From 89dad93a78c674152e40f8d84dbb2e24ea65ff35 Mon Sep 17 00:00:00 2001 From: Przemyslaw Stekiel Date: Mon, 31 Jan 2022 09:18:07 +0100 Subject: [PATCH] Rename psa_status_to_mbedtls->ssl_psa_status_to_mbedtls and add conversion for PSA_ERROR_INVALID_SIGNATURE Signed-off-by: Przemyslaw Stekiel --- library/ssl_misc.h | 4 +++- library/ssl_msg.c | 36 ++++++++++++++-------------- library/ssl_tls.c | 6 ++--- library/ssl_tls13_keys.c | 12 +++++----- tests/suites/test_suite_ssl.function | 10 ++++---- 5 files changed, 35 insertions(+), 33 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index c484415eb..4f2caa205 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -2056,7 +2056,7 @@ psa_status_t mbedtls_ssl_cipher_to_psa( mbedtls_cipher_type_t mbedtls_cipher_typ * * \return corresponding mbedtls error code */ -static inline int psa_status_to_mbedtls( psa_status_t status ) +static inline int ssl_psa_status_to_mbedtls( psa_status_t status ) { switch( status ) { @@ -2066,6 +2066,8 @@ static inline int psa_status_to_mbedtls( psa_status_t status ) return( MBEDTLS_ERR_CIPHER_ALLOC_FAILED ); case PSA_ERROR_NOT_SUPPORTED: return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ); + case PSA_ERROR_INVALID_SIGNATURE: + return( MBEDTLS_ERR_SSL_INVALID_MAC ); default: return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED ); } diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 6e3dff79b..1d9b01211 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -744,26 +744,26 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, transform->psa_key_enc, transform->psa_alg ); if( status != PSA_SUCCESS ) - return( psa_status_to_mbedtls( status ) ); + return( ssl_psa_status_to_mbedtls( status ) ); status = psa_cipher_set_iv( &cipher_op, transform->iv_enc, transform->ivlen ); if( status != PSA_SUCCESS ) - return( psa_status_to_mbedtls( status ) ); + return( ssl_psa_status_to_mbedtls( status ) ); status = psa_cipher_update( &cipher_op, data, rec->data_len, data, rec->data_len, &olen ); if( status != PSA_SUCCESS ) - return( psa_status_to_mbedtls( status ) ); + return( ssl_psa_status_to_mbedtls( status ) ); status = psa_cipher_finish( &cipher_op, data + olen, rec->data_len - olen, &part_len ); if( status != PSA_SUCCESS ) - return( psa_status_to_mbedtls( status ) ); + return( ssl_psa_status_to_mbedtls( status ) ); olen += part_len; } else { @@ -872,7 +872,7 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, &rec->data_len ); if( status != PSA_SUCCESS ) - return( psa_status_to_mbedtls( status ) ); + return( ssl_psa_status_to_mbedtls( status ) ); #else if( ( ret = mbedtls_cipher_auth_encrypt_ext( &transform->cipher_ctx_enc, iv, transform->ivlen, @@ -986,26 +986,26 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, transform->psa_key_enc, transform->psa_alg ); if( status != PSA_SUCCESS ) - return( psa_status_to_mbedtls( status ) ); + return( ssl_psa_status_to_mbedtls( status ) ); status = psa_cipher_set_iv( &cipher_op, transform->iv_enc, transform->ivlen ); if( status != PSA_SUCCESS ) - return( psa_status_to_mbedtls( status ) ); + return( ssl_psa_status_to_mbedtls( status ) ); status = psa_cipher_update( &cipher_op, data, rec->data_len, data, rec->data_len, &olen ); if( status != PSA_SUCCESS ) - return( psa_status_to_mbedtls( status ) ); + return( ssl_psa_status_to_mbedtls( status ) ); status = psa_cipher_finish( &cipher_op, data + olen, rec->data_len - olen, &part_len ); if( status != PSA_SUCCESS ) - return( psa_status_to_mbedtls( status ) ); + return( ssl_psa_status_to_mbedtls( status ) ); olen += part_len; #else @@ -1177,26 +1177,26 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, transform->psa_key_dec, transform->psa_alg ); if( status != PSA_SUCCESS ) - return( psa_status_to_mbedtls( status ) ); + return( ssl_psa_status_to_mbedtls( status ) ); status = psa_cipher_set_iv( &cipher_op, transform->iv_dec, transform->ivlen ); if( status != PSA_SUCCESS ) - return( psa_status_to_mbedtls( status ) ); + return( ssl_psa_status_to_mbedtls( status ) ); status = psa_cipher_update( &cipher_op, data, rec->data_len, data, rec->data_len, &olen ); if( status != PSA_SUCCESS ) - return( psa_status_to_mbedtls( status ) ); + return( ssl_psa_status_to_mbedtls( status ) ); status = psa_cipher_finish( &cipher_op, data + olen, rec->data_len - olen, &part_len ); if( status != PSA_SUCCESS ) - return( psa_status_to_mbedtls( status ) ); + return( ssl_psa_status_to_mbedtls( status ) ); olen += part_len; } else { @@ -1325,7 +1325,7 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, &olen ); if( status != PSA_SUCCESS ) - return( psa_status_to_mbedtls( status ) ); + return( ssl_psa_status_to_mbedtls( status ) ); #else if( ( ret = mbedtls_cipher_auth_decrypt_ext( &transform->cipher_ctx_dec, iv, transform->ivlen, @@ -1512,26 +1512,26 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, transform->psa_key_dec, transform->psa_alg ); if( status != PSA_SUCCESS ) - return( psa_status_to_mbedtls( status ) ); + return( ssl_psa_status_to_mbedtls( status ) ); status = psa_cipher_set_iv( &cipher_op, transform->iv_dec, transform->ivlen ); if( status != PSA_SUCCESS ) - return( psa_status_to_mbedtls( status ) ); + return( ssl_psa_status_to_mbedtls( status ) ); status = psa_cipher_update( &cipher_op, data, rec->data_len, data, rec->data_len, &olen ); if( status != PSA_SUCCESS ) - return( psa_status_to_mbedtls( status ) ); + return( ssl_psa_status_to_mbedtls( status ) ); status = psa_cipher_finish( &cipher_op, data + olen, rec->data_len - olen, &part_len ); if( status != PSA_SUCCESS ) - return( psa_status_to_mbedtls( status ) ); + return( ssl_psa_status_to_mbedtls( status ) ); olen += part_len; #else diff --git a/library/ssl_tls.c b/library/ssl_tls.c index ba8a09654..a3148fb77 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1015,7 +1015,7 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform, &key_type, &key_bits ) ) != PSA_SUCCESS ) { - ret = psa_status_to_mbedtls( status ); + ret = ssl_psa_status_to_mbedtls( status ); MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_cipher_to_psa", ret ); goto end; } @@ -1031,7 +1031,7 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform, PSA_BITS_TO_BYTES( key_bits ), &transform->psa_key_enc ) ) != PSA_SUCCESS ) { - ret = psa_status_to_mbedtls( status ); + ret = ssl_psa_status_to_mbedtls( status ); MBEDTLS_SSL_DEBUG_RET( 1, "psa_import_key", ret ); goto end; } @@ -1043,7 +1043,7 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform, PSA_BITS_TO_BYTES( key_bits ), &transform->psa_key_dec ) ) != PSA_SUCCESS ) { - ret = psa_status_to_mbedtls( status ); + ret = ssl_psa_status_to_mbedtls( status ); MBEDTLS_SSL_DEBUG_RET( 1, "psa_import_key", ret ); goto end; } diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index 13122c80d..7defac29c 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -936,8 +936,8 @@ int mbedtls_ssl_tls13_populate_transform( mbedtls_ssl_transform *transform, &key_type, &key_bits ) ) != PSA_SUCCESS ) { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_cipher_to_psa", psa_status_to_mbedtls( status ) ); - return( psa_status_to_mbedtls( status ) ); + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_cipher_to_psa", ssl_psa_status_to_mbedtls( status ) ); + return( ssl_psa_status_to_mbedtls( status ) ); } psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT ); @@ -951,8 +951,8 @@ int mbedtls_ssl_tls13_populate_transform( mbedtls_ssl_transform *transform, PSA_BITS_TO_BYTES( key_bits ), &transform->psa_key_enc ) ) != PSA_SUCCESS ) { - MBEDTLS_SSL_DEBUG_RET( 1, "psa_import_key", psa_status_to_mbedtls( status ) ); - return( psa_status_to_mbedtls( status ) ); + MBEDTLS_SSL_DEBUG_RET( 1, "psa_import_key", ssl_psa_status_to_mbedtls( status ) ); + return( ssl_psa_status_to_mbedtls( status ) ); } psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DECRYPT ); @@ -962,8 +962,8 @@ int mbedtls_ssl_tls13_populate_transform( mbedtls_ssl_transform *transform, PSA_BITS_TO_BYTES( key_bits ), &transform->psa_key_dec ) ) != PSA_SUCCESS ) { - MBEDTLS_SSL_DEBUG_RET( 1, "psa_import_key", psa_status_to_mbedtls( status ) ); - return( psa_status_to_mbedtls( status ) ); + MBEDTLS_SSL_DEBUG_RET( 1, "psa_import_key", ssl_psa_status_to_mbedtls( status ) ); + return( ssl_psa_status_to_mbedtls( status ) ); } #endif /* MBEDTLS_USE_PSA_CRYPTO */ diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 1d6370205..41985ea3d 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -1439,7 +1439,7 @@ static int build_transforms( mbedtls_ssl_transform *t_in, if ( status != PSA_SUCCESS) { - ret = psa_status_to_mbedtls( status ); + ret = ssl_psa_status_to_mbedtls( status ); goto cleanup; } @@ -1459,7 +1459,7 @@ static int build_transforms( mbedtls_ssl_transform *t_in, if ( status != PSA_SUCCESS) { - ret = psa_status_to_mbedtls( status ); + ret = ssl_psa_status_to_mbedtls( status ); goto cleanup; } @@ -1470,7 +1470,7 @@ static int build_transforms( mbedtls_ssl_transform *t_in, if ( status != PSA_SUCCESS) { - ret = psa_status_to_mbedtls( status ); + ret = ssl_psa_status_to_mbedtls( status ); goto cleanup; } @@ -1483,7 +1483,7 @@ static int build_transforms( mbedtls_ssl_transform *t_in, if ( status != PSA_SUCCESS) { - ret = psa_status_to_mbedtls( status ); + ret = ssl_psa_status_to_mbedtls( status ); goto cleanup; } @@ -1494,7 +1494,7 @@ static int build_transforms( mbedtls_ssl_transform *t_in, if ( status != PSA_SUCCESS) { - ret = psa_status_to_mbedtls( status ); + ret = ssl_psa_status_to_mbedtls( status ); goto cleanup; } }