Merge pull request #9926 from gilles-peskine-arm/error-codes-add-force-low-mbedtls

Do not add error codes

ChangeLog.d/error-unification.txt

@@ -0,0 +1,11 @@
+API changes
+   * The PSA and Mbed TLS error spaces are now unified. mbedtls_xxx()
+     functions can now return PSA_ERROR_xxx values.
+     There is no longer a distinction between "low-level" and "high-level"
+     Mbed TLS error codes.
+     This will not affect most applications since the error values are
+     between -32767 and -1 as before.
+
+Removals
+   * Remove mbedtls_low_level_sterr() and mbedtls_high_level_strerr(),
+     since these concepts no longer exists. There is just mbedtls_strerror().

include/mbedtls/error.h

@@ -30,36 +30,6 @@ extern "C" {
  */
 void mbedtls_strerror(int errnum, char *buffer, size_t buflen);
 
-/**
- * \brief Translate the high-level part of an Mbed TLS error code into a string
- *        representation.
- *
- * This function returns a const pointer to an un-modifiable string. The caller
- * must not try to modify the string. It is intended to be used mostly for
- * logging purposes.
- *
- * \param error_code    error code
- *
- * \return The string representation of the error code, or \c NULL if the error
- *         code is unknown.
- */
-const char *mbedtls_high_level_strerr(int error_code);
-
-/**
- * \brief Translate the low-level part of an Mbed TLS error code into a string
- *        representation.
- *
- * This function returns a const pointer to an un-modifiable string. The caller
- * must not try to modify the string. It is intended to be used mostly for
- * logging purposes.
- *
- * \param error_code    error code
- *
- * \return The string representation of the error code, or \c NULL if the error
- *         code is unknown.
- */
-const char *mbedtls_low_level_strerr(int error_code);
-
 #ifdef __cplusplus
 }
 #endif

library/ssl_tls.c

@@ -7004,7 +7004,7 @@ static int ssl_parse_certificate_chain(mbedtls_ssl_context *ssl,
 #endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
         switch (ret) {
             case 0: /*ok*/
-            case MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG + MBEDTLS_ERR_OID_NOT_FOUND:
+            case MBEDTLS_ERR_OID_NOT_FOUND:
                 /* Ignore certificate with an unknown algorithm: maybe a
                    prior certificate was already trusted. */
                 break;

library/ssl_tls13_generic.c

@@ -518,7 +518,7 @@ int mbedtls_ssl_tls13_parse_certificate(mbedtls_ssl_context *ssl,
         switch (ret) {
             case 0: /*ok*/
                 break;
-            case MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG + MBEDTLS_ERR_OID_NOT_FOUND:
+            case MBEDTLS_ERR_OID_NOT_FOUND:
                 /* Ignore certificate with an unknown algorithm: maybe a
                    prior certificate was already trusted. */
                 break;

scripts/data_files/error.fmt

@@ -20,7 +20,7 @@
 
 HEADER_INCLUDED
 
-const char *mbedtls_high_level_strerr(int error_code)
+static const char *mbedtls_high_level_strerr(int error_code)
 {
     int high_level_error_code;
 
@@ -43,7 +43,7 @@ const char *mbedtls_high_level_strerr(int error_code)
     return NULL;
 }
 
-const char *mbedtls_low_level_strerr(int error_code)
+static const char *mbedtls_low_level_strerr(int error_code)
 {
     int low_level_error_code;
 

tf-psa-crypto

@@ -1 +1 @@
-Subproject commit 399c5f9e1d71cb177eb0c16cb934755b409abe23
+Subproject commit 332798582bccda6e5f90dbe85dd8898d5dbdf652