Unify generic errors to PSA errors
Signed-off-by: Felix Conway <felix.conway@arm.com>
diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h
index bf418a6..6b81652 100644
--- a/include/mbedtls/x509_crt.h
+++ b/include/mbedtls/x509_crt.h
@@ -234,7 +234,7 @@
* \param ctx Certificate context to use
* \param san_list List of SAN values
*
- * \return 0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED
+ * \return 0 if successful, or #PSA_ERROR_INSUFFICIENT_MEMORY
*
* \note "dnsName", "uniformResourceIdentifier", "IP address",
* "otherName", and "DirectoryName", as defined in RFC 5280,
@@ -610,7 +610,7 @@
* other than fatal error, as a non-zero return code
* immediately aborts the verification process. For fatal
* errors, a specific error code should be used (different
- * from MBEDTLS_ERR_X509_CERT_VERIFY_FAILED which should not
+ * from #PSA_ERROR_INVALID_SIGNATURE which should not
* be returned at this point), or MBEDTLS_ERR_X509_FATAL_ERROR
* can be used if no better code is available.
*
@@ -653,7 +653,7 @@
*
* \return \c 0 if the chain is valid with respect to the
* passed CN, CAs, CRLs and security profile.
- * \return #MBEDTLS_ERR_X509_CERT_VERIFY_FAILED in case the
+ * \return #PSA_ERROR_INVALID_SIGNATURE in case the
* certificate chain verification failed. In this case,
* \c *flags will have one or more
* \c MBEDTLS_X509_BADCERT_XXX or \c MBEDTLS_X509_BADCRL_XXX
@@ -694,7 +694,7 @@
*
* \return \c 0 if the chain is valid with respect to the
* passed CN, CAs, CRLs and security profile.
- * \return #MBEDTLS_ERR_X509_CERT_VERIFY_FAILED in case the
+ * \return #PSA_ERROR_INVALID_SIGNATURE in case the
* certificate chain verification failed. In this case,
* \c *flags will have one or more
* \c MBEDTLS_X509_BADCERT_XXX or \c MBEDTLS_X509_BADCRL_XXX
@@ -826,7 +826,7 @@
* that bit MAY be set.
*
* \return 0 is these uses of the certificate are allowed,
- * MBEDTLS_ERR_X509_BAD_INPUT_DATA if the keyUsage extension
+ * #PSA_ERROR_INVALID_ARGUMENT if the keyUsage extension
* is present but does not match the usage argument.
*
* \note You should only call this function on leaf certificates, on
@@ -845,7 +845,7 @@
* \param usage_len Length of usage_oid (eg given by MBEDTLS_OID_SIZE()).
*
* \return 0 if this use of the certificate is allowed,
- * MBEDTLS_ERR_X509_BAD_INPUT_DATA if not.
+ * #PSA_ERROR_INVALID_ARGUMENT if not.
*
* \note Usually only makes sense on leaf certificates.
*/
@@ -952,7 +952,7 @@
* input buffer
*
* \return 0 if successful, or
- * MBEDTLS_ERR_X509_BAD_INPUT_DATA if the provided input buffer
+ * #PSA_ERROR_INVALID_ARGUMENT if the provided input buffer
* is too big (longer than MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN)
*/
int mbedtls_x509write_crt_set_serial_raw(mbedtls_x509write_cert *ctx,
@@ -1041,7 +1041,7 @@
* \param val value of the extension OCTET STRING
* \param val_len length of the value data
*
- * \return 0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED
+ * \return 0 if successful, or #PSA_ERROR_INSUFFICIENT_MEMORY
*/
int mbedtls_x509write_crt_set_extension(mbedtls_x509write_cert *ctx,
const char *oid, size_t oid_len,
@@ -1057,7 +1057,7 @@
* certificate (only for CA certificates, -1 is
* unlimited)
*
- * \return 0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED
+ * \return 0 if successful, or #PSA_ERROR_INSUFFICIENT_MEMORY
*/
int mbedtls_x509write_crt_set_basic_constraints(mbedtls_x509write_cert *ctx,
int is_ca, int max_pathlen);
@@ -1070,7 +1070,7 @@
*
* \param ctx CRT context to use
*
- * \return 0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED
+ * \return 0 if successful, or #PSA_ERROR_INSUFFICIENT_MEMORY
*/
int mbedtls_x509write_crt_set_subject_key_identifier(mbedtls_x509write_cert *ctx);
@@ -1081,7 +1081,7 @@
*
* \param ctx CRT context to use
*
- * \return 0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED
+ * \return 0 if successful, or #PSA_ERROR_INSUFFICIENT_MEMORY
*/
int mbedtls_x509write_crt_set_authority_key_identifier(mbedtls_x509write_cert *ctx);
#endif /* PSA_WANT_ALG_SHA_1 */
@@ -1093,7 +1093,7 @@
* \param ctx CRT context to use
* \param key_usage key usage flags to set
*
- * \return 0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED
+ * \return 0 if successful, or #PSA_ERROR_INSUFFICIENT_MEMORY
*/
int mbedtls_x509write_crt_set_key_usage(mbedtls_x509write_cert *ctx,
unsigned int key_usage);
@@ -1106,7 +1106,7 @@
* \param exts extended key usage extensions to set, a sequence of
* MBEDTLS_ASN1_OID objects
*
- * \return 0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED
+ * \return 0 if successful, or #PSA_ERROR_INSUFFICIENT_MEMORY
*/
int mbedtls_x509write_crt_set_ext_key_usage(mbedtls_x509write_cert *ctx,
const mbedtls_asn1_sequence *exts);
@@ -1118,7 +1118,7 @@
* \param ctx CRT context to use
* \param ns_cert_type Netscape Cert Type flags to set
*
- * \return 0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED
+ * \return 0 if successful, or #PSA_ERROR_INSUFFICIENT_MEMORY
*/
int mbedtls_x509write_crt_set_ns_cert_type(mbedtls_x509write_cert *ctx,
unsigned char ns_cert_type);