Translate to MD errors in ssl-tls.c
With the introduction of #7047, ssl_tls.c uses
mbedtls_md_error_from_psa. This complicates
the dependencies for compiling in psa_to_md_errors,
since now these should be ifdeffed also by
MBEDTLS_USE_PSA_CRYPTO followed by a series of or'ed
MBEDTLS_HAS_ALG_SHA_XXX_VIA_MD_OR_PSA_BASED_ON_USE_PSA.
Since this mechanism will be removed soon, we can simplify it to
just MBEDTLS_USE_PSA_CRYPTO.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h
index 9c7557c..aa6c461 100644
--- a/include/mbedtls/psa_util.h
+++ b/include/mbedtls/psa_util.h
@@ -349,7 +349,7 @@
int16_t mbedtls_error;
} error_pair_t;
-#if !defined(MBEDTLS_MD_C) || !defined(MBEDTLS_MD5_C)
+#if !defined(MBEDTLS_MD_C) || !defined(MBEDTLS_MD5_C) || defined(MBEDTLS_USE_PSA_CRYPTO)
extern const error_pair_t psa_to_md_errors[4];
#endif
diff --git a/library/psa_util.c b/library/psa_util.c
index 797daa0..f18664e 100644
--- a/library/psa_util.c
+++ b/library/psa_util.c
@@ -33,7 +33,7 @@
/* PSA_SUCCESS is kept at the top of each error table since
* it's the most common status when everything functions properly. */
-#if !defined(MBEDTLS_MD_C) || !defined(MBEDTLS_MD5_C)
+#if !defined(MBEDTLS_MD_C) || !defined(MBEDTLS_MD5_C) || defined(MBEDTLS_USE_PSA_CRYPTO)
const error_pair_t psa_to_md_errors[] =
{
{ PSA_SUCCESS, 0 },
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index e8f1750..f7357a9 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -56,6 +56,9 @@
#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \
psa_to_ssl_errors, \
psa_generic_status_to_mbedtls)
+#define PSA_TO_MD_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \
+ psa_to_md_errors, \
+ psa_generic_status_to_mbedtls)
#endif
#if defined(MBEDTLS_TEST_HOOKS)
@@ -838,11 +841,11 @@
#if defined(MBEDTLS_USE_PSA_CRYPTO)
status = psa_hash_abort(&ssl->handshake->fin_sha256_psa);
if (status != PSA_SUCCESS) {
- return mbedtls_md_error_from_psa(status);
+ return PSA_TO_MD_ERR(status);
}
status = psa_hash_setup(&ssl->handshake->fin_sha256_psa, PSA_ALG_SHA_256);
if (status != PSA_SUCCESS) {
- return mbedtls_md_error_from_psa(status);
+ return PSA_TO_MD_ERR(status);
}
#else
ret = mbedtls_sha256_starts(&ssl->handshake->fin_sha256, 0);
@@ -855,11 +858,11 @@
#if defined(MBEDTLS_USE_PSA_CRYPTO)
status = psa_hash_abort(&ssl->handshake->fin_sha384_psa);
if (status != PSA_SUCCESS) {
- return mbedtls_md_error_from_psa(status);
+ return PSA_TO_MD_ERR(status);
}
status = psa_hash_setup(&ssl->handshake->fin_sha384_psa, PSA_ALG_SHA_384);
if (status != PSA_SUCCESS) {
- return mbedtls_md_error_from_psa(status);
+ return PSA_TO_MD_ERR(status);
}
#else
ret = mbedtls_sha512_starts(&ssl->handshake->fin_sha384, 1);
@@ -890,7 +893,7 @@
#if defined(MBEDTLS_USE_PSA_CRYPTO)
status = psa_hash_update(&ssl->handshake->fin_sha256_psa, buf, len);
if (status != PSA_SUCCESS) {
- return mbedtls_md_error_from_psa(status);
+ return PSA_TO_MD_ERR(status);
}
#else
ret = mbedtls_sha256_update(&ssl->handshake->fin_sha256, buf, len);
@@ -903,7 +906,7 @@
#if defined(MBEDTLS_USE_PSA_CRYPTO)
status = psa_hash_update(&ssl->handshake->fin_sha384_psa, buf, len);
if (status != PSA_SUCCESS) {
- return mbedtls_md_error_from_psa(status);
+ return PSA_TO_MD_ERR(status);
}
#else
ret = mbedtls_sha512_update(&ssl->handshake->fin_sha384, buf, len);
@@ -920,8 +923,8 @@
const unsigned char *buf, size_t len)
{
#if defined(MBEDTLS_USE_PSA_CRYPTO)
- return mbedtls_md_error_from_psa(psa_hash_update(
- &ssl->handshake->fin_sha256_psa, buf, len));
+ return PSA_TO_MD_ERR(psa_hash_update(
+ &ssl->handshake->fin_sha256_psa, buf, len));
#else
return mbedtls_sha256_update(&ssl->handshake->fin_sha256, buf, len);
#endif
@@ -933,8 +936,8 @@
const unsigned char *buf, size_t len)
{
#if defined(MBEDTLS_USE_PSA_CRYPTO)
- return mbedtls_md_error_from_psa(psa_hash_update(
- &ssl->handshake->fin_sha384_psa, buf, len));
+ return PSA_TO_MD_ERR(psa_hash_update(
+ &ssl->handshake->fin_sha384_psa, buf, len));
#else
return mbedtls_sha512_update(&ssl->handshake->fin_sha384, buf, len);
#endif
@@ -6606,7 +6609,7 @@
exit:
psa_hash_abort(&sha256_psa);
- return mbedtls_md_error_from_psa(status);
+ return PSA_TO_MD_ERR(status);
#else
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_sha256_context sha256;
@@ -6661,7 +6664,7 @@
exit:
psa_hash_abort(&sha384_psa);
- return mbedtls_md_error_from_psa(status);
+ return PSA_TO_MD_ERR(status);
#else
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_sha512_context sha512;
@@ -7704,7 +7707,7 @@
exit:
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_hash_abort(&sha256_psa);
- return mbedtls_md_error_from_psa(status);
+ return PSA_TO_MD_ERR(status);
#else
mbedtls_sha256_free(&sha256);
return ret;
@@ -7788,7 +7791,7 @@
exit:
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_hash_abort(&sha384_psa);
- return mbedtls_md_error_from_psa(status);
+ return PSA_TO_MD_ERR(status);
#else
mbedtls_sha512_free(&sha512);
return ret;