TeamHepta/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2026-03-20 19:21:09 +01:00
Code Issues Packages Projects Releases Wiki Activity

Unify generic errors to PSA errors

Browse Source 
Signed-off-by: Felix Conway <felix.conway@arm.com>
This commit is contained in:
Felix Conway
2025-08-18 14:46:39 +01:00
parent 8616ee762d
commit 37ede2c3b4
6 changed files with 66 additions and 66 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
include/mbedtls/net_sockets.h
View File

@@ -53,7 +53,7 @@
/** Failed to get an IP address for the given hostname. */
#define MBEDTLS_ERR_NET_UNKNOWN_HOST -0x0052
/** Buffer is too small to hold the data. */
#define MBEDTLS_ERR_NET_BUFFER_TOO_SMALL -0x0043
#define MBEDTLS_ERR_NET_BUFFER_TOO_SMALL PSA_ERROR_BUFFER_TOO_SMALL
/** The context is invalid, eg because it was free()ed. */
#define MBEDTLS_ERR_NET_INVALID_CONTEXT -0x0045
/** Polling the net context failed. */
@@ -147,11 +147,11 @@ int mbedtls_net_bind(mbedtls_net_context *ctx, const char *bind_ip, const char *
* can be NULL if client_ip is null
*
* \return 0 if successful, or
* MBEDTLS_ERR_NET_SOCKET_FAILED,
* MBEDTLS_ERR_NET_BIND_FAILED,
* MBEDTLS_ERR_NET_ACCEPT_FAILED, or
* MBEDTLS_ERR_NET_BUFFER_TOO_SMALL if buf_size is too small,
* MBEDTLS_ERR_SSL_WANT_READ if bind_fd was set to
* #MBEDTLS_ERR_NET_SOCKET_FAILED,
* #MBEDTLS_ERR_NET_BIND_FAILED,
* #MBEDTLS_ERR_NET_ACCEPT_FAILED, or
* #PSA_ERROR_BUFFER_TOO_SMALL if buf_size is too small,
* #MBEDTLS_ERR_SSL_WANT_READ if bind_fd was set to
* non-blocking and accept() would block.
*/
int mbedtls_net_accept(mbedtls_net_context *bind_ctx,

8
include/mbedtls/pkcs7.h
View File

@@ -53,11 +53,11 @@
#define MBEDTLS_ERR_PKCS7_INVALID_CONTENT_INFO -0x5480 /**< The PKCS #7 content info is invalid or cannot be parsed. */
#define MBEDTLS_ERR_PKCS7_INVALID_ALG -0x5500 /**< The algorithm tag or value is invalid or cannot be parsed. */
#define MBEDTLS_ERR_PKCS7_INVALID_CERT -0x5580 /**< The certificate tag or value is invalid or cannot be parsed. */
#define MBEDTLS_ERR_PKCS7_INVALID_SIGNATURE -0x5600 /**< Error parsing the signature */
#define MBEDTLS_ERR_PKCS7_INVALID_SIGNATURE PSA_ERROR_INVALID_SIGNATURE /**< Error parsing the signature */
#define MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO -0x5680 /**< Error parsing the signer's info */
#define MBEDTLS_ERR_PKCS7_BAD_INPUT_DATA -0x5700 /**< Input invalid. */
#define MBEDTLS_ERR_PKCS7_ALLOC_FAILED -0x5780 /**< Allocation of memory failed. */
#define MBEDTLS_ERR_PKCS7_VERIFY_FAIL -0x5800 /**< Verification Failed */
#define MBEDTLS_ERR_PKCS7_BAD_INPUT_DATA PSA_ERROR_INVALID_ARGUMENT /**< Input invalid. */
#define MBEDTLS_ERR_PKCS7_ALLOC_FAILED PSA_ERROR_INSUFFICIENT_MEMORY /**< Allocation of memory failed. */
#define MBEDTLS_ERR_PKCS7_VERIFY_FAIL PSA_ERROR_INVALID_SIGNATURE /**< Verification Failed */
#define MBEDTLS_ERR_PKCS7_CERT_DATE_INVALID -0x5880 /**< The PKCS #7 date issued/expired dates are invalid */
/* \} name */

66
include/mbedtls/ssl.h
View File

@@ -44,7 +44,7 @@
/** The requested feature is not available. */
#define MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE -0x7080
/** Bad input parameters to function. */
#define MBEDTLS_ERR_SSL_BAD_INPUT_DATA -0x7100
#define MBEDTLS_ERR_SSL_BAD_INPUT_DATA PSA_ERROR_INVALID_ARGUMENT
/** Verification of the message MAC failed. */
#define MBEDTLS_ERR_SSL_INVALID_MAC -0x7180
/** An invalid SSL record was received. */
@@ -105,7 +105,7 @@
/** Cache entry not found */
#define MBEDTLS_ERR_SSL_CACHE_ENTRY_NOT_FOUND -0x7E80
/** Memory allocation failed */
#define MBEDTLS_ERR_SSL_ALLOC_FAILED -0x7F00
#define MBEDTLS_ERR_SSL_ALLOC_FAILED PSA_ERROR_INSUFFICIENT_MEMORY
/** Hardware acceleration function returned with error */
#define MBEDTLS_ERR_SSL_HW_ACCEL_FAILED -0x7F80
/** Hardware acceleration function skipped / left alone data */
@@ -129,7 +129,7 @@
/** DTLS client must retry for hello verification */
#define MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED -0x6A80
/** A buffer is too small to receive or write a message */
#define MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL -0x6A00
#define MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL PSA_ERROR_BUFFER_TOO_SMALL
/* Error space gap */
/** No data of requested type currently available on underlying transport. */
#define MBEDTLS_ERR_SSL_WANT_READ -0x6900
@@ -1912,7 +1912,7 @@ void mbedtls_ssl_init(mbedtls_ssl_context *ssl);
* \param ssl SSL context
* \param conf SSL configuration to use
*
* \return 0 if successful, or MBEDTLS_ERR_SSL_ALLOC_FAILED if
* \return 0 if successful, or #PSA_ERROR_INSUFFICIENT_MEMORY if
* memory allocation failed
*/
int mbedtls_ssl_setup(mbedtls_ssl_context *ssl,
@@ -1924,7 +1924,7 @@ int mbedtls_ssl_setup(mbedtls_ssl_context *ssl,
* pointers and data.
*
* \param ssl SSL context
* \return 0 if successful, or MBEDTLS_ERR_SSL_ALLOC_FAILED or
* \return 0 if successful, or #PSA_ERROR_INSUFFICIENT_MEMORY or
MBEDTLS_ERR_SSL_HW_ACCEL_FAILED
*/
int mbedtls_ssl_session_reset(mbedtls_ssl_context *ssl);
@@ -2579,14 +2579,14 @@ void mbedtls_ssl_conf_session_tickets_cb(mbedtls_ssl_config *conf,
* milliseconds.
*
* \return 0 on success,
* MBEDTLS_ERR_SSL_BAD_INPUT_DATA if an input is not valid.
* #PSA_ERROR_INVALID_ARGUMENT if an input is not valid.
*/
static inline int mbedtls_ssl_session_get_ticket_creation_time(
mbedtls_ssl_session *session, mbedtls_ms_time_t *ticket_creation_time)
{
if (session == NULL || ticket_creation_time == NULL ||
session->MBEDTLS_PRIVATE(endpoint) != MBEDTLS_SSL_IS_SERVER) {
return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
return PSA_ERROR_INVALID_ARGUMENT;
}
*ticket_creation_time = session->MBEDTLS_PRIVATE(ticket_creation_time);
@@ -2937,8 +2937,8 @@ void mbedtls_ssl_conf_dtls_cookies(mbedtls_ssl_config *conf,
* \note An internal copy is made, so the info buffer can be reused.
*
* \return 0 on success,
* MBEDTLS_ERR_SSL_BAD_INPUT_DATA if used on client,
* MBEDTLS_ERR_SSL_ALLOC_FAILED if out of memory.
* #PSA_ERROR_INVALID_ARGUMENT if used on client,
* #PSA_ERROR_INSUFFICIENT_MEMORY if out of memory.
*/
int mbedtls_ssl_set_client_transport_id(mbedtls_ssl_context *ssl,
const unsigned char *info,
@@ -3175,8 +3175,8 @@ int mbedtls_ssl_set_session(mbedtls_ssl_context *ssl, const mbedtls_ssl_session
* \param len The size of the serialized data in bytes.
*
* \return \c 0 if successful.
* \return #MBEDTLS_ERR_SSL_ALLOC_FAILED if memory allocation failed.
* \return #MBEDTLS_ERR_SSL_BAD_INPUT_DATA if input data is invalid.
* \return #PSA_ERROR_INSUFFICIENT_MEMORY if memory allocation failed.
* \return #PSA_ERROR_INVALID_ARGUMENT if input data is invalid.
* \return #MBEDTLS_ERR_SSL_VERSION_MISMATCH if the serialized data
* was generated in a different version or configuration of
* Mbed TLS.
@@ -3215,7 +3215,7 @@ int mbedtls_ssl_session_load(mbedtls_ssl_session *session,
* tickets.
*
* \return \c 0 if successful.
* \return #MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL if \p buf is too small.
* \return #PSA_ERROR_BUFFER_TOO_SMALL if \p buf is too small.
* \return #MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE if the
* MBEDTLS_SSL_SESSION_TICKETS configuration option is disabled
* and the session is a TLS 1.3 session.
@@ -3348,7 +3348,7 @@ void mbedtls_ssl_conf_tls13_key_exchange_modes(mbedtls_ssl_config *conf,
* record headers.
*
* \return \c 0 on success.
* \return #MBEDTLS_ERR_SSL_BAD_INPUT_DATA if \p len
* \return #PSA_ERROR_INVALID_ARGUMENT if \p len
* is too large.
*/
int mbedtls_ssl_conf_cid(mbedtls_ssl_config *conf, size_t len,
@@ -3495,7 +3495,7 @@ void mbedtls_ssl_conf_ca_cb(mbedtls_ssl_config *conf,
* \param own_cert own public certificate chain
* \param pk_key own private key
*
* \return 0 on success or MBEDTLS_ERR_SSL_ALLOC_FAILED
* \return 0 on success or #PSA_ERROR_INSUFFICIENT_MEMORY
*/
int mbedtls_ssl_conf_own_cert(mbedtls_ssl_config *conf,
mbedtls_x509_crt *own_cert,
@@ -3744,8 +3744,8 @@ void mbedtls_ssl_conf_sig_algs(mbedtls_ssl_config *conf,
* #MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME
* for more details.
*
* \return 0 if successful, #MBEDTLS_ERR_SSL_ALLOC_FAILED on
* allocation failure, #MBEDTLS_ERR_SSL_BAD_INPUT_DATA on
* \return 0 if successful, #PSA_ERROR_INSUFFICIENT_MEMORY on
* allocation failure, #PSA_ERROR_INVALID_ARGUMENT on
* too long input hostname.
*
* Hostname set to the one provided on success (cleared
@@ -3805,7 +3805,7 @@ const unsigned char *mbedtls_ssl_get_hs_sni(mbedtls_ssl_context *ssl,
* \param own_cert own public certificate chain
* \param pk_key own private key
*
* \return 0 on success or MBEDTLS_ERR_SSL_ALLOC_FAILED
* \return 0 on success or #PSA_ERROR_INSUFFICIENT_MEMORY
*/
int mbedtls_ssl_set_hs_own_cert(mbedtls_ssl_context *ssl,
mbedtls_x509_crt *own_cert,
@@ -3934,7 +3934,7 @@ int mbedtls_ssl_set_hs_ecjpake_password_opaque(mbedtls_ssl_context *ssl,
* the lifetime of the table must be at least as long as the
* lifetime of the SSL configuration structure.
*
* \return 0 on success, or MBEDTLS_ERR_SSL_BAD_INPUT_DATA.
* \return 0 on success, or #PSA_ERROR_INVALID_ARGUMENT.
*/
int mbedtls_ssl_conf_alpn_protocols(mbedtls_ssl_config *conf,
const char *const *protos);
@@ -4001,7 +4001,7 @@ void mbedtls_ssl_conf_srtp_mki_value_supported(mbedtls_ssl_config *conf,
* (excluding the terminating MBEDTLS_TLS_SRTP_UNSET).
*
* \return 0 on success
* \return #MBEDTLS_ERR_SSL_BAD_INPUT_DATA when the list of
* \return #PSA_ERROR_INVALID_ARGUMENT when the list of
* protection profiles is incorrect.
*/
int mbedtls_ssl_conf_dtls_srtp_protection_profiles
@@ -4021,7 +4021,7 @@ int mbedtls_ssl_conf_dtls_srtp_protection_profiles
* is ignored.
*
* \return 0 on success
* \return #MBEDTLS_ERR_SSL_BAD_INPUT_DATA
* \return #PSA_ERROR_INVALID_ARGUMENT
* \return #MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE
*/
int mbedtls_ssl_dtls_srtp_set_mki_value(mbedtls_ssl_context *ssl,
@@ -4166,7 +4166,7 @@ void mbedtls_ssl_conf_cert_req_ca_list(mbedtls_ssl_config *conf,
* MBEDTLS_SSL_MAX_FRAG_LEN_512, MBEDTLS_SSL_MAX_FRAG_LEN_1024,
* MBEDTLS_SSL_MAX_FRAG_LEN_2048, MBEDTLS_SSL_MAX_FRAG_LEN_4096)
*
* \return 0 if successful or MBEDTLS_ERR_SSL_BAD_INPUT_DATA
* \return 0 if successful or #PSA_ERROR_INVALID_ARGUMENT
*/
int mbedtls_ssl_conf_max_frag_len(mbedtls_ssl_config *conf, unsigned char mfl_code);
#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
@@ -4892,7 +4892,7 @@ int mbedtls_ssl_read(mbedtls_ssl_context *ssl, unsigned char *buf, size_t len);
* fragment length (either the built-in limit or the one set
* or negotiated with the peer), then:
* - with TLS, less bytes than requested are written.
* - with DTLS, MBEDTLS_ERR_SSL_BAD_INPUT_DATA is returned.
* - with DTLS, #PSA_ERROR_INVALID_ARGUMENT is returned.
* \c mbedtls_ssl_get_max_out_record_payload() may be used to
* query the active maximum fragment length.
*
@@ -4976,7 +4976,7 @@ int mbedtls_ssl_close_notify(mbedtls_ssl_context *ssl);
* \param len maximum number of bytes to read
*
* \return The (positive) number of bytes read if successful.
* \return #MBEDTLS_ERR_SSL_BAD_INPUT_DATA if input data is invalid.
* \return #PSA_ERROR_INVALID_ARGUMENT if input data is invalid.
* \return #MBEDTLS_ERR_SSL_CANNOT_READ_EARLY_DATA if it is not
* possible to read early data for the SSL context \p ssl. Note
* that this function is intended to be called for an SSL
@@ -5082,10 +5082,10 @@ int mbedtls_ssl_write_early_data(mbedtls_ssl_context *ssl,
*
* \param ssl The SSL context to query
*
* \return #MBEDTLS_ERR_SSL_BAD_INPUT_DATA if this function is called
* \return #PSA_ERROR_INVALID_ARGUMENT if this function is called
* from the server-side.
*
* \return #MBEDTLS_ERR_SSL_BAD_INPUT_DATA if this function is called
* \return #PSA_ERROR_INVALID_ARGUMENT if this function is called
* prior to completion of the handshake.
*
* \return #MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_INDICATED if the client
@@ -5134,7 +5134,7 @@ void mbedtls_ssl_free(mbedtls_ssl_context *ssl);
*
* \note This feature is currently only available under certain
* conditions, see the documentation of the return value
* #MBEDTLS_ERR_SSL_BAD_INPUT_DATA for details.
* #PSA_ERROR_INVALID_ARGUMENT for details.
*
* \note When this function succeeds, it calls
* mbedtls_ssl_session_reset() on \p ssl which as a result is
@@ -5159,15 +5159,15 @@ void mbedtls_ssl_free(mbedtls_ssl_context *ssl);
* to determine the necessary size by calling this function
* with \p buf set to \c NULL and \p buf_len to \c 0. However,
* the value of \p olen is only guaranteed to be correct when
* the function returns #MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL or
* the function returns #PSA_ERROR_BUFFER_TOO_SMALL or
* \c 0. If the return value is different, then the value of
* \p olen is undefined.
*
* \return \c 0 if successful.
* \return #MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL if \p buf is too small.
* \return #MBEDTLS_ERR_SSL_ALLOC_FAILED if memory allocation failed
* \return #PSA_ERROR_BUFFER_TOO_SMALL if \p buf is too small.
* \return #PSA_ERROR_INSUFFICIENT_MEMORY if memory allocation failed
* while resetting the context.
* \return #MBEDTLS_ERR_SSL_BAD_INPUT_DATA if a handshake is in
* \return #PSA_ERROR_INVALID_ARGUMENT if a handshake is in
* progress, or there is pending data for reading or sending,
* or the connection does not use DTLS 1.2 with an AEAD
* ciphersuite, or renegotiation is enabled.
@@ -5240,10 +5240,10 @@ int mbedtls_ssl_context_save(mbedtls_ssl_context *ssl,
* \param len The size of the serialized data in bytes.
*
* \return \c 0 if successful.
* \return #MBEDTLS_ERR_SSL_ALLOC_FAILED if memory allocation failed.
* \return #PSA_ERROR_INSUFFICIENT_MEMORY if memory allocation failed.
* \return #MBEDTLS_ERR_SSL_VERSION_MISMATCH if the serialized data
* comes from a different Mbed TLS version or build.
* \return #MBEDTLS_ERR_SSL_BAD_INPUT_DATA if input data is invalid.
* \return #PSA_ERROR_INVALID_ARGUMENT if input data is invalid.
*/
int mbedtls_ssl_context_load(mbedtls_ssl_context *ssl,
const unsigned char *buf,
@@ -5352,7 +5352,7 @@ int mbedtls_ssl_tls_prf(const mbedtls_tls_prf_types prf,
* context_len are ignored and a 0-length context is used.
*
* \return 0 on success.
* \return MBEDTLS_ERR_SSL_BAD_INPUT_DATA if the handshake is not yet completed.
* \return #PSA_ERROR_INVALID_ARGUMENT if the handshake is not yet completed.
* \return An SSL-specific error on failure.
*/
int mbedtls_ssl_export_keying_material(mbedtls_ssl_context *ssl,

10
include/mbedtls/x509.h
View File

@@ -58,7 +58,7 @@
/** The date tag or value is invalid. */
#define MBEDTLS_ERR_X509_INVALID_DATE -0x2400
/** The signature tag or value invalid. */
#define MBEDTLS_ERR_X509_INVALID_SIGNATURE -0x2480
#define MBEDTLS_ERR_X509_INVALID_SIGNATURE PSA_ERROR_INVALID_SIGNATURE
/** The extension tag or value is invalid. */
#define MBEDTLS_ERR_X509_INVALID_EXTENSIONS -0x2500
/** CRT/CRL/CSR has an unsupported version number. */
@@ -68,17 +68,17 @@
/** Signature algorithms do not match. (see \c ::mbedtls_x509_crt sig_oid) */
#define MBEDTLS_ERR_X509_SIG_MISMATCH -0x2680
/** Certificate verification failed, e.g. CRL, CA or signature check failed. */
#define MBEDTLS_ERR_X509_CERT_VERIFY_FAILED -0x2700
#define MBEDTLS_ERR_X509_CERT_VERIFY_FAILED PSA_ERROR_INVALID_SIGNATURE
/** Format not recognized as DER or PEM. */
#define MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT -0x2780
/** Input invalid. */
#define MBEDTLS_ERR_X509_BAD_INPUT_DATA -0x2800
#define MBEDTLS_ERR_X509_BAD_INPUT_DATA PSA_ERROR_INVALID_ARGUMENT
/** Allocation of memory failed. */
#define MBEDTLS_ERR_X509_ALLOC_FAILED -0x2880
#define MBEDTLS_ERR_X509_ALLOC_FAILED PSA_ERROR_INSUFFICIENT_MEMORY
/** Read/write of file failed. */
#define MBEDTLS_ERR_X509_FILE_IO_ERROR -0x2900
/** Destination buffer is too small. */
#define MBEDTLS_ERR_X509_BUFFER_TOO_SMALL -0x2980
#define MBEDTLS_ERR_X509_BUFFER_TOO_SMALL PSA_ERROR_BUFFER_TOO_SMALL
/** A fatal error occurred, eg the chain is too long or the vrfy callback failed. */
#define MBEDTLS_ERR_X509_FATAL_ERROR -0x3000
/** \} name X509 Error codes */

28
include/mbedtls/x509_crt.h
View File

@@ -234,7 +234,7 @@ mbedtls_x509write_cert;
* \param ctx Certificate context to use
* \param san_list List of SAN values
*
* \return 0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED
* \return 0 if successful, or #PSA_ERROR_INSUFFICIENT_MEMORY
*
* \note "dnsName", "uniformResourceIdentifier", "IP address",
* "otherName", and "DirectoryName", as defined in RFC 5280,
@@ -610,7 +610,7 @@ int mbedtls_x509_crt_verify_info(char *buf, size_t size, const char *prefix,
* other than fatal error, as a non-zero return code
* immediately aborts the verification process. For fatal
* errors, a specific error code should be used (different
* from MBEDTLS_ERR_X509_CERT_VERIFY_FAILED which should not
* from #PSA_ERROR_INVALID_SIGNATURE which should not
* be returned at this point), or MBEDTLS_ERR_X509_FATAL_ERROR
* can be used if no better code is available.
*
@@ -653,7 +653,7 @@ int mbedtls_x509_crt_verify_info(char *buf, size_t size, const char *prefix,
*
* \return \c 0 if the chain is valid with respect to the
* passed CN, CAs, CRLs and security profile.
* \return #MBEDTLS_ERR_X509_CERT_VERIFY_FAILED in case the
* \return #PSA_ERROR_INVALID_SIGNATURE in case the
* certificate chain verification failed. In this case,
* \c *flags will have one or more
* \c MBEDTLS_X509_BADCERT_XXX or \c MBEDTLS_X509_BADCRL_XXX
@@ -694,7 +694,7 @@ int mbedtls_x509_crt_verify(mbedtls_x509_crt *crt,
*
* \return \c 0 if the chain is valid with respect to the
* passed CN, CAs, CRLs and security profile.
* \return #MBEDTLS_ERR_X509_CERT_VERIFY_FAILED in case the
* \return #PSA_ERROR_INVALID_SIGNATURE in case the
* certificate chain verification failed. In this case,
* \c *flags will have one or more
* \c MBEDTLS_X509_BADCERT_XXX or \c MBEDTLS_X509_BADCRL_XXX
@@ -826,7 +826,7 @@ int mbedtls_x509_crt_verify_with_ca_cb(mbedtls_x509_crt *crt,
* that bit MAY be set.
*
* \return 0 is these uses of the certificate are allowed,
* MBEDTLS_ERR_X509_BAD_INPUT_DATA if the keyUsage extension
* #PSA_ERROR_INVALID_ARGUMENT if the keyUsage extension
* is present but does not match the usage argument.
*
* \note You should only call this function on leaf certificates, on
@@ -845,7 +845,7 @@ int mbedtls_x509_crt_check_key_usage(const mbedtls_x509_crt *crt,
* \param usage_len Length of usage_oid (eg given by MBEDTLS_OID_SIZE()).
*
* \return 0 if this use of the certificate is allowed,
* MBEDTLS_ERR_X509_BAD_INPUT_DATA if not.
* #PSA_ERROR_INVALID_ARGUMENT if not.
*
* \note Usually only makes sense on leaf certificates.
*/
@@ -952,7 +952,7 @@ void mbedtls_x509write_crt_set_version(mbedtls_x509write_cert *ctx, int version)
* input buffer
*
* \return 0 if successful, or
* MBEDTLS_ERR_X509_BAD_INPUT_DATA if the provided input buffer
* #PSA_ERROR_INVALID_ARGUMENT if the provided input buffer
* is too big (longer than MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN)
*/
int mbedtls_x509write_crt_set_serial_raw(mbedtls_x509write_cert *ctx,
@@ -1041,7 +1041,7 @@ void mbedtls_x509write_crt_set_md_alg(mbedtls_x509write_cert *ctx, mbedtls_md_ty
* \param val value of the extension OCTET STRING
* \param val_len length of the value data
*
* \return 0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED
* \return 0 if successful, or #PSA_ERROR_INSUFFICIENT_MEMORY
*/
int mbedtls_x509write_crt_set_extension(mbedtls_x509write_cert *ctx,
const char *oid, size_t oid_len,
@@ -1057,7 +1057,7 @@ int mbedtls_x509write_crt_set_extension(mbedtls_x509write_cert *ctx,
* certificate (only for CA certificates, -1 is
* unlimited)
*
* \return 0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED
* \return 0 if successful, or #PSA_ERROR_INSUFFICIENT_MEMORY
*/
int mbedtls_x509write_crt_set_basic_constraints(mbedtls_x509write_cert *ctx,
int is_ca, int max_pathlen);
@@ -1070,7 +1070,7 @@ int mbedtls_x509write_crt_set_basic_constraints(mbedtls_x509write_cert *ctx,
*
* \param ctx CRT context to use
*
* \return 0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED
* \return 0 if successful, or #PSA_ERROR_INSUFFICIENT_MEMORY
*/
int mbedtls_x509write_crt_set_subject_key_identifier(mbedtls_x509write_cert *ctx);
@@ -1081,7 +1081,7 @@ int mbedtls_x509write_crt_set_subject_key_identifier(mbedtls_x509write_cert *ctx
*
* \param ctx CRT context to use
*
* \return 0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED
* \return 0 if successful, or #PSA_ERROR_INSUFFICIENT_MEMORY
*/
int mbedtls_x509write_crt_set_authority_key_identifier(mbedtls_x509write_cert *ctx);
#endif /* PSA_WANT_ALG_SHA_1 */
@@ -1093,7 +1093,7 @@ int mbedtls_x509write_crt_set_authority_key_identifier(mbedtls_x509write_cert *c
* \param ctx CRT context to use
* \param key_usage key usage flags to set
*
* \return 0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED
* \return 0 if successful, or #PSA_ERROR_INSUFFICIENT_MEMORY
*/
int mbedtls_x509write_crt_set_key_usage(mbedtls_x509write_cert *ctx,
unsigned int key_usage);
@@ -1106,7 +1106,7 @@ int mbedtls_x509write_crt_set_key_usage(mbedtls_x509write_cert *ctx,
* \param exts extended key usage extensions to set, a sequence of
* MBEDTLS_ASN1_OID objects
*
* \return 0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED
* \return 0 if successful, or #PSA_ERROR_INSUFFICIENT_MEMORY
*/
int mbedtls_x509write_crt_set_ext_key_usage(mbedtls_x509write_cert *ctx,
const mbedtls_asn1_sequence *exts);
@@ -1118,7 +1118,7 @@ int mbedtls_x509write_crt_set_ext_key_usage(mbedtls_x509write_cert *ctx,
* \param ctx CRT context to use
* \param ns_cert_type Netscape Cert Type flags to set
*
* \return 0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED
* \return 0 if successful, or #PSA_ERROR_INSUFFICIENT_MEMORY
*/
int mbedtls_x509write_crt_set_ns_cert_type(mbedtls_x509write_cert *ctx,
unsigned char ns_cert_type);

8
include/mbedtls/x509_csr.h
View File

@@ -263,7 +263,7 @@ void mbedtls_x509write_csr_set_md_alg(mbedtls_x509write_csr *ctx, mbedtls_md_typ
* \param ctx CSR context to use
* \param key_usage key usage flags to set
*
* \return 0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED
* \return 0 if successful, or #PSA_ERROR_INSUFFICIENT_MEMORY
*
* \note The <code>decipherOnly</code> flag from the Key Usage
* extension is represented by bit 8 (i.e.
@@ -281,7 +281,7 @@ int mbedtls_x509write_csr_set_key_usage(mbedtls_x509write_csr *ctx, unsigned cha
* \param ctx CSR context to use
* \param san_list List of SAN values
*
* \return 0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED
* \return 0 if successful, or #PSA_ERROR_INSUFFICIENT_MEMORY
*
* \note Only "dnsName", "uniformResourceIdentifier" and "otherName",
* as defined in RFC 5280, are supported.
@@ -296,7 +296,7 @@ int mbedtls_x509write_csr_set_subject_alternative_name(mbedtls_x509write_csr *ct
* \param ctx CSR context to use
* \param ns_cert_type Netscape Cert Type flags to set
*
* \return 0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED
* \return 0 if successful, or #PSA_ERROR_INSUFFICIENT_MEMORY
*/
int mbedtls_x509write_csr_set_ns_cert_type(mbedtls_x509write_csr *ctx,
unsigned char ns_cert_type);
@@ -312,7 +312,7 @@ int mbedtls_x509write_csr_set_ns_cert_type(mbedtls_x509write_csr *ctx,
* \param val value of the extension OCTET STRING
* \param val_len length of the value data
*
* \return 0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED
* \return 0 if successful, or a #PSA_ERROR_INSUFFICIENT_MEMORY
*/
int mbedtls_x509write_csr_set_extension(mbedtls_x509write_csr *ctx,
const char *oid, size_t oid_len,