diff --git a/include/mbedtls/net_sockets.h b/include/mbedtls/net_sockets.h index 8e69bc0fb3..f4eb683d3a 100644 --- a/include/mbedtls/net_sockets.h +++ b/include/mbedtls/net_sockets.h @@ -53,7 +53,7 @@ /** Failed to get an IP address for the given hostname. */ #define MBEDTLS_ERR_NET_UNKNOWN_HOST -0x0052 /** Buffer is too small to hold the data. */ -#define MBEDTLS_ERR_NET_BUFFER_TOO_SMALL -0x0043 +#define MBEDTLS_ERR_NET_BUFFER_TOO_SMALL PSA_ERROR_BUFFER_TOO_SMALL /** The context is invalid, eg because it was free()ed. */ #define MBEDTLS_ERR_NET_INVALID_CONTEXT -0x0045 /** Polling the net context failed. */ @@ -147,11 +147,11 @@ int mbedtls_net_bind(mbedtls_net_context *ctx, const char *bind_ip, const char * * can be NULL if client_ip is null * * \return 0 if successful, or - * MBEDTLS_ERR_NET_SOCKET_FAILED, - * MBEDTLS_ERR_NET_BIND_FAILED, - * MBEDTLS_ERR_NET_ACCEPT_FAILED, or - * MBEDTLS_ERR_NET_BUFFER_TOO_SMALL if buf_size is too small, - * MBEDTLS_ERR_SSL_WANT_READ if bind_fd was set to + * #MBEDTLS_ERR_NET_SOCKET_FAILED, + * #MBEDTLS_ERR_NET_BIND_FAILED, + * #MBEDTLS_ERR_NET_ACCEPT_FAILED, or + * #PSA_ERROR_BUFFER_TOO_SMALL if buf_size is too small, + * #MBEDTLS_ERR_SSL_WANT_READ if bind_fd was set to * non-blocking and accept() would block. */ int mbedtls_net_accept(mbedtls_net_context *bind_ctx, diff --git a/include/mbedtls/pkcs7.h b/include/mbedtls/pkcs7.h index e9b482208e..cf9e4407ce 100644 --- a/include/mbedtls/pkcs7.h +++ b/include/mbedtls/pkcs7.h @@ -53,11 +53,11 @@ #define MBEDTLS_ERR_PKCS7_INVALID_CONTENT_INFO -0x5480 /**< The PKCS #7 content info is invalid or cannot be parsed. */ #define MBEDTLS_ERR_PKCS7_INVALID_ALG -0x5500 /**< The algorithm tag or value is invalid or cannot be parsed. */ #define MBEDTLS_ERR_PKCS7_INVALID_CERT -0x5580 /**< The certificate tag or value is invalid or cannot be parsed. */ -#define MBEDTLS_ERR_PKCS7_INVALID_SIGNATURE -0x5600 /**< Error parsing the signature */ +#define MBEDTLS_ERR_PKCS7_INVALID_SIGNATURE PSA_ERROR_INVALID_SIGNATURE /**< Error parsing the signature */ #define MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO -0x5680 /**< Error parsing the signer's info */ -#define MBEDTLS_ERR_PKCS7_BAD_INPUT_DATA -0x5700 /**< Input invalid. */ -#define MBEDTLS_ERR_PKCS7_ALLOC_FAILED -0x5780 /**< Allocation of memory failed. */ -#define MBEDTLS_ERR_PKCS7_VERIFY_FAIL -0x5800 /**< Verification Failed */ +#define MBEDTLS_ERR_PKCS7_BAD_INPUT_DATA PSA_ERROR_INVALID_ARGUMENT /**< Input invalid. */ +#define MBEDTLS_ERR_PKCS7_ALLOC_FAILED PSA_ERROR_INSUFFICIENT_MEMORY /**< Allocation of memory failed. */ +#define MBEDTLS_ERR_PKCS7_VERIFY_FAIL PSA_ERROR_INVALID_SIGNATURE /**< Verification Failed */ #define MBEDTLS_ERR_PKCS7_CERT_DATE_INVALID -0x5880 /**< The PKCS #7 date issued/expired dates are invalid */ /* \} name */ diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 628d5c7e71..ab3f256913 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -44,7 +44,7 @@ /** The requested feature is not available. */ #define MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE -0x7080 /** Bad input parameters to function. */ -#define MBEDTLS_ERR_SSL_BAD_INPUT_DATA -0x7100 +#define MBEDTLS_ERR_SSL_BAD_INPUT_DATA PSA_ERROR_INVALID_ARGUMENT /** Verification of the message MAC failed. */ #define MBEDTLS_ERR_SSL_INVALID_MAC -0x7180 /** An invalid SSL record was received. */ @@ -105,7 +105,7 @@ /** Cache entry not found */ #define MBEDTLS_ERR_SSL_CACHE_ENTRY_NOT_FOUND -0x7E80 /** Memory allocation failed */ -#define MBEDTLS_ERR_SSL_ALLOC_FAILED -0x7F00 +#define MBEDTLS_ERR_SSL_ALLOC_FAILED PSA_ERROR_INSUFFICIENT_MEMORY /** Hardware acceleration function returned with error */ #define MBEDTLS_ERR_SSL_HW_ACCEL_FAILED -0x7F80 /** Hardware acceleration function skipped / left alone data */ @@ -129,7 +129,7 @@ /** DTLS client must retry for hello verification */ #define MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED -0x6A80 /** A buffer is too small to receive or write a message */ -#define MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL -0x6A00 +#define MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL PSA_ERROR_BUFFER_TOO_SMALL /* Error space gap */ /** No data of requested type currently available on underlying transport. */ #define MBEDTLS_ERR_SSL_WANT_READ -0x6900 @@ -1912,7 +1912,7 @@ void mbedtls_ssl_init(mbedtls_ssl_context *ssl); * \param ssl SSL context * \param conf SSL configuration to use * - * \return 0 if successful, or MBEDTLS_ERR_SSL_ALLOC_FAILED if + * \return 0 if successful, or #PSA_ERROR_INSUFFICIENT_MEMORY if * memory allocation failed */ int mbedtls_ssl_setup(mbedtls_ssl_context *ssl, @@ -1924,7 +1924,7 @@ int mbedtls_ssl_setup(mbedtls_ssl_context *ssl, * pointers and data. * * \param ssl SSL context - * \return 0 if successful, or MBEDTLS_ERR_SSL_ALLOC_FAILED or + * \return 0 if successful, or #PSA_ERROR_INSUFFICIENT_MEMORY or MBEDTLS_ERR_SSL_HW_ACCEL_FAILED */ int mbedtls_ssl_session_reset(mbedtls_ssl_context *ssl); @@ -2579,14 +2579,14 @@ void mbedtls_ssl_conf_session_tickets_cb(mbedtls_ssl_config *conf, * milliseconds. * * \return 0 on success, - * MBEDTLS_ERR_SSL_BAD_INPUT_DATA if an input is not valid. + * #PSA_ERROR_INVALID_ARGUMENT if an input is not valid. */ static inline int mbedtls_ssl_session_get_ticket_creation_time( mbedtls_ssl_session *session, mbedtls_ms_time_t *ticket_creation_time) { if (session == NULL || ticket_creation_time == NULL || session->MBEDTLS_PRIVATE(endpoint) != MBEDTLS_SSL_IS_SERVER) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + return PSA_ERROR_INVALID_ARGUMENT; } *ticket_creation_time = session->MBEDTLS_PRIVATE(ticket_creation_time); @@ -2937,8 +2937,8 @@ void mbedtls_ssl_conf_dtls_cookies(mbedtls_ssl_config *conf, * \note An internal copy is made, so the info buffer can be reused. * * \return 0 on success, - * MBEDTLS_ERR_SSL_BAD_INPUT_DATA if used on client, - * MBEDTLS_ERR_SSL_ALLOC_FAILED if out of memory. + * #PSA_ERROR_INVALID_ARGUMENT if used on client, + * #PSA_ERROR_INSUFFICIENT_MEMORY if out of memory. */ int mbedtls_ssl_set_client_transport_id(mbedtls_ssl_context *ssl, const unsigned char *info, @@ -3175,8 +3175,8 @@ int mbedtls_ssl_set_session(mbedtls_ssl_context *ssl, const mbedtls_ssl_session * \param len The size of the serialized data in bytes. * * \return \c 0 if successful. - * \return #MBEDTLS_ERR_SSL_ALLOC_FAILED if memory allocation failed. - * \return #MBEDTLS_ERR_SSL_BAD_INPUT_DATA if input data is invalid. + * \return #PSA_ERROR_INSUFFICIENT_MEMORY if memory allocation failed. + * \return #PSA_ERROR_INVALID_ARGUMENT if input data is invalid. * \return #MBEDTLS_ERR_SSL_VERSION_MISMATCH if the serialized data * was generated in a different version or configuration of * Mbed TLS. @@ -3215,7 +3215,7 @@ int mbedtls_ssl_session_load(mbedtls_ssl_session *session, * tickets. * * \return \c 0 if successful. - * \return #MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL if \p buf is too small. + * \return #PSA_ERROR_BUFFER_TOO_SMALL if \p buf is too small. * \return #MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE if the * MBEDTLS_SSL_SESSION_TICKETS configuration option is disabled * and the session is a TLS 1.3 session. @@ -3348,7 +3348,7 @@ void mbedtls_ssl_conf_tls13_key_exchange_modes(mbedtls_ssl_config *conf, * record headers. * * \return \c 0 on success. - * \return #MBEDTLS_ERR_SSL_BAD_INPUT_DATA if \p len + * \return #PSA_ERROR_INVALID_ARGUMENT if \p len * is too large. */ int mbedtls_ssl_conf_cid(mbedtls_ssl_config *conf, size_t len, @@ -3495,7 +3495,7 @@ void mbedtls_ssl_conf_ca_cb(mbedtls_ssl_config *conf, * \param own_cert own public certificate chain * \param pk_key own private key * - * \return 0 on success or MBEDTLS_ERR_SSL_ALLOC_FAILED + * \return 0 on success or #PSA_ERROR_INSUFFICIENT_MEMORY */ int mbedtls_ssl_conf_own_cert(mbedtls_ssl_config *conf, mbedtls_x509_crt *own_cert, @@ -3744,8 +3744,8 @@ void mbedtls_ssl_conf_sig_algs(mbedtls_ssl_config *conf, * #MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME * for more details. * - * \return 0 if successful, #MBEDTLS_ERR_SSL_ALLOC_FAILED on - * allocation failure, #MBEDTLS_ERR_SSL_BAD_INPUT_DATA on + * \return 0 if successful, #PSA_ERROR_INSUFFICIENT_MEMORY on + * allocation failure, #PSA_ERROR_INVALID_ARGUMENT on * too long input hostname. * * Hostname set to the one provided on success (cleared @@ -3805,7 +3805,7 @@ const unsigned char *mbedtls_ssl_get_hs_sni(mbedtls_ssl_context *ssl, * \param own_cert own public certificate chain * \param pk_key own private key * - * \return 0 on success or MBEDTLS_ERR_SSL_ALLOC_FAILED + * \return 0 on success or #PSA_ERROR_INSUFFICIENT_MEMORY */ int mbedtls_ssl_set_hs_own_cert(mbedtls_ssl_context *ssl, mbedtls_x509_crt *own_cert, @@ -3934,7 +3934,7 @@ int mbedtls_ssl_set_hs_ecjpake_password_opaque(mbedtls_ssl_context *ssl, * the lifetime of the table must be at least as long as the * lifetime of the SSL configuration structure. * - * \return 0 on success, or MBEDTLS_ERR_SSL_BAD_INPUT_DATA. + * \return 0 on success, or #PSA_ERROR_INVALID_ARGUMENT. */ int mbedtls_ssl_conf_alpn_protocols(mbedtls_ssl_config *conf, const char *const *protos); @@ -4001,7 +4001,7 @@ void mbedtls_ssl_conf_srtp_mki_value_supported(mbedtls_ssl_config *conf, * (excluding the terminating MBEDTLS_TLS_SRTP_UNSET). * * \return 0 on success - * \return #MBEDTLS_ERR_SSL_BAD_INPUT_DATA when the list of + * \return #PSA_ERROR_INVALID_ARGUMENT when the list of * protection profiles is incorrect. */ int mbedtls_ssl_conf_dtls_srtp_protection_profiles @@ -4021,7 +4021,7 @@ int mbedtls_ssl_conf_dtls_srtp_protection_profiles * is ignored. * * \return 0 on success - * \return #MBEDTLS_ERR_SSL_BAD_INPUT_DATA + * \return #PSA_ERROR_INVALID_ARGUMENT * \return #MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE */ int mbedtls_ssl_dtls_srtp_set_mki_value(mbedtls_ssl_context *ssl, @@ -4166,7 +4166,7 @@ void mbedtls_ssl_conf_cert_req_ca_list(mbedtls_ssl_config *conf, * MBEDTLS_SSL_MAX_FRAG_LEN_512, MBEDTLS_SSL_MAX_FRAG_LEN_1024, * MBEDTLS_SSL_MAX_FRAG_LEN_2048, MBEDTLS_SSL_MAX_FRAG_LEN_4096) * - * \return 0 if successful or MBEDTLS_ERR_SSL_BAD_INPUT_DATA + * \return 0 if successful or #PSA_ERROR_INVALID_ARGUMENT */ int mbedtls_ssl_conf_max_frag_len(mbedtls_ssl_config *conf, unsigned char mfl_code); #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ @@ -4892,7 +4892,7 @@ int mbedtls_ssl_read(mbedtls_ssl_context *ssl, unsigned char *buf, size_t len); * fragment length (either the built-in limit or the one set * or negotiated with the peer), then: * - with TLS, less bytes than requested are written. - * - with DTLS, MBEDTLS_ERR_SSL_BAD_INPUT_DATA is returned. + * - with DTLS, #PSA_ERROR_INVALID_ARGUMENT is returned. * \c mbedtls_ssl_get_max_out_record_payload() may be used to * query the active maximum fragment length. * @@ -4976,7 +4976,7 @@ int mbedtls_ssl_close_notify(mbedtls_ssl_context *ssl); * \param len maximum number of bytes to read * * \return The (positive) number of bytes read if successful. - * \return #MBEDTLS_ERR_SSL_BAD_INPUT_DATA if input data is invalid. + * \return #PSA_ERROR_INVALID_ARGUMENT if input data is invalid. * \return #MBEDTLS_ERR_SSL_CANNOT_READ_EARLY_DATA if it is not * possible to read early data for the SSL context \p ssl. Note * that this function is intended to be called for an SSL @@ -5082,10 +5082,10 @@ int mbedtls_ssl_write_early_data(mbedtls_ssl_context *ssl, * * \param ssl The SSL context to query * - * \return #MBEDTLS_ERR_SSL_BAD_INPUT_DATA if this function is called + * \return #PSA_ERROR_INVALID_ARGUMENT if this function is called * from the server-side. * - * \return #MBEDTLS_ERR_SSL_BAD_INPUT_DATA if this function is called + * \return #PSA_ERROR_INVALID_ARGUMENT if this function is called * prior to completion of the handshake. * * \return #MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_INDICATED if the client @@ -5134,7 +5134,7 @@ void mbedtls_ssl_free(mbedtls_ssl_context *ssl); * * \note This feature is currently only available under certain * conditions, see the documentation of the return value - * #MBEDTLS_ERR_SSL_BAD_INPUT_DATA for details. + * #PSA_ERROR_INVALID_ARGUMENT for details. * * \note When this function succeeds, it calls * mbedtls_ssl_session_reset() on \p ssl which as a result is @@ -5159,15 +5159,15 @@ void mbedtls_ssl_free(mbedtls_ssl_context *ssl); * to determine the necessary size by calling this function * with \p buf set to \c NULL and \p buf_len to \c 0. However, * the value of \p olen is only guaranteed to be correct when - * the function returns #MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL or + * the function returns #PSA_ERROR_BUFFER_TOO_SMALL or * \c 0. If the return value is different, then the value of * \p olen is undefined. * * \return \c 0 if successful. - * \return #MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL if \p buf is too small. - * \return #MBEDTLS_ERR_SSL_ALLOC_FAILED if memory allocation failed + * \return #PSA_ERROR_BUFFER_TOO_SMALL if \p buf is too small. + * \return #PSA_ERROR_INSUFFICIENT_MEMORY if memory allocation failed * while resetting the context. - * \return #MBEDTLS_ERR_SSL_BAD_INPUT_DATA if a handshake is in + * \return #PSA_ERROR_INVALID_ARGUMENT if a handshake is in * progress, or there is pending data for reading or sending, * or the connection does not use DTLS 1.2 with an AEAD * ciphersuite, or renegotiation is enabled. @@ -5240,10 +5240,10 @@ int mbedtls_ssl_context_save(mbedtls_ssl_context *ssl, * \param len The size of the serialized data in bytes. * * \return \c 0 if successful. - * \return #MBEDTLS_ERR_SSL_ALLOC_FAILED if memory allocation failed. + * \return #PSA_ERROR_INSUFFICIENT_MEMORY if memory allocation failed. * \return #MBEDTLS_ERR_SSL_VERSION_MISMATCH if the serialized data * comes from a different Mbed TLS version or build. - * \return #MBEDTLS_ERR_SSL_BAD_INPUT_DATA if input data is invalid. + * \return #PSA_ERROR_INVALID_ARGUMENT if input data is invalid. */ int mbedtls_ssl_context_load(mbedtls_ssl_context *ssl, const unsigned char *buf, @@ -5352,7 +5352,7 @@ int mbedtls_ssl_tls_prf(const mbedtls_tls_prf_types prf, * context_len are ignored and a 0-length context is used. * * \return 0 on success. - * \return MBEDTLS_ERR_SSL_BAD_INPUT_DATA if the handshake is not yet completed. + * \return #PSA_ERROR_INVALID_ARGUMENT if the handshake is not yet completed. * \return An SSL-specific error on failure. */ int mbedtls_ssl_export_keying_material(mbedtls_ssl_context *ssl, diff --git a/include/mbedtls/x509.h b/include/mbedtls/x509.h index b1a80e3011..a021a7d996 100644 --- a/include/mbedtls/x509.h +++ b/include/mbedtls/x509.h @@ -58,7 +58,7 @@ /** The date tag or value is invalid. */ #define MBEDTLS_ERR_X509_INVALID_DATE -0x2400 /** The signature tag or value invalid. */ -#define MBEDTLS_ERR_X509_INVALID_SIGNATURE -0x2480 +#define MBEDTLS_ERR_X509_INVALID_SIGNATURE PSA_ERROR_INVALID_SIGNATURE /** The extension tag or value is invalid. */ #define MBEDTLS_ERR_X509_INVALID_EXTENSIONS -0x2500 /** CRT/CRL/CSR has an unsupported version number. */ @@ -68,17 +68,17 @@ /** Signature algorithms do not match. (see \c ::mbedtls_x509_crt sig_oid) */ #define MBEDTLS_ERR_X509_SIG_MISMATCH -0x2680 /** Certificate verification failed, e.g. CRL, CA or signature check failed. */ -#define MBEDTLS_ERR_X509_CERT_VERIFY_FAILED -0x2700 +#define MBEDTLS_ERR_X509_CERT_VERIFY_FAILED PSA_ERROR_INVALID_SIGNATURE /** Format not recognized as DER or PEM. */ #define MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT -0x2780 /** Input invalid. */ -#define MBEDTLS_ERR_X509_BAD_INPUT_DATA -0x2800 +#define MBEDTLS_ERR_X509_BAD_INPUT_DATA PSA_ERROR_INVALID_ARGUMENT /** Allocation of memory failed. */ -#define MBEDTLS_ERR_X509_ALLOC_FAILED -0x2880 +#define MBEDTLS_ERR_X509_ALLOC_FAILED PSA_ERROR_INSUFFICIENT_MEMORY /** Read/write of file failed. */ #define MBEDTLS_ERR_X509_FILE_IO_ERROR -0x2900 /** Destination buffer is too small. */ -#define MBEDTLS_ERR_X509_BUFFER_TOO_SMALL -0x2980 +#define MBEDTLS_ERR_X509_BUFFER_TOO_SMALL PSA_ERROR_BUFFER_TOO_SMALL /** A fatal error occurred, eg the chain is too long or the vrfy callback failed. */ #define MBEDTLS_ERR_X509_FATAL_ERROR -0x3000 /** \} name X509 Error codes */ diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index bf418a6851..6b81652bb0 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -234,7 +234,7 @@ mbedtls_x509write_cert; * \param ctx Certificate context to use * \param san_list List of SAN values * - * \return 0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED + * \return 0 if successful, or #PSA_ERROR_INSUFFICIENT_MEMORY * * \note "dnsName", "uniformResourceIdentifier", "IP address", * "otherName", and "DirectoryName", as defined in RFC 5280, @@ -610,7 +610,7 @@ int mbedtls_x509_crt_verify_info(char *buf, size_t size, const char *prefix, * other than fatal error, as a non-zero return code * immediately aborts the verification process. For fatal * errors, a specific error code should be used (different - * from MBEDTLS_ERR_X509_CERT_VERIFY_FAILED which should not + * from #PSA_ERROR_INVALID_SIGNATURE which should not * be returned at this point), or MBEDTLS_ERR_X509_FATAL_ERROR * can be used if no better code is available. * @@ -653,7 +653,7 @@ int mbedtls_x509_crt_verify_info(char *buf, size_t size, const char *prefix, * * \return \c 0 if the chain is valid with respect to the * passed CN, CAs, CRLs and security profile. - * \return #MBEDTLS_ERR_X509_CERT_VERIFY_FAILED in case the + * \return #PSA_ERROR_INVALID_SIGNATURE in case the * certificate chain verification failed. In this case, * \c *flags will have one or more * \c MBEDTLS_X509_BADCERT_XXX or \c MBEDTLS_X509_BADCRL_XXX @@ -694,7 +694,7 @@ int mbedtls_x509_crt_verify(mbedtls_x509_crt *crt, * * \return \c 0 if the chain is valid with respect to the * passed CN, CAs, CRLs and security profile. - * \return #MBEDTLS_ERR_X509_CERT_VERIFY_FAILED in case the + * \return #PSA_ERROR_INVALID_SIGNATURE in case the * certificate chain verification failed. In this case, * \c *flags will have one or more * \c MBEDTLS_X509_BADCERT_XXX or \c MBEDTLS_X509_BADCRL_XXX @@ -826,7 +826,7 @@ int mbedtls_x509_crt_verify_with_ca_cb(mbedtls_x509_crt *crt, * that bit MAY be set. * * \return 0 is these uses of the certificate are allowed, - * MBEDTLS_ERR_X509_BAD_INPUT_DATA if the keyUsage extension + * #PSA_ERROR_INVALID_ARGUMENT if the keyUsage extension * is present but does not match the usage argument. * * \note You should only call this function on leaf certificates, on @@ -845,7 +845,7 @@ int mbedtls_x509_crt_check_key_usage(const mbedtls_x509_crt *crt, * \param usage_len Length of usage_oid (eg given by MBEDTLS_OID_SIZE()). * * \return 0 if this use of the certificate is allowed, - * MBEDTLS_ERR_X509_BAD_INPUT_DATA if not. + * #PSA_ERROR_INVALID_ARGUMENT if not. * * \note Usually only makes sense on leaf certificates. */ @@ -952,7 +952,7 @@ void mbedtls_x509write_crt_set_version(mbedtls_x509write_cert *ctx, int version) * input buffer * * \return 0 if successful, or - * MBEDTLS_ERR_X509_BAD_INPUT_DATA if the provided input buffer + * #PSA_ERROR_INVALID_ARGUMENT if the provided input buffer * is too big (longer than MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN) */ int mbedtls_x509write_crt_set_serial_raw(mbedtls_x509write_cert *ctx, @@ -1041,7 +1041,7 @@ void mbedtls_x509write_crt_set_md_alg(mbedtls_x509write_cert *ctx, mbedtls_md_ty * \param val value of the extension OCTET STRING * \param val_len length of the value data * - * \return 0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED + * \return 0 if successful, or #PSA_ERROR_INSUFFICIENT_MEMORY */ int mbedtls_x509write_crt_set_extension(mbedtls_x509write_cert *ctx, const char *oid, size_t oid_len, @@ -1057,7 +1057,7 @@ int mbedtls_x509write_crt_set_extension(mbedtls_x509write_cert *ctx, * certificate (only for CA certificates, -1 is * unlimited) * - * \return 0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED + * \return 0 if successful, or #PSA_ERROR_INSUFFICIENT_MEMORY */ int mbedtls_x509write_crt_set_basic_constraints(mbedtls_x509write_cert *ctx, int is_ca, int max_pathlen); @@ -1070,7 +1070,7 @@ int mbedtls_x509write_crt_set_basic_constraints(mbedtls_x509write_cert *ctx, * * \param ctx CRT context to use * - * \return 0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED + * \return 0 if successful, or #PSA_ERROR_INSUFFICIENT_MEMORY */ int mbedtls_x509write_crt_set_subject_key_identifier(mbedtls_x509write_cert *ctx); @@ -1081,7 +1081,7 @@ int mbedtls_x509write_crt_set_subject_key_identifier(mbedtls_x509write_cert *ctx * * \param ctx CRT context to use * - * \return 0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED + * \return 0 if successful, or #PSA_ERROR_INSUFFICIENT_MEMORY */ int mbedtls_x509write_crt_set_authority_key_identifier(mbedtls_x509write_cert *ctx); #endif /* PSA_WANT_ALG_SHA_1 */ @@ -1093,7 +1093,7 @@ int mbedtls_x509write_crt_set_authority_key_identifier(mbedtls_x509write_cert *c * \param ctx CRT context to use * \param key_usage key usage flags to set * - * \return 0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED + * \return 0 if successful, or #PSA_ERROR_INSUFFICIENT_MEMORY */ int mbedtls_x509write_crt_set_key_usage(mbedtls_x509write_cert *ctx, unsigned int key_usage); @@ -1106,7 +1106,7 @@ int mbedtls_x509write_crt_set_key_usage(mbedtls_x509write_cert *ctx, * \param exts extended key usage extensions to set, a sequence of * MBEDTLS_ASN1_OID objects * - * \return 0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED + * \return 0 if successful, or #PSA_ERROR_INSUFFICIENT_MEMORY */ int mbedtls_x509write_crt_set_ext_key_usage(mbedtls_x509write_cert *ctx, const mbedtls_asn1_sequence *exts); @@ -1118,7 +1118,7 @@ int mbedtls_x509write_crt_set_ext_key_usage(mbedtls_x509write_cert *ctx, * \param ctx CRT context to use * \param ns_cert_type Netscape Cert Type flags to set * - * \return 0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED + * \return 0 if successful, or #PSA_ERROR_INSUFFICIENT_MEMORY */ int mbedtls_x509write_crt_set_ns_cert_type(mbedtls_x509write_cert *ctx, unsigned char ns_cert_type); diff --git a/include/mbedtls/x509_csr.h b/include/mbedtls/x509_csr.h index b11539440c..60a553f55d 100644 --- a/include/mbedtls/x509_csr.h +++ b/include/mbedtls/x509_csr.h @@ -263,7 +263,7 @@ void mbedtls_x509write_csr_set_md_alg(mbedtls_x509write_csr *ctx, mbedtls_md_typ * \param ctx CSR context to use * \param key_usage key usage flags to set * - * \return 0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED + * \return 0 if successful, or #PSA_ERROR_INSUFFICIENT_MEMORY * * \note The decipherOnly flag from the Key Usage * extension is represented by bit 8 (i.e. @@ -281,7 +281,7 @@ int mbedtls_x509write_csr_set_key_usage(mbedtls_x509write_csr *ctx, unsigned cha * \param ctx CSR context to use * \param san_list List of SAN values * - * \return 0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED + * \return 0 if successful, or #PSA_ERROR_INSUFFICIENT_MEMORY * * \note Only "dnsName", "uniformResourceIdentifier" and "otherName", * as defined in RFC 5280, are supported. @@ -296,7 +296,7 @@ int mbedtls_x509write_csr_set_subject_alternative_name(mbedtls_x509write_csr *ct * \param ctx CSR context to use * \param ns_cert_type Netscape Cert Type flags to set * - * \return 0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED + * \return 0 if successful, or #PSA_ERROR_INSUFFICIENT_MEMORY */ int mbedtls_x509write_csr_set_ns_cert_type(mbedtls_x509write_csr *ctx, unsigned char ns_cert_type); @@ -312,7 +312,7 @@ int mbedtls_x509write_csr_set_ns_cert_type(mbedtls_x509write_csr *ctx, * \param val value of the extension OCTET STRING * \param val_len length of the value data * - * \return 0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED + * \return 0 if successful, or a #PSA_ERROR_INSUFFICIENT_MEMORY */ int mbedtls_x509write_csr_set_extension(mbedtls_x509write_csr *ctx, const char *oid, size_t oid_len,