From 4ff148de4582bb6ed01cb4b5189cc8ec312e09f5 Mon Sep 17 00:00:00 2001
From: Damien George <damien@micropython.org>
Date: Sun, 30 Apr 2023 18:06:19 +1000
Subject: [PATCH] lib/mbedtls_errors: Update patch and error list for new
 mbedtls.

Running `./do-mp.sh` now generates this mp_mbedtls_errors.c with mbedTLS
v2.28.1.

Signed-off-by: Damien George <damien@micropython.org>
---
 lib/mbedtls_errors/error.fmt            |  2 +-
 lib/mbedtls_errors/generate_errors.diff | 37 +++++++++++++++----------
 lib/mbedtls_errors/mp_mbedtls_errors.c  | 13 ++++++++-
 3 files changed, 35 insertions(+), 17 deletions(-)

diff --git a/lib/mbedtls_errors/error.fmt b/lib/mbedtls_errors/error.fmt
index 5beeb6e7c9..15889128d4 100644
--- a/lib/mbedtls_errors/error.fmt
+++ b/lib/mbedtls_errors/error.fmt
@@ -110,7 +110,7 @@ void mbedtls_strerror(int ret, char *buf, size_t buflen) {
     if (got_hl) {
         use_ret = ret & 0xFF80;
 
-        // special case
+        // special case, don't try to translate low level code
 #if defined(MBEDTLS_SSL_TLS_C)
         if (use_ret == -(MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE)) {
             strncpy(buf, "MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE", buflen);
diff --git a/lib/mbedtls_errors/generate_errors.diff b/lib/mbedtls_errors/generate_errors.diff
index ad24c372fa..bea47cd66f 100644
--- a/lib/mbedtls_errors/generate_errors.diff
+++ b/lib/mbedtls_errors/generate_errors.diff
@@ -1,22 +1,29 @@
---- generate_errors_orig.pl	2020-06-20 08:40:38.819060379 -0700
-+++ generate_errors.pl	2020-06-20 08:47:26.511163591 -0700
-@@ -162,16 +162,12 @@
- 
-     if ($error_name eq "MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE")
+--- generate_errors_orig.pl	2023-04-30 17:58:23.503070758 +1000
++++ generate_errors.py	2023-04-30 17:58:20.826338349 +1000
+@@ -162,7 +162,7 @@
      {
--        ${$code_check} .= "${white_space}if( use_ret == -($error_name) )\n".
--                          "${white_space}\{\n".
--                          "${white_space}    mbedtls_snprintf( buf, buflen, \"$module_name - $description\" );\n".
--                          "${white_space}    return;\n".
--                          "${white_space}}\n"
-+        # no-op, this case is hard-coded in error.fmt
+         $code_check = \$ll_code_check;
+         $old_define = \$ll_old_define;
+-        $white_space = '        ';
++        $white_space = '    ';
      }
      else
      {
--        ${$code_check} .= "${white_space}if( use_ret == -($error_name) )\n".
--                          "${white_space}    mbedtls_snprintf( buf, buflen, \"$module_name - $description\" );\n"
-+         my $error_text = $error_name =~ s/^MBEDTLS_ERR_//r;
-+         ${$code_check} .= "${white_space}{ -($error_name), \"$error_text\" },\n"
+@@ -203,8 +203,15 @@
+         ${$old_define} = $define_name;
      }
+
+-    ${$code_check} .= "${white_space}case -($error_name):\n".
+-                      "${white_space}    return( \"$module_name - $description\" );\n"
++    if ($error_name eq "MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE")
++    {
++        # no-op, this case is hard-coded in error.fmt
++    }
++    else
++    {
++        my $error_text = $error_name =~ s/^MBEDTLS_ERR_//r;
++        ${$code_check} .= "${white_space}{ -($error_name), \"$error_text\" },\n"
++    }
  };
  
+ if ($ll_old_define ne "")
diff --git a/lib/mbedtls_errors/mp_mbedtls_errors.c b/lib/mbedtls_errors/mp_mbedtls_errors.c
index c56f8a19ff..fabbb15e4e 100644
--- a/lib/mbedtls_errors/mp_mbedtls_errors.c
+++ b/lib/mbedtls_errors/mp_mbedtls_errors.c
@@ -113,6 +113,10 @@
 #include "mbedtls/entropy.h"
 #endif
 
+#if defined(MBEDTLS_ERROR_C)
+#include "mbedtls/error.h"
+#endif
+
 #if defined(MBEDTLS_GCM_C)
 #include "mbedtls/gcm.h"
 #endif
@@ -381,6 +385,8 @@ static const struct ssl_errs mbedtls_high_level_error_tab[] = {
         { -(MBEDTLS_ERR_SSL_CONTINUE_PROCESSING), "SSL_CONTINUE_PROCESSING" },
         { -(MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS), "SSL_ASYNC_IN_PROGRESS" },
         { -(MBEDTLS_ERR_SSL_EARLY_MESSAGE), "SSL_EARLY_MESSAGE" },
+        { -(MBEDTLS_ERR_SSL_UNEXPECTED_CID), "SSL_UNEXPECTED_CID" },
+        { -(MBEDTLS_ERR_SSL_VERSION_MISMATCH), "SSL_VERSION_MISMATCH" },
         { -(MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS), "SSL_CRYPTO_IN_PROGRESS" },
         { -(MBEDTLS_ERR_SSL_BAD_CONFIG), "SSL_BAD_CONFIG" },
 #endif /* MBEDTLS_SSL_TLS_C */
@@ -512,6 +518,11 @@ static const struct ssl_errs mbedtls_low_level_error_tab[] = {
     { -(MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR), "ENTROPY_FILE_IO_ERROR" },
 #endif /* MBEDTLS_ENTROPY_C */
 
+#if defined(MBEDTLS_ERROR_C)
+    { -(MBEDTLS_ERR_ERROR_GENERIC_ERROR), "ERROR_GENERIC_ERROR" },
+    { -(MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED), "ERROR_CORRUPTION_DETECTED" },
+#endif /* MBEDTLS_ERROR_C */
+
 #if defined(MBEDTLS_GCM_C)
     { -(MBEDTLS_ERR_GCM_AUTH_FAILED), "GCM_AUTH_FAILED" },
     { -(MBEDTLS_ERR_GCM_HW_ACCEL_FAILED), "GCM_HW_ACCEL_FAILED" },
@@ -655,7 +666,7 @@ void mbedtls_strerror(int ret, char *buf, size_t buflen) {
     if (got_hl) {
         use_ret = ret & 0xFF80;
 
-        // special case
+        // special case, don't try to translate low level code
 #if defined(MBEDTLS_SSL_TLS_C)
         if (use_ret == -(MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE)) {
             strncpy(buf, "MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE", buflen);