From f5b48c3d9c741d3b8e0519eb3a77ae0a5f7ee9ee Mon Sep 17 00:00:00 2001 From: Felix Conway Date: Mon, 18 Aug 2025 14:52:41 +0100 Subject: [PATCH] Add Changelog and documentation Signed-off-by: Felix Conway --- ChangeLog.d/unify-errors.txt | 8 ++++++++ docs/4.0-migration-guide/error-codes.md | 14 ++++++++++++++ 2 files changed, 22 insertions(+) create mode 100644 ChangeLog.d/unify-errors.txt diff --git a/ChangeLog.d/unify-errors.txt b/ChangeLog.d/unify-errors.txt new file mode 100644 index 0000000000..3dad7f3b67 --- /dev/null +++ b/ChangeLog.d/unify-errors.txt @@ -0,0 +1,8 @@ +API changes + * Make the following error codes aliases of their PSA equivalents, where + xxx is a module, e.g. X509 or SSL. + MBEDTLS_ERR_xxx_BAD_INPUT_DATA -> PSA_ERROR_INVALID_ARGUMENT + MBEDTLS_ERR_xxx_ALLOC_FAILED -> PSA_ERROR_INSUFFICIENT_MEMORY + MBEDTLS_ERR_xxx_VERIFY_FAILED -> PSA_ERROR_INVALID_SIGNATURE + MBEDTLS_ERR_xxx_INVALID_SIGNATURE -> PSA_ERROR_INVALID_SIGNATURE + MBEDTLS_ERR_xxx_BUFFER_TOO_SMALL -> PSA_ERROR_BUFFER_TOO_SMALL diff --git a/docs/4.0-migration-guide/error-codes.md b/docs/4.0-migration-guide/error-codes.md index 074acc04bb..3bcdb8c580 100644 --- a/docs/4.0-migration-guide/error-codes.md +++ b/docs/4.0-migration-guide/error-codes.md @@ -18,6 +18,8 @@ As a consequence, the functions `mbedtls_low_level_strerr()` and `mbedtls_high_l Many legacy error codes have been removed in favor of PSA error codes. Generally, functions that returned a legacy error code in the table below in Mbed TLS 3.6 now return the PSA error code listed on the same row. Similarly, callbacks should apply the same changes to error code, unless there has been a relevant change to the callback's interface. +#### Specific error codes + | Legacy constant (Mbed TLS 3.6) | PSA constant (Mbed TLS 4.0) | | ------------------------------ | --------------------------- | | `MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED` | `PSA_ERROR_CORRUPTION_DETECTED` | @@ -25,4 +27,16 @@ Many legacy error codes have been removed in favor of PSA error codes. Generally | `MBEDTLS_ERR_OID_BUF_TOO_SMALL` | `PSA_ERROR_BUFFER_TOO_SMALL` | `MBEDTLS_ERR_OID_NOT_FOUND` | `PSA_ERROR_NOT_SUPPORTED` | +#### General Replacements + +The module-specific error codes in the table below have been replaced with a single PSA error code. Here `xxx` corresponds to all modules (e.g. `X509` or `SSL`) with the specific error code. + +| Legacy constant (Mbed TLS 3.6) | PSA constant (TF-PSA-Crypto 1.0) | +|---------------------------------| ---------------------------------------------- | +| `MBEDTLS_ERR_xxx_BAD_INPUT_DATA` | `PSA_ERROR_INVALID_ARGUMENT` | +| `MBEDTLS_ERR_xxx_ALLOC_FAILED` | `PSA_ERROR_INSUFFICIENT_MEMORY` | +| `MBEDTLS_ERR_xxx_VERIFY_FAILED` | `PSA_ERROR_INVALID_SIGNATURE` | +| `MBEDTLS_ERR_xxx_INVALID_SIGNATURE` | `PSA_ERROR_INVALID_SIGNATURE` | +| `MBEDTLS_ERR_xxx_BUFFER_TOO_SMALL` | `PSA_ERROR_BUFFER_TOO_SMALL` | + See also the corresponding section in the TF-PSA-Crypto migration guide, which lists error codes from cryptography modules.