssl_tls12_populate_transform(mbedtls_ssl_transform *transform,
if ((status = psa_import_key(&attributes,
mac_dec, mac_key_len,
&transform->psa_mac_dec)) != PSA_SUCCESS) {
ret = psa_ssl_status_to_mbedtls(status);
ret = PSA_TO_MBEDTLS_ERR(status);
MBEDTLS_SSL_DEBUG_RET(1, "psa_import_mac_key", ret);
goto end;
}
@ -8680,7 +8689,7 @@ int mbedtls_psa_ecjpake_read_round(
status = psa_pake_input(pake_ctx, step,
buf + input_offset, length);
if (status != PSA_SUCCESS) {
return psa_ssl_status_to_mbedtls(status);
return PSA_TO_MBEDTLS_ERR(status);
}
input_offset += length;
@ -8722,7 +8731,7 @@ int mbedtls_psa_ecjpake_write_round(
len - output_offset - 1,
&output_len);
if (status != PSA_SUCCESS) {
return psa_ssl_status_to_mbedtls(status);
return PSA_TO_MBEDTLS_ERR(status);
}
*(buf + output_offset) = (uint8_t) output_len;