From 138b30ac62fde9f222112b9bf3f364f4f4faa5d1 Mon Sep 17 00:00:00 2001
From: Andrzej Kurek <andrzej.kurek@arm.com>
Date: Tue, 28 Feb 2023 10:06:42 -0500
Subject: [PATCH] Add missing const qualifiers

Also improve documentation
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
---
 include/mbedtls/psa_util.h | 24 +++++++++++++++++-------
 library/psa_util.c         | 12 ++++++------
 2 files changed, 23 insertions(+), 13 deletions(-)

diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h
index b0ad310f8..1d9828dfa 100644
--- a/include/mbedtls/psa_util.h
+++ b/include/mbedtls/psa_util.h
@@ -345,38 +345,48 @@ extern mbedtls_psa_drbg_context_t *const mbedtls_psa_random_state;
 #endif /* !defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) */
 
 /* PSA errors use int32_t, while Mbed TLS ones use int16_t. psa_status_t
- * is enough to store either of them. */
+ * is enough to store either of them. The arrays below consist
+ * of corresponding pairs: [psa_error1, mbedtls_error1, psa_error2,
+ * mbedtls_error2, ...]*/
 #if !defined(MBEDTLS_MD_C) || !defined(MBEDTLS_MD5_C)
-extern psa_status_t psa_to_md_errors[8];
+extern const psa_status_t psa_to_md_errors[8];
 #endif
 
 #if defined(MBEDTLS_LMS_C)
-extern psa_status_t psa_to_lms_errors[6];
+extern const psa_status_t psa_to_lms_errors[6];
 #endif
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
-extern psa_status_t psa_to_ssl_errors[14];
+extern const psa_status_t psa_to_ssl_errors[14];
 #endif
 
 #if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) ||    \
     defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR)
-extern psa_status_t psa_to_pk_rsa_errors[16];
+extern const psa_status_t psa_to_pk_rsa_errors[16];
 #endif
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO) && \
     defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
-extern psa_status_t psa_to_pk_ecdsa_errors[14];
+extern const psa_status_t psa_to_pk_ecdsa_errors[14];
 #endif
 
+/* Generic fallback function for error translation,
+ * when the received state was not module-specific. */
 int psa_generic_status_to_mbedtls(psa_status_t status);
 
+/* This function iterates over provided local error translations,
+ * and if no match was found - calls the fallback error translation function. */
 int psa_status_to_mbedtls(psa_status_t status,
-                          psa_status_t *local_translations,
+                          const psa_status_t *local_translations,
                           size_t local_errors_num,
                           int (*fallback_f)(psa_status_t));
 
+/* The second out of three-stage error handling functions of the pk module,
+ * acts as a fallback after RSA / ECDSA error translation, and if no match
+ * is found, it itself calls psa_generic_status_to_mbedtls. */
 int psa_pk_status_to_mbedtls(psa_status_t status);
 
+/* Utility macro to shorten the defines of error translator in modules. */
 #define PSA_TO_MBEDTLS_ERR_LIST(status, error_list, fallback_f) \
     psa_status_to_mbedtls(status, error_list, sizeof(error_list), fallback_f)
 
diff --git a/library/psa_util.c b/library/psa_util.c
index 7d0b8a2b1..d854e9927 100644
--- a/library/psa_util.c
+++ b/library/psa_util.c
@@ -34,7 +34,7 @@
 /* PSA_SUCCESS is kept at the top of each error table since
  * it's the most common status when everything functions properly. */
 #if !defined(MBEDTLS_MD_C) || !defined(MBEDTLS_MD5_C)
-psa_status_t psa_to_md_errors[] =
+const psa_status_t psa_to_md_errors[] =
 {
     PSA_SUCCESS,                     0,
     PSA_ERROR_NOT_SUPPORTED,         MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE,
@@ -43,7 +43,7 @@ psa_status_t psa_to_md_errors[] =
 };
 #endif
 #if defined(MBEDTLS_LMS_C)
-psa_status_t psa_to_lms_errors[] =
+const psa_status_t psa_to_lms_errors[] =
 {
     PSA_SUCCESS,                     0,
     PSA_ERROR_BUFFER_TOO_SMALL,      MBEDTLS_ERR_LMS_BUFFER_TOO_SMALL,
@@ -51,7 +51,7 @@ psa_status_t psa_to_lms_errors[] =
 };
 #endif
 #if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
-psa_status_t psa_to_ssl_errors[] =
+const psa_status_t psa_to_ssl_errors[] =
 {
     PSA_SUCCESS,                     0,
     PSA_ERROR_INSUFFICIENT_MEMORY,   MBEDTLS_ERR_SSL_ALLOC_FAILED,
@@ -65,7 +65,7 @@ psa_status_t psa_to_ssl_errors[] =
 
 #if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) ||    \
     defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR)
-psa_status_t psa_to_pk_rsa_errors[] =
+const psa_status_t psa_to_pk_rsa_errors[] =
 {
     PSA_SUCCESS,                     0,
     PSA_ERROR_NOT_PERMITTED,         MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
@@ -80,7 +80,7 @@ psa_status_t psa_to_pk_rsa_errors[] =
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO) && \
     defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
-psa_status_t psa_to_pk_ecdsa_errors[] =
+const psa_status_t psa_to_pk_ecdsa_errors[] =
 {
     PSA_SUCCESS,                     0,
     PSA_ERROR_NOT_PERMITTED,         MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
@@ -111,7 +111,7 @@ int psa_generic_status_to_mbedtls(psa_status_t status)
 }
 
 int psa_status_to_mbedtls(psa_status_t status,
-                          psa_status_t *local_translations,
+                          const psa_status_t *local_translations,
                           size_t local_errors_size,
                           int (*fallback_f)(psa_status_t))
 {