Merge pull request #9926 from gilles-peskine-arm/error-codes-add-force-low-mbedtls
Do not add error codes
diff --git a/ChangeLog.d/error-unification.txt b/ChangeLog.d/error-unification.txt
new file mode 100644
index 0000000..bcf5ba1
--- /dev/null
+++ b/ChangeLog.d/error-unification.txt
@@ -0,0 +1,11 @@
+API changes
+ * The PSA and Mbed TLS error spaces are now unified. mbedtls_xxx()
+ functions can now return PSA_ERROR_xxx values.
+ There is no longer a distinction between "low-level" and "high-level"
+ Mbed TLS error codes.
+ This will not affect most applications since the error values are
+ between -32767 and -1 as before.
+
+Removals
+ * Remove mbedtls_low_level_sterr() and mbedtls_high_level_strerr(),
+ since these concepts no longer exists. There is just mbedtls_strerror().
diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h
index 8b7c19a..7abb00f 100644
--- a/include/mbedtls/error.h
+++ b/include/mbedtls/error.h
@@ -30,36 +30,6 @@
*/
void mbedtls_strerror(int errnum, char *buffer, size_t buflen);
-/**
- * \brief Translate the high-level part of an Mbed TLS error code into a string
- * representation.
- *
- * This function returns a const pointer to an un-modifiable string. The caller
- * must not try to modify the string. It is intended to be used mostly for
- * logging purposes.
- *
- * \param error_code error code
- *
- * \return The string representation of the error code, or \c NULL if the error
- * code is unknown.
- */
-const char *mbedtls_high_level_strerr(int error_code);
-
-/**
- * \brief Translate the low-level part of an Mbed TLS error code into a string
- * representation.
- *
- * This function returns a const pointer to an un-modifiable string. The caller
- * must not try to modify the string. It is intended to be used mostly for
- * logging purposes.
- *
- * \param error_code error code
- *
- * \return The string representation of the error code, or \c NULL if the error
- * code is unknown.
- */
-const char *mbedtls_low_level_strerr(int error_code);
-
#ifdef __cplusplus
}
#endif
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 46fb924..7eb181e 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -7004,7 +7004,7 @@
#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
switch (ret) {
case 0: /*ok*/
- case MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG + MBEDTLS_ERR_OID_NOT_FOUND:
+ case MBEDTLS_ERR_OID_NOT_FOUND:
/* Ignore certificate with an unknown algorithm: maybe a
prior certificate was already trusted. */
break;
diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index 6a7d502..1076dea 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -518,7 +518,7 @@
switch (ret) {
case 0: /*ok*/
break;
- case MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG + MBEDTLS_ERR_OID_NOT_FOUND:
+ case MBEDTLS_ERR_OID_NOT_FOUND:
/* Ignore certificate with an unknown algorithm: maybe a
prior certificate was already trusted. */
break;
diff --git a/scripts/data_files/error.fmt b/scripts/data_files/error.fmt
index b75a9ab..14522ec 100644
--- a/scripts/data_files/error.fmt
+++ b/scripts/data_files/error.fmt
@@ -20,7 +20,7 @@
HEADER_INCLUDED
-const char *mbedtls_high_level_strerr(int error_code)
+static const char *mbedtls_high_level_strerr(int error_code)
{
int high_level_error_code;
@@ -43,7 +43,7 @@
return NULL;
}
-const char *mbedtls_low_level_strerr(int error_code)
+static const char *mbedtls_low_level_strerr(int error_code)
{
int low_level_error_code;
diff --git a/tf-psa-crypto b/tf-psa-crypto
index 399c5f9..3327985 160000
--- a/tf-psa-crypto
+++ b/tf-psa-crypto
@@ -1 +1 @@
-Subproject commit 399c5f9e1d71cb177eb0c16cb934755b409abe23
+Subproject commit 332798582bccda6e5f90dbe85dd8898d5dbdf652