commit daf5b56b02e25e69e6a3d21aba125e562b08ff25
author Andrzej Kurek <andrzej.kurek@arm.com> Fri Mar 03 05:52:28 2023 -0500
committer Andrzej Kurek <andrzej.kurek@arm.com> Fri Mar 03 05:52:28 2023 -0500
tree fd0f24d849b94b04fdc6be9368cede0556e152aa
parent 747ab4ea5e711604a9150212ccf7bc4a21df93c7

Translate to MD errors in ssl-tls.c

With the introduction of #7047, ssl_tls.c uses 
mbedtls_md_error_from_psa. This complicates
the dependencies for compiling in psa_to_md_errors,
since now these should be ifdeffed also by
MBEDTLS_USE_PSA_CRYPTO followed by a series of or'ed
MBEDTLS_HAS_ALG_SHA_XXX_VIA_MD_OR_PSA_BASED_ON_USE_PSA.
Since this mechanism will be removed soon, we can simplify it to
just MBEDTLS_USE_PSA_CRYPTO.

Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>

library/psa_util.c

diff --git a/library/psa_util.c b/library/psa_util.c
index 797daa0..f18664e 100644
--- a/library/psa_util.c
+++ b/library/psa_util.c
@@ -33,7 +33,7 @@
 
 /* PSA_SUCCESS is kept at the top of each error table since
  * it's the most common status when everything functions properly. */
-#if !defined(MBEDTLS_MD_C) || !defined(MBEDTLS_MD5_C)
+#if !defined(MBEDTLS_MD_C) || !defined(MBEDTLS_MD5_C) || defined(MBEDTLS_USE_PSA_CRYPTO)
 const error_pair_t psa_to_md_errors[] =
 {
     { PSA_SUCCESS,                     0 },

library/ssl_tls.c

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index e8f1750..f7357a9 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -56,6 +56,9 @@
 #define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \
                                                            psa_to_ssl_errors, \
                                                            psa_generic_status_to_mbedtls)
+#define PSA_TO_MD_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \
+                                                      psa_to_md_errors, \
+                                                      psa_generic_status_to_mbedtls)
 #endif
 
 #if defined(MBEDTLS_TEST_HOOKS)
@@ -838,11 +841,11 @@
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
     status = psa_hash_abort(&ssl->handshake->fin_sha256_psa);
     if (status != PSA_SUCCESS) {
-        return mbedtls_md_error_from_psa(status);
+        return PSA_TO_MD_ERR(status);
     }
     status = psa_hash_setup(&ssl->handshake->fin_sha256_psa, PSA_ALG_SHA_256);
     if (status != PSA_SUCCESS) {
-        return mbedtls_md_error_from_psa(status);
+        return PSA_TO_MD_ERR(status);
     }
 #else
     ret = mbedtls_sha256_starts(&ssl->handshake->fin_sha256, 0);
@@ -855,11 +858,11 @@
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
     status = psa_hash_abort(&ssl->handshake->fin_sha384_psa);
     if (status != PSA_SUCCESS) {
-        return mbedtls_md_error_from_psa(status);
+        return PSA_TO_MD_ERR(status);
     }
     status = psa_hash_setup(&ssl->handshake->fin_sha384_psa, PSA_ALG_SHA_384);
     if (status != PSA_SUCCESS) {
-        return mbedtls_md_error_from_psa(status);
+        return PSA_TO_MD_ERR(status);
     }
 #else
     ret = mbedtls_sha512_starts(&ssl->handshake->fin_sha384, 1);
@@ -890,7 +893,7 @@
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
     status = psa_hash_update(&ssl->handshake->fin_sha256_psa, buf, len);
     if (status != PSA_SUCCESS) {
-        return mbedtls_md_error_from_psa(status);
+        return PSA_TO_MD_ERR(status);
     }
 #else
     ret = mbedtls_sha256_update(&ssl->handshake->fin_sha256, buf, len);
@@ -903,7 +906,7 @@
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
     status = psa_hash_update(&ssl->handshake->fin_sha384_psa, buf, len);
     if (status != PSA_SUCCESS) {
-        return mbedtls_md_error_from_psa(status);
+        return PSA_TO_MD_ERR(status);
     }
 #else
     ret = mbedtls_sha512_update(&ssl->handshake->fin_sha384, buf, len);
@@ -920,8 +923,8 @@
                                       const unsigned char *buf, size_t len)
 {
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-    return mbedtls_md_error_from_psa(psa_hash_update(
-                                         &ssl->handshake->fin_sha256_psa, buf, len));
+    return PSA_TO_MD_ERR(psa_hash_update(
+                             &ssl->handshake->fin_sha256_psa, buf, len));
 #else
     return mbedtls_sha256_update(&ssl->handshake->fin_sha256, buf, len);
 #endif
@@ -933,8 +936,8 @@
                                       const unsigned char *buf, size_t len)
 {
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-    return mbedtls_md_error_from_psa(psa_hash_update(
-                                         &ssl->handshake->fin_sha384_psa, buf, len));
+    return PSA_TO_MD_ERR(psa_hash_update(
+                             &ssl->handshake->fin_sha384_psa, buf, len));
 #else
     return mbedtls_sha512_update(&ssl->handshake->fin_sha384, buf, len);
 #endif
@@ -6606,7 +6609,7 @@
 
 exit:
     psa_hash_abort(&sha256_psa);
-    return mbedtls_md_error_from_psa(status);
+    return PSA_TO_MD_ERR(status);
 #else
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     mbedtls_sha256_context sha256;
@@ -6661,7 +6664,7 @@
 
 exit:
     psa_hash_abort(&sha384_psa);
-    return mbedtls_md_error_from_psa(status);
+    return PSA_TO_MD_ERR(status);
 #else
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     mbedtls_sha512_context sha512;
@@ -7704,7 +7707,7 @@
 exit:
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
     psa_hash_abort(&sha256_psa);
-    return mbedtls_md_error_from_psa(status);
+    return PSA_TO_MD_ERR(status);
 #else
     mbedtls_sha256_free(&sha256);
     return ret;
@@ -7788,7 +7791,7 @@
 exit:
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
     psa_hash_abort(&sha384_psa);
-    return mbedtls_md_error_from_psa(status);
+    return PSA_TO_MD_ERR(status);
 #else
     mbedtls_sha512_free(&sha512);
     return ret;