Unify PSA to Mbed TLS error translation Move all error translation utilities to psa_util.c. Introduce macros and functions to avoid having a local copy of the error translating function in each place. Identify overlapping errors and introduce a generic function. Provide a single macro for all error translations (unless one file needs a couple of different ones). Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>

commit: 8a045ce5e669045c8ef374374d4d3f19ecd5def5 [log] [tgz]
author: Andrzej Kurek <andrzej.kurek@arm.com> Fri Dec 23 11:00:06 2022 -0500
committer: Andrzej Kurek <andrzej.kurek@arm.com> Fri Mar 03 05:23:44 2023 -0500
tree: e207b45b4238b8d791f9c619c88ee336a5eeb314
parent: 05b80a4eeeb1c614dcee55ace40f81e93e27e9ad [diff]
diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt
index bef2e1c..06b0131 100644
--- a/library/CMakeLists.txt
+++ b/library/CMakeLists.txt

@@ -77,6 +77,7 @@
     psa_crypto_slot_management.c
     psa_crypto_storage.c
     psa_its_file.c
+    psa_util.c
     ripemd160.c
     rsa.c
     rsa_alt_helpers.c

diff --git a/library/Makefile b/library/Makefile
index ed5e1e1..ceb9c0d 100644
--- a/library/Makefile
+++ b/library/Makefile

@@ -142,6 +142,7 @@
 	     psa_crypto_slot_management.o \
 	     psa_crypto_storage.o \
 	     psa_its_file.o \
+	     psa_util.o \
 	     ripemd160.o \
 	     rsa.o \
 	     rsa_alt_helpers.o \

diff --git a/library/constant_time.c b/library/constant_time.c
index b3bf874..552a918 100644
--- a/library/constant_time.c
+++ b/library/constant_time.c

@@ -46,6 +46,11 @@
 #endif
 
 #include <string.h>
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status,    \
+                                                           psa_to_ssl_errors,              \
+                                                           psa_generic_status_to_mbedtls)
+#endif
 
 /*
  * Define MBEDTLS_EFFICIENT_UNALIGNED_VOLATILE_ACCESS where assembly is present to
@@ -620,7 +625,7 @@
 
     psa_hash_abort(&operation);
     psa_hash_abort(&aux_operation);
-    return psa_ssl_status_to_mbedtls(status);
+    return PSA_TO_MBEDTLS_ERR(status);
 }
 
 #undef MAX_HASH_BLOCK_LENGTH

diff --git a/library/ecjpake.c b/library/ecjpake.c
index 1a683d5..36c1327 100644
--- a/library/ecjpake.c
+++ b/library/ecjpake.c

@@ -35,6 +35,11 @@
 #if !defined(MBEDTLS_MD_C)
 #include "psa/crypto.h"
 #include "mbedtls/psa_util.h"
+#if !defined(MBEDTLS_ECJPAKE_ALT)
+#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status,   \
+                                                           psa_to_md_errors,              \
+                                                           psa_generic_status_to_mbedtls)
+#endif /* !MBEDTLS_ECJPAKE_ALT */
 #endif /* !MBEDTLS_MD_C */
 
 #include "hash_info.h"
@@ -72,7 +77,7 @@
 
     status = psa_hash_compute(alg, input, ilen, output, out_size, &out_len);
 
-    return mbedtls_md_error_from_psa(status);
+    return PSA_TO_MBEDTLS_ERR(status);
 #endif /* !MBEDTLS_MD_C */
 }
 

diff --git a/library/hash_info.c b/library/hash_info.c
index f8b41a5..0e445b6 100644
--- a/library/hash_info.c
+++ b/library/hash_info.c

@@ -104,6 +104,7 @@
     return entry->md_type;
 }
 
+#if !defined(MBEDTLS_DEPRECATED_REMOVED)
 int mbedtls_md_error_from_psa(psa_status_t status)
 {
     switch (status) {
@@ -119,3 +120,4 @@
             return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED;
     }
 }
+#endif /* !MBEDTLS_DEPRECATED_REMOVED */

diff --git a/library/hash_info.h b/library/hash_info.h
index 47da934..f984c82 100644
--- a/library/hash_info.h
+++ b/library/hash_info.h

@@ -34,6 +34,7 @@
 
 #include "mbedtls/md.h"
 #include "psa/crypto.h"
+#include "mbedtls/platform_util.h"
 
 /** \def MBEDTLS_HASH_MAX_SIZE
  *
@@ -88,12 +89,13 @@
  */
 mbedtls_md_type_t mbedtls_hash_info_md_from_psa(psa_algorithm_t psa_alg);
 
+#if !defined(MBEDTLS_DEPRECATED_REMOVED)
 /** Convert PSA status to MD error code.
  *
  * \param status    PSA status.
  *
  * \return          The corresponding MD error code,
  */
-int mbedtls_md_error_from_psa(psa_status_t status);
-
+int MBEDTLS_DEPRECATED mbedtls_md_error_from_psa(psa_status_t status);
+#endif /* !MBEDTLS_DEPRECATED_REMOVED */
 #endif /* MBEDTLS_HASH_INFO_H */

diff --git a/library/lmots.c b/library/lmots.c
index c6b45ed..4061edd 100644
--- a/library/lmots.c
+++ b/library/lmots.c

@@ -41,9 +41,14 @@
 #include "mbedtls/lms.h"
 #include "mbedtls/platform_util.h"
 #include "mbedtls/error.h"
+#include "mbedtls/psa_util.h"
 
 #include "psa/crypto.h"
 
+#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status,   \
+                                                           psa_to_lms_errors,             \
+                                                           psa_generic_status_to_mbedtls)
+
 #define PUBLIC_KEY_TYPE_OFFSET     (0)
 #define PUBLIC_KEY_I_KEY_ID_OFFSET (PUBLIC_KEY_TYPE_OFFSET + \
                                     MBEDTLS_LMOTS_TYPE_LEN)
@@ -198,7 +203,7 @@
 exit:
     psa_hash_abort(&op);
 
-    return mbedtls_lms_error_from_psa(status);
+    return PSA_TO_MBEDTLS_ERR(status);
 }
 
 /* Hash each element of the string of digits (+ checksum), producing a hash
@@ -321,7 +326,7 @@
     psa_hash_abort(&op);
     mbedtls_platform_zeroize(tmp_hash, sizeof(tmp_hash));
 
-    return mbedtls_lms_error_from_psa(status);
+    return PSA_TO_MBEDTLS_ERR(status);
 }
 
 /* Combine the hashes of the digit array into a public key. This is used in
@@ -386,9 +391,10 @@
         psa_hash_abort(&op);
     }
 
-    return mbedtls_lms_error_from_psa(status);
+    return PSA_TO_MBEDTLS_ERR(status);
 }
 
+#if !defined(MBEDTLS_DEPRECATED_REMOVED)
 int mbedtls_lms_error_from_psa(psa_status_t status)
 {
     switch (status) {
@@ -406,6 +412,7 @@
             return MBEDTLS_ERR_ERROR_GENERIC_ERROR;
     }
 }
+#endif /* !MBEDTLS_DEPRECATED_REMOVED */
 
 void mbedtls_lmots_public_init(mbedtls_lmots_public_t *ctx)
 {
@@ -682,7 +689,7 @@
 exit:
     psa_hash_abort(&op);
 
-    return mbedtls_lms_error_from_psa(status);
+    return PSA_TO_MBEDTLS_ERR(status);
 }
 
 int mbedtls_lmots_calculate_public_key(mbedtls_lmots_public_t *ctx,

diff --git a/library/lmots.h b/library/lmots.h
index deeeace..98d1941 100644
--- a/library/lmots.h
+++ b/library/lmots.h

@@ -79,6 +79,7 @@
 unsigned int mbedtls_lms_network_bytes_to_unsigned_int(size_t len,
                                                        const unsigned char *bytes);
 
+#if !defined(MBEDTLS_DEPRECATED_REMOVED)
 /**
  * \brief                    This function converts a \ref psa_status_t to a
  *                           low-level LMS error code.
@@ -87,8 +88,8 @@
  *
  * \return                   The corresponding LMS error code.
  */
-int mbedtls_lms_error_from_psa(psa_status_t status);
-
+int MBEDTLS_DEPRECATED mbedtls_lms_error_from_psa(psa_status_t status);
+#endif
 
 /**
  * \brief                    This function initializes a public LMOTS context

diff --git a/library/lms.c b/library/lms.c
index 76bcc19..acc3523 100644
--- a/library/lms.c
+++ b/library/lms.c

@@ -39,13 +39,17 @@
 #include "lmots.h"
 
 #include "psa/crypto.h"
-
+#include "mbedtls/psa_util.h"
 #include "mbedtls/lms.h"
 #include "mbedtls/error.h"
 #include "mbedtls/platform_util.h"
 
 #include "mbedtls/platform.h"
 
+#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status,   \
+                                                           psa_to_lms_errors,             \
+                                                           psa_generic_status_to_mbedtls)
+
 #define SIG_Q_LEAF_ID_OFFSET     (0)
 #define SIG_OTS_SIG_OFFSET       (SIG_Q_LEAF_ID_OFFSET + \
                                   MBEDTLS_LMOTS_Q_LEAF_ID_LEN)
@@ -140,7 +144,7 @@
 exit:
     psa_hash_abort(&op);
 
-    return mbedtls_lms_error_from_psa(status);
+    return PSA_TO_MBEDTLS_ERR(status);
 }
 
 /* Calculate the value of an internal node of the Merkle tree (which is a hash
@@ -220,7 +224,7 @@
 exit:
     psa_hash_abort(&op);
 
-    return mbedtls_lms_error_from_psa(status);
+    return PSA_TO_MBEDTLS_ERR(status);
 }
 
 void mbedtls_lms_public_init(mbedtls_lms_public_t *ctx)

diff --git a/library/pem.c b/library/pem.c
index 8044ed6..9f14052 100644
--- a/library/pem.c
+++ b/library/pem.c

@@ -39,6 +39,13 @@
 #include "psa/crypto.h"
 #endif
 
+#if !defined(MBEDTLS_MD5_C)
+#include "mbedtls/psa_util.h"
+#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status,          \
+                                                           psa_to_md_errors,                     \
+                                                           psa_generic_status_to_mbedtls)
+#endif
+
 #include "mbedtls/legacy_or_psa.h"
 
 #if defined(MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA) &&  \
@@ -236,7 +243,7 @@
 exit:
     mbedtls_platform_zeroize(md5sum, 16);
 
-    return mbedtls_md_error_from_psa(status);
+    return PSA_TO_MBEDTLS_ERR(status);
 }
 #endif /* MBEDTLS_MD5_C */
 

diff --git a/library/pk.c b/library/pk.c
index 05afdbc..5e18ad2 100644
--- a/library/pk.c
+++ b/library/pk.c

@@ -41,6 +41,13 @@
 
 #if defined(MBEDTLS_PSA_CRYPTO_C)
 #include "mbedtls/psa_util.h"
+#define PSA_PK_TO_MBEDTLS_ERR(status) psa_pk_status_to_mbedtls(status)
+#define PSA_PK_RSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status,     \
+                                                                  psa_to_pk_rsa_errors,            \
+                                                                  psa_pk_status_to_mbedtls)
+#define PSA_PK_ECDSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status,   \
+                                                                    psa_to_pk_ecdsa_errors,        \
+                                                                    psa_pk_status_to_mbedtls)
 #endif
 
 #include <limits.h>
@@ -540,7 +547,7 @@
                                 &key_id);
         if (status != PSA_SUCCESS) {
             psa_destroy_key(key_id);
-            return mbedtls_pk_error_from_psa(status);
+            return PSA_PK_TO_MBEDTLS_ERR(status);
         }
 
         /* This function requires returning MBEDTLS_ERR_PK_SIG_LEN_MISMATCH
@@ -562,7 +569,7 @@
             status = destruction_status;
         }
 
-        return mbedtls_pk_error_from_psa_rsa(status);
+        return PSA_PK_RSA_TO_MBEDTLS_ERR(status);
     } else
 #endif
     {
@@ -700,7 +707,7 @@
         status = psa_sign_hash(*key, PSA_ALG_RSA_PSS(psa_md_alg),
                                hash, hash_len,
                                sig, sig_size, sig_len);
-        return mbedtls_pk_error_from_psa_rsa(status);
+        return PSA_PK_RSA_TO_MBEDTLS_ERR(status);
     }
 
     return mbedtls_pk_psa_rsa_sign_ext(PSA_ALG_RSA_PSS(psa_md_alg),
@@ -896,7 +903,7 @@
         /* import private key into PSA */
         status = psa_import_key(&attributes, d, d_len, key);
         if (status != PSA_SUCCESS) {
-            return mbedtls_pk_error_from_psa(status);
+            return PSA_PK_TO_MBEDTLS_ERR(status);
         }
 
         /* make PK context wrap the key slot */
@@ -936,7 +943,7 @@
         mbedtls_platform_zeroize(buf, sizeof(buf));
 
         if (status != PSA_SUCCESS) {
-            return mbedtls_pk_error_from_psa(status);
+            return PSA_PK_TO_MBEDTLS_ERR(status);
         }
 
         /* make PK context wrap the key slot */

diff --git a/library/pk_wrap.c b/library/pk_wrap.c
index 45cf807..0396210 100644
--- a/library/pk_wrap.c
+++ b/library/pk_wrap.c

@@ -40,9 +40,19 @@
 #include "pkwrite.h"
 #endif
 
+#if defined(MBEDTLS_PSA_CRYPTO_C)
+#include "mbedtls/psa_util.h"
+#define PSA_PK_TO_MBEDTLS_ERR(status) psa_pk_status_to_mbedtls(status)
+#define PSA_PK_RSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status,     \
+                                                                  psa_to_pk_rsa_errors,            \
+                                                                  psa_pk_status_to_mbedtls)
+#define PSA_PK_ECDSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status,   \
+                                                                    psa_to_pk_ecdsa_errors,        \
+                                                                    psa_pk_status_to_mbedtls)
+#endif
+
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
 #include "psa/crypto.h"
-#include "mbedtls/psa_util.h"
 #include "hash_info.h"
 
 #if defined(MBEDTLS_PK_CAN_ECDSA_SOME)
@@ -57,6 +67,7 @@
 #include <stdint.h>
 #include <string.h>
 
+#if !defined(MBEDTLS_DEPRECATED_REMOVED)
 #if defined(MBEDTLS_PSA_CRYPTO_C)
 int mbedtls_pk_error_from_psa(psa_status_t status)
 {
@@ -113,11 +124,9 @@
     }
 }
 #endif /* PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY || PSA_WANT_KEY_TYPE_RSA_KEY_PAIR */
-
 #endif /* MBEDTLS_PSA_CRYPTO_C */
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-
 #if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
 int mbedtls_pk_error_from_psa_ecdsa(psa_status_t status)
 {
@@ -138,8 +147,8 @@
     }
 }
 #endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */
-
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
+#endif /* !MBEDTLS_DEPRECATED_REMOVED */
 
 #if defined(MBEDTLS_RSA_C)
 static int rsa_can_do(mbedtls_pk_type_t type)
@@ -196,14 +205,14 @@
                             buf + sizeof(buf) - key_len, key_len,
                             &key_id);
     if (status != PSA_SUCCESS) {
-        ret = mbedtls_pk_error_from_psa(status);
+        ret = PSA_PK_TO_MBEDTLS_ERR(status);
         goto cleanup;
     }
 
     status = psa_verify_hash(key_id, psa_alg_md, hash, hash_len,
                              sig, sig_len);
     if (status != PSA_SUCCESS) {
-        ret = mbedtls_pk_error_from_psa_rsa(status);
+        ret = PSA_PK_RSA_TO_MBEDTLS_ERR(status);
         goto cleanup;
     }
     ret = 0;
@@ -211,7 +220,7 @@
 cleanup:
     status = psa_destroy_key(key_id);
     if (ret == 0 && status != PSA_SUCCESS) {
-        ret = mbedtls_pk_error_from_psa(status);
+        ret = PSA_PK_TO_MBEDTLS_ERR(status);
     }
 
     return ret;
@@ -289,13 +298,13 @@
                             buf + sizeof(buf) - key_len, key_len,
                             &key_id);
     if (status != PSA_SUCCESS) {
-        ret = mbedtls_pk_error_from_psa(status);
+        ret = PSA_PK_TO_MBEDTLS_ERR(status);
         goto cleanup;
     }
     status = psa_sign_hash(key_id, alg, hash, hash_len,
                            sig, sig_size, sig_len);
     if (status != PSA_SUCCESS) {
-        ret = mbedtls_pk_error_from_psa_rsa(status);
+        ret = PSA_PK_RSA_TO_MBEDTLS_ERR(status);
         goto cleanup;
     }
 
@@ -304,7 +313,7 @@
 cleanup:
     status = psa_destroy_key(key_id);
     if (ret == 0 && status != PSA_SUCCESS) {
-        ret = mbedtls_pk_error_from_psa(status);
+        ret = PSA_PK_TO_MBEDTLS_ERR(status);
     }
     return ret;
 }
@@ -398,7 +407,7 @@
                             buf + sizeof(buf) - key_len, key_len,
                             &key_id);
     if (status != PSA_SUCCESS) {
-        ret = mbedtls_pk_error_from_psa(status);
+        ret = PSA_PK_TO_MBEDTLS_ERR(status);
         goto cleanup;
     }
 
@@ -407,7 +416,7 @@
                                     NULL, 0,
                                     output, osize, olen);
     if (status != PSA_SUCCESS) {
-        ret = mbedtls_pk_error_from_psa_rsa(status);
+        ret = PSA_PK_RSA_TO_MBEDTLS_ERR(status);
         goto cleanup;
     }
 
@@ -417,7 +426,7 @@
     mbedtls_platform_zeroize(buf, sizeof(buf));
     status = psa_destroy_key(key_id);
     if (ret == 0 && status != PSA_SUCCESS) {
-        ret = mbedtls_pk_error_from_psa(status);
+        ret = PSA_PK_TO_MBEDTLS_ERR(status);
     }
 
     return ret;
@@ -484,7 +493,7 @@
                             buf + sizeof(buf) - key_len, key_len,
                             &key_id);
     if (status != PSA_SUCCESS) {
-        ret = mbedtls_pk_error_from_psa(status);
+        ret = PSA_PK_TO_MBEDTLS_ERR(status);
         goto cleanup;
     }
 
@@ -493,7 +502,7 @@
                                     NULL, 0,
                                     output, osize, olen);
     if (status != PSA_SUCCESS) {
-        ret = mbedtls_pk_error_from_psa_rsa(status);
+        ret = PSA_PK_RSA_TO_MBEDTLS_ERR(status);
         goto cleanup;
     }
 
@@ -502,7 +511,7 @@
 cleanup:
     status = psa_destroy_key(key_id);
     if (ret == 0 && status != PSA_SUCCESS) {
-        ret = mbedtls_pk_error_from_psa(status);
+        ret = PSA_PK_TO_MBEDTLS_ERR(status);
     }
 
     return ret;
@@ -716,7 +725,7 @@
                             buf, key_len,
                             &key_id);
     if (status != PSA_SUCCESS) {
-        ret = mbedtls_pk_error_from_psa(status);
+        ret = PSA_PK_TO_MBEDTLS_ERR(status);
         goto cleanup;
     }
 
@@ -737,7 +746,7 @@
                              hash, hash_len,
                              buf, 2 * signature_part_size);
     if (status != PSA_SUCCESS) {
-        ret = mbedtls_pk_error_from_psa_ecdsa(status);
+        ret = PSA_PK_ECDSA_TO_MBEDTLS_ERR(status);
         goto cleanup;
     }
 
@@ -750,7 +759,7 @@
 cleanup:
     status = psa_destroy_key(key_id);
     if (ret == 0 && status != PSA_SUCCESS) {
-        ret = mbedtls_pk_error_from_psa(status);
+        ret = PSA_PK_TO_MBEDTLS_ERR(status);
     }
 
     return ret;
@@ -908,14 +917,14 @@
                             buf, key_len,
                             &key_id);
     if (status != PSA_SUCCESS) {
-        ret = mbedtls_pk_error_from_psa(status);
+        ret = PSA_PK_TO_MBEDTLS_ERR(status);
         goto cleanup;
     }
 
     status = psa_sign_hash(key_id, psa_sig_md, hash, hash_len,
                            sig, sig_size, sig_len);
     if (status != PSA_SUCCESS) {
-        ret = mbedtls_pk_error_from_psa_ecdsa(status);
+        ret = PSA_PK_ECDSA_TO_MBEDTLS_ERR(status);
         goto cleanup;
     }
 
@@ -925,7 +934,7 @@
     mbedtls_platform_zeroize(buf, sizeof(buf));
     status = psa_destroy_key(key_id);
     if (ret == 0 && status != PSA_SUCCESS) {
-        ret = mbedtls_pk_error_from_psa(status);
+        ret = PSA_PK_TO_MBEDTLS_ERR(status);
     }
 
     return ret;
@@ -1448,7 +1457,7 @@
 
     status = psa_get_key_attributes(*key, &attributes);
     if (status != PSA_SUCCESS) {
-        return mbedtls_pk_error_from_psa(status);
+        return PSA_PK_TO_MBEDTLS_ERR(status);
     }
 
     type = psa_get_key_type(&attributes);
@@ -1472,15 +1481,15 @@
     if (status != PSA_SUCCESS) {
 #if defined(MBEDTLS_PK_CAN_ECDSA_SIGN)
         if (PSA_KEY_TYPE_IS_ECC_KEY_PAIR(type)) {
-            return mbedtls_pk_error_from_psa_ecdsa(status);
+            return PSA_PK_ECDSA_TO_MBEDTLS_ERR(status);
         } else
 #endif /* MBEDTLS_PK_CAN_ECDSA_SIGN */
 #if defined(MBEDTLS_RSA_C)
         if (PSA_KEY_TYPE_IS_RSA(type)) {
-            return mbedtls_pk_error_from_psa_rsa(status);
+            return PSA_PK_RSA_TO_MBEDTLS_ERR(status);
         } else
 #endif /* MBEDTLS_RSA_C */
-        return mbedtls_pk_error_from_psa(status);
+        return PSA_PK_TO_MBEDTLS_ERR(status);
     }
 
 #if defined(MBEDTLS_PK_CAN_ECDSA_SIGN)
@@ -1535,7 +1544,7 @@
                                     NULL, 0,
                                     output, osize, olen);
     if (status != PSA_SUCCESS) {
-        return mbedtls_pk_error_from_psa_rsa(status);
+        return PSA_PK_RSA_TO_MBEDTLS_ERR(status);
     }
 
     return 0;

diff --git a/library/pk_wrap.h b/library/pk_wrap.h
index 7df9608..c5cd4df 100644
--- a/library/pk_wrap.h
+++ b/library/pk_wrap.h

@@ -137,26 +137,30 @@
 extern const mbedtls_pk_info_t mbedtls_pk_ecdsa_opaque_info;
 extern const mbedtls_pk_info_t mbedtls_pk_rsa_opaque_info;
 
+#if !defined(MBEDTLS_DEPRECATED_REMOVED)
 #if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
-int mbedtls_pk_error_from_psa_ecdsa(psa_status_t status);
+int MBEDTLS_DEPRECATED mbedtls_pk_error_from_psa_ecdsa(psa_status_t status);
+#endif
 #endif
 
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 
 #if defined(MBEDTLS_PSA_CRYPTO_C)
-int mbedtls_pk_error_from_psa(psa_status_t status);
+#if !defined(MBEDTLS_DEPRECATED_REMOVED)
+int MBEDTLS_DEPRECATED mbedtls_pk_error_from_psa(psa_status_t status);
 
 #if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) ||    \
     defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR)
-int mbedtls_pk_error_from_psa_rsa(psa_status_t status);
+int MBEDTLS_DEPRECATED mbedtls_pk_error_from_psa_rsa(psa_status_t status);
 #endif /* PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY || PSA_WANT_KEY_TYPE_RSA_KEY_PAIR */
+#endif /* !MBEDTLS_DEPRECATED_REMOVED */
 
 #if defined(MBEDTLS_RSA_C)
-int  mbedtls_pk_psa_rsa_sign_ext(psa_algorithm_t psa_alg_md,
-                                 mbedtls_rsa_context *rsa_ctx,
-                                 const unsigned char *hash, size_t hash_len,
-                                 unsigned char *sig, size_t sig_size,
-                                 size_t *sig_len);
+int mbedtls_pk_psa_rsa_sign_ext(psa_algorithm_t psa_alg_md,
+                                mbedtls_rsa_context *rsa_ctx,
+                                const unsigned char *hash, size_t hash_len,
+                                unsigned char *sig, size_t sig_size,
+                                size_t *sig_len);
 #endif /* MBEDTLS_RSA_C */
 
 #endif /* MBEDTLS_PSA_CRYPTO_C */

diff --git a/library/pkcs12.c b/library/pkcs12.c
index f5ab742..8521483 100644
--- a/library/pkcs12.c
+++ b/library/pkcs12.c

@@ -35,6 +35,13 @@
 
 #include <string.h>
 
+#if !defined(MBEDTLS_MD_C)
+#include "mbedtls/psa_util.h"
+#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status,   \
+                                                           psa_to_md_errors,              \
+                                                           psa_generic_status_to_mbedtls)
+#endif
+
 #if defined(MBEDTLS_DES_C)
 #include "mbedtls/des.h"
 #endif
@@ -328,7 +335,7 @@
     if (status == PSA_SUCCESS) {
         status = status_abort;
     }
-    return mbedtls_md_error_from_psa(status);
+    return PSA_TO_MBEDTLS_ERR(status);
 #endif /* !MBEDTLS_MD_C */
 }
 

diff --git a/library/pkcs5.c b/library/pkcs5.c
index 4e71dd3..f471b63 100644
--- a/library/pkcs5.c
+++ b/library/pkcs5.c

@@ -47,6 +47,12 @@
 #include "hash_info.h"
 #include "mbedtls/psa_util.h"
 
+#if !defined(MBEDTLS_MD_C)
+#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status,   \
+                                                           psa_to_md_errors,              \
+                                                           psa_generic_status_to_mbedtls)
+#endif
+
 #if defined(MBEDTLS_ASN1_PARSE_C)
 static int pkcs5_parse_pbkdf2_params(const mbedtls_asn1_buf *params,
                                      mbedtls_asn1_buf *salt, int *iterations,
@@ -452,7 +458,7 @@
         status = status_destruction;
     }
 
-    return mbedtls_md_error_from_psa(status);
+    return PSA_TO_MBEDTLS_ERR(status);
 #endif /* !MBEDTLS_MD_C */
 }
 

diff --git a/library/psa_util.c b/library/psa_util.c
new file mode 100644
index 0000000..7d0b8a2
--- /dev/null
+++ b/library/psa_util.c

@@ -0,0 +1,150 @@
+/*
+ *  PSA hashing layer on top of Mbed TLS software crypto
+ */
+/*
+ *  Copyright The Mbed TLS Contributors
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+
+#include "common.h"
+
+#if defined(MBEDTLS_PSA_CRYPTO_C)
+
+#include <psa/crypto.h>
+
+#include "psa_crypto_core.h"
+#include <mbedtls/psa_util.h>
+#include <mbedtls/error.h>
+#include <mbedtls/lms.h>
+#include <mbedtls/ssl.h>
+#include <mbedtls/rsa.h>
+
+/* PSA_SUCCESS is kept at the top of each error table since
+ * it's the most common status when everything functions properly. */
+#if !defined(MBEDTLS_MD_C) || !defined(MBEDTLS_MD5_C)
+psa_status_t psa_to_md_errors[] =
+{
+    PSA_SUCCESS,                     0,
+    PSA_ERROR_NOT_SUPPORTED,         MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE,
+    PSA_ERROR_INVALID_ARGUMENT,      MBEDTLS_ERR_MD_BAD_INPUT_DATA,
+    PSA_ERROR_INSUFFICIENT_MEMORY,   MBEDTLS_ERR_MD_ALLOC_FAILED
+};
+#endif
+#if defined(MBEDTLS_LMS_C)
+psa_status_t psa_to_lms_errors[] =
+{
+    PSA_SUCCESS,                     0,
+    PSA_ERROR_BUFFER_TOO_SMALL,      MBEDTLS_ERR_LMS_BUFFER_TOO_SMALL,
+    PSA_ERROR_INVALID_ARGUMENT,      MBEDTLS_ERR_LMS_BAD_INPUT_DATA
+};
+#endif
+#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
+psa_status_t psa_to_ssl_errors[] =
+{
+    PSA_SUCCESS,                     0,
+    PSA_ERROR_INSUFFICIENT_MEMORY,   MBEDTLS_ERR_SSL_ALLOC_FAILED,
+    PSA_ERROR_NOT_SUPPORTED,         MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE,
+    PSA_ERROR_INVALID_SIGNATURE,     MBEDTLS_ERR_SSL_INVALID_MAC,
+    PSA_ERROR_INVALID_ARGUMENT,      MBEDTLS_ERR_SSL_BAD_INPUT_DATA,
+    PSA_ERROR_BAD_STATE,             MBEDTLS_ERR_SSL_INTERNAL_ERROR,
+    PSA_ERROR_BUFFER_TOO_SMALL,      MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL
+};
+#endif
+
+#if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) ||    \
+    defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR)
+psa_status_t psa_to_pk_rsa_errors[] =
+{
+    PSA_SUCCESS,                     0,
+    PSA_ERROR_NOT_PERMITTED,         MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+    PSA_ERROR_INVALID_ARGUMENT,      MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+    PSA_ERROR_INVALID_HANDLE,        MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
+    PSA_ERROR_BUFFER_TOO_SMALL,      MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE,
+    PSA_ERROR_INSUFFICIENT_ENTROPY,  MBEDTLS_ERR_RSA_RNG_FAILED,
+    PSA_ERROR_INVALID_SIGNATURE,     MBEDTLS_ERR_RSA_VERIFY_FAILED,
+    PSA_ERROR_INVALID_PADDING,       MBEDTLS_ERR_RSA_INVALID_PADDING
+};
+#endif
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO) && \
+    defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
+psa_status_t psa_to_pk_ecdsa_errors[] =
+{
+    PSA_SUCCESS,                     0,
+    PSA_ERROR_NOT_PERMITTED,         MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+    PSA_ERROR_INVALID_ARGUMENT,      MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+    PSA_ERROR_INVALID_HANDLE,        MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE,
+    PSA_ERROR_BUFFER_TOO_SMALL,      MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL,
+    PSA_ERROR_INSUFFICIENT_ENTROPY,  MBEDTLS_ERR_ECP_RANDOM_FAILED,
+    PSA_ERROR_INVALID_SIGNATURE,     MBEDTLS_ERR_ECP_VERIFY_FAILED
+};
+#endif
+
+int psa_generic_status_to_mbedtls(psa_status_t status)
+{
+    switch (status) {
+        case PSA_SUCCESS:
+            return 0;
+        case PSA_ERROR_NOT_SUPPORTED:
+            return MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED;
+        case PSA_ERROR_CORRUPTION_DETECTED:
+            return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+        case PSA_ERROR_COMMUNICATION_FAILURE:
+        case PSA_ERROR_HARDWARE_FAILURE:
+            return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED;
+        case PSA_ERROR_NOT_PERMITTED:
+        default:
+            return MBEDTLS_ERR_ERROR_GENERIC_ERROR;
+    }
+}
+
+int psa_status_to_mbedtls(psa_status_t status,
+                          psa_status_t *local_translations,
+                          size_t local_errors_size,
+                          int (*fallback_f)(psa_status_t))
+{
+    size_t local_errors_num = (size_t) local_errors_size / 2;
+    for (size_t i = 0; i < local_errors_num; i++) {
+        if (status == local_translations[2 * i]) {
+            return local_translations[2 * i + 1];
+        }
+    }
+    return fallback_f(status);
+}
+
+int psa_pk_status_to_mbedtls(psa_status_t status)
+{
+    switch (status) {
+        case PSA_ERROR_INVALID_HANDLE:
+            return MBEDTLS_ERR_PK_KEY_INVALID_FORMAT;
+        case PSA_ERROR_BUFFER_TOO_SMALL:
+            return MBEDTLS_ERR_PK_BUFFER_TOO_SMALL;
+        case PSA_ERROR_NOT_SUPPORTED:
+            return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
+        case PSA_ERROR_INVALID_ARGUMENT:
+            return MBEDTLS_ERR_PK_INVALID_ALG;
+        case PSA_ERROR_INSUFFICIENT_MEMORY:
+            return MBEDTLS_ERR_PK_ALLOC_FAILED;
+        case PSA_ERROR_BAD_STATE:
+            return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
+        case PSA_ERROR_DATA_CORRUPT:
+        case PSA_ERROR_DATA_INVALID:
+        case PSA_ERROR_STORAGE_FAILURE:
+            return MBEDTLS_ERR_PK_FILE_IO_ERROR;
+        default:
+            return psa_generic_status_to_mbedtls(status);
+    }
+}
+#endif /* MBEDTLS_PSA_CRYPTO_C */

diff --git a/library/rsa.c b/library/rsa.c
index df7d797..7159588 100644
--- a/library/rsa.c
+++ b/library/rsa.c

@@ -60,7 +60,10 @@
 #if !defined(MBEDTLS_MD_C)
 #include "psa/crypto.h"
 #include "mbedtls/psa_util.h"
-#endif /* MBEDTLS_MD_C */
+#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status,   \
+                                                           psa_to_md_errors,              \
+                                                           psa_generic_status_to_mbedtls)
+#endif /* !MBEDTLS_MD_C */
 #endif /* MBEDTLS_PKCS1_V21 */
 
 #include "mbedtls/platform.h"
@@ -1156,7 +1159,7 @@
 #else
     psa_hash_abort(&op);
 
-    return mbedtls_md_error_from_psa(status);
+    return PSA_TO_MBEDTLS_ERR(status);
 #endif
 }
 
@@ -1236,7 +1239,7 @@
 exit:
     psa_hash_abort(&op);
 
-    return mbedtls_md_error_from_psa(status);
+    return PSA_TO_MBEDTLS_ERR(status);
 #endif /* !MBEDTLS_MD_C */
 }
 
@@ -1269,7 +1272,7 @@
 
     status = psa_hash_compute(alg, input, ilen, output, out_size, &out_len);
 
-    return mbedtls_md_error_from_psa(status);
+    return PSA_TO_MBEDTLS_ERR(status);
 #endif /* !MBEDTLS_MD_C */
 }
 #endif /* MBEDTLS_PKCS1_V21 */

diff --git a/library/ssl_cookie.c b/library/ssl_cookie.c
index b7eead4..ef4d188 100644
--- a/library/ssl_cookie.c
+++ b/library/ssl_cookie.c

@@ -37,6 +37,12 @@
 
 #include <string.h>
 
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status,   \
+                                                           psa_to_ssl_errors,             \
+                                                           psa_generic_status_to_mbedtls)
+#endif
+
 /*
  * If DTLS is in use, then at least one of SHA-256 or SHA-384 is
  * available. Try SHA-256 first as 384 wastes resources
@@ -126,7 +132,7 @@
 
     if ((status = psa_generate_key(&attributes,
                                    &ctx->psa_hmac_key)) != PSA_SUCCESS) {
-        return psa_ssl_status_to_mbedtls(status);
+        return PSA_TO_MBEDTLS_ERR(status);
     }
 #else
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@@ -215,26 +221,26 @@
     status = psa_mac_sign_setup(&operation, ctx->psa_hmac_key,
                                 ctx->psa_hmac_alg);
     if (status != PSA_SUCCESS) {
-        ret = psa_ssl_status_to_mbedtls(status);
+        ret = PSA_TO_MBEDTLS_ERR(status);
         goto exit;
     }
 
     status = psa_mac_update(&operation, *p - 4, 4);
     if (status != PSA_SUCCESS) {
-        ret = psa_ssl_status_to_mbedtls(status);
+        ret = PSA_TO_MBEDTLS_ERR(status);
         goto exit;
     }
 
     status = psa_mac_update(&operation, cli_id, cli_id_len);
     if (status != PSA_SUCCESS) {
-        ret = psa_ssl_status_to_mbedtls(status);
+        ret = PSA_TO_MBEDTLS_ERR(status);
         goto exit;
     }
 
     status = psa_mac_sign_finish(&operation, *p, COOKIE_MD_OUTLEN,
                                  &sign_mac_length);
     if (status != PSA_SUCCESS) {
-        ret = psa_ssl_status_to_mbedtls(status);
+        ret = PSA_TO_MBEDTLS_ERR(status);
         goto exit;
     }
 
@@ -263,7 +269,7 @@
 exit:
     status = psa_mac_abort(&operation);
     if (status != PSA_SUCCESS) {
-        ret = psa_ssl_status_to_mbedtls(status);
+        ret = PSA_TO_MBEDTLS_ERR(status);
     }
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
     return ret;
@@ -299,27 +305,27 @@
     status = psa_mac_verify_setup(&operation, ctx->psa_hmac_key,
                                   ctx->psa_hmac_alg);
     if (status != PSA_SUCCESS) {
-        ret = psa_ssl_status_to_mbedtls(status);
+        ret = PSA_TO_MBEDTLS_ERR(status);
         goto exit;
     }
 
     status = psa_mac_update(&operation, cookie, 4);
     if (status != PSA_SUCCESS) {
-        ret = psa_ssl_status_to_mbedtls(status);
+        ret = PSA_TO_MBEDTLS_ERR(status);
         goto exit;
     }
 
     status = psa_mac_update(&operation, cli_id,
                             cli_id_len);
     if (status != PSA_SUCCESS) {
-        ret = psa_ssl_status_to_mbedtls(status);
+        ret = PSA_TO_MBEDTLS_ERR(status);
         goto exit;
     }
 
     status = psa_mac_verify_finish(&operation, cookie + 4,
                                    COOKIE_HMAC_LEN);
     if (status != PSA_SUCCESS) {
-        ret = psa_ssl_status_to_mbedtls(status);
+        ret = PSA_TO_MBEDTLS_ERR(status);
         goto exit;
     }
 
@@ -374,7 +380,7 @@
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
     status = psa_mac_abort(&operation);
     if (status != PSA_SUCCESS) {
-        ret = psa_ssl_status_to_mbedtls(status);
+        ret = PSA_TO_MBEDTLS_ERR(status);
     }
 #else
     mbedtls_platform_zeroize(ref_hmac, sizeof(ref_hmac));

diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 7385c6e..7d08ef4 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h

@@ -2514,6 +2514,7 @@
                                        psa_key_type_t *key_type,
                                        size_t *key_size);
 
+#if !defined(MBEDTLS_DEPRECATED_REMOVED)
 /**
  * \brief       Convert given PSA status to mbedtls error code.
  *
@@ -2521,7 +2522,7 @@
  *
  * \return             corresponding mbedtls error code
  */
-static inline int psa_ssl_status_to_mbedtls(psa_status_t status)
+static inline MBEDTLS_DEPRECATED int psa_ssl_status_to_mbedtls(psa_status_t status)
 {
     switch (status) {
         case PSA_SUCCESS:
@@ -2542,6 +2543,7 @@
             return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED;
     }
 }
+#endif /* !MBEDTLS_DEPRECATED_REMOVED */
 #endif /* MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3 */
 
 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \

diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index d26d950..1cad588 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c

@@ -48,6 +48,12 @@
 #include "mbedtls/oid.h"
 #endif
 
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status,   \
+                                                           psa_to_ssl_errors,             \
+                                                           psa_generic_status_to_mbedtls)
+#endif
+
 static uint32_t ssl_get_hs_total_len(mbedtls_ssl_context const *ssl);
 
 /*
@@ -879,10 +885,10 @@
 hmac_failed_etm_disabled:
         mbedtls_platform_zeroize(mac, transform->maclen);
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-        ret = psa_ssl_status_to_mbedtls(status);
+        ret = PSA_TO_MBEDTLS_ERR(status);
         status = psa_mac_abort(&operation);
         if (ret == 0 && status != PSA_SUCCESS) {
-            ret = psa_ssl_status_to_mbedtls(status);
+            ret = PSA_TO_MBEDTLS_ERR(status);
         }
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
         if (ret != 0) {
@@ -979,7 +985,7 @@
                                   &rec->data_len);
 
         if (status != PSA_SUCCESS) {
-            ret = psa_ssl_status_to_mbedtls(status);
+            ret = PSA_TO_MBEDTLS_ERR(status);
             MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_encrypt_buf", ret);
             return ret;
         }
@@ -1089,7 +1095,7 @@
                                           transform->psa_key_enc, transform->psa_alg);
 
         if (status != PSA_SUCCESS) {
-            ret = psa_ssl_status_to_mbedtls(status);
+            ret = PSA_TO_MBEDTLS_ERR(status);
             MBEDTLS_SSL_DEBUG_RET(1, "psa_cipher_encrypt_setup", ret);
             return ret;
         }
@@ -1097,7 +1103,7 @@
         status = psa_cipher_set_iv(&cipher_op, transform->iv_enc, transform->ivlen);
 
         if (status != PSA_SUCCESS) {
-            ret = psa_ssl_status_to_mbedtls(status);
+            ret = PSA_TO_MBEDTLS_ERR(status);
             MBEDTLS_SSL_DEBUG_RET(1, "psa_cipher_set_iv", ret);
             return ret;
 
@@ -1108,7 +1114,7 @@
                                    data, rec->data_len, &olen);
 
         if (status != PSA_SUCCESS) {
-            ret = psa_ssl_status_to_mbedtls(status);
+            ret = PSA_TO_MBEDTLS_ERR(status);
             MBEDTLS_SSL_DEBUG_RET(1, "psa_cipher_update", ret);
             return ret;
 
@@ -1119,7 +1125,7 @@
                                    &part_len);
 
         if (status != PSA_SUCCESS) {
-            ret = psa_ssl_status_to_mbedtls(status);
+            ret = PSA_TO_MBEDTLS_ERR(status);
             MBEDTLS_SSL_DEBUG_RET(1, "psa_cipher_finish", ret);
             return ret;
 
@@ -1222,10 +1228,10 @@
 hmac_failed_etm_enabled:
             mbedtls_platform_zeroize(mac, transform->maclen);
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-            ret = psa_ssl_status_to_mbedtls(status);
+            ret = PSA_TO_MBEDTLS_ERR(status);
             status = psa_mac_abort(&operation);
             if (ret == 0 && status != PSA_SUCCESS) {
-                ret = psa_ssl_status_to_mbedtls(status);
+                ret = PSA_TO_MBEDTLS_ERR(status);
             }
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
             if (ret != 0) {
@@ -1399,7 +1405,7 @@
                                   &olen);
 
         if (status != PSA_SUCCESS) {
-            ret = psa_ssl_status_to_mbedtls(status);
+            ret = PSA_TO_MBEDTLS_ERR(status);
             MBEDTLS_SSL_DEBUG_RET(1, "psa_aead_decrypt", ret);
             return ret;
         }
@@ -1571,10 +1577,10 @@
 
 hmac_failed_etm_enabled:
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-            ret = psa_ssl_status_to_mbedtls(status);
+            ret = PSA_TO_MBEDTLS_ERR(status);
             status = psa_mac_abort(&operation);
             if (ret == 0 && status != PSA_SUCCESS) {
-                ret = psa_ssl_status_to_mbedtls(status);
+                ret = PSA_TO_MBEDTLS_ERR(status);
             }
 #else
             mbedtls_platform_zeroize(mac_expect, transform->maclen);
@@ -1621,7 +1627,7 @@
                                           transform->psa_key_dec, transform->psa_alg);
 
         if (status != PSA_SUCCESS) {
-            ret = psa_ssl_status_to_mbedtls(status);
+            ret = PSA_TO_MBEDTLS_ERR(status);
             MBEDTLS_SSL_DEBUG_RET(1, "psa_cipher_decrypt_setup", ret);
             return ret;
         }
@@ -1629,7 +1635,7 @@
         status = psa_cipher_set_iv(&cipher_op, transform->iv_dec, transform->ivlen);
 
         if (status != PSA_SUCCESS) {
-            ret = psa_ssl_status_to_mbedtls(status);
+            ret = PSA_TO_MBEDTLS_ERR(status);
             MBEDTLS_SSL_DEBUG_RET(1, "psa_cipher_set_iv", ret);
             return ret;
         }
@@ -1639,7 +1645,7 @@
                                    data, rec->data_len, &olen);
 
         if (status != PSA_SUCCESS) {
-            ret = psa_ssl_status_to_mbedtls(status);
+            ret = PSA_TO_MBEDTLS_ERR(status);
             MBEDTLS_SSL_DEBUG_RET(1, "psa_cipher_update", ret);
             return ret;
         }
@@ -1649,7 +1655,7 @@
                                    &part_len);
 
         if (status != PSA_SUCCESS) {
-            ret = psa_ssl_status_to_mbedtls(status);
+            ret = PSA_TO_MBEDTLS_ERR(status);
             MBEDTLS_SSL_DEBUG_RET(1, "psa_cipher_finish", ret);
             return ret;
         }

diff --git a/library/ssl_ticket.c b/library/ssl_ticket.c
index ba9dbd5..7d07d19 100644
--- a/library/ssl_ticket.c
+++ b/library/ssl_ticket.c

@@ -30,6 +30,12 @@
 
 #include <string.h>
 
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status,   \
+                                                           psa_to_ssl_errors,             \
+                                                           psa_generic_status_to_mbedtls)
+#endif
+
 /*
  * Initialize context
  */
@@ -91,7 +97,7 @@
     psa_set_key_type(&attributes, key->key_type);
     psa_set_key_bits(&attributes, key->key_bits);
 
-    ret = psa_ssl_status_to_mbedtls(
+    ret = PSA_TO_MBEDTLS_ERR(
         psa_import_key(&attributes, buf,
                        PSA_BITS_TO_BYTES(key->key_bits),
                        &key->key));
@@ -133,7 +139,7 @@
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
         if ((status = psa_destroy_key(ctx->keys[ctx->active].key)) != PSA_SUCCESS) {
-            return psa_ssl_status_to_mbedtls(status);
+            return PSA_TO_MBEDTLS_ERR(status);
         }
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 
@@ -169,7 +175,7 @@
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
     if ((status = psa_destroy_key(key->key)) != PSA_SUCCESS) {
-        ret = psa_ssl_status_to_mbedtls(status);
+        ret = PSA_TO_MBEDTLS_ERR(status);
         return ret;
     }
 
@@ -182,7 +188,7 @@
     if ((status = psa_import_key(&attributes, k,
                                  PSA_BITS_TO_BYTES(key->key_bits),
                                  &key->key)) != PSA_SUCCESS) {
-        ret = psa_ssl_status_to_mbedtls(status);
+        ret = PSA_TO_MBEDTLS_ERR(status);
         return ret;
     }
 #else
@@ -355,7 +361,7 @@
                                    state, clear_len,
                                    state, end - state,
                                    &ciph_len)) != PSA_SUCCESS) {
-        ret = psa_ssl_status_to_mbedtls(status);
+        ret = PSA_TO_MBEDTLS_ERR(status);
         goto cleanup;
     }
 #else
@@ -465,7 +471,7 @@
                                    key_name, TICKET_ADD_DATA_LEN,
                                    ticket, enc_len + TICKET_AUTH_TAG_BYTES,
                                    ticket, enc_len, &clear_len)) != PSA_SUCCESS) {
-        ret = psa_ssl_status_to_mbedtls(status);
+        ret = PSA_TO_MBEDTLS_ERR(status);
         goto cleanup;
     }
 #else

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 441089f..e8f1750 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c

@@ -52,6 +52,12 @@
 #include "mbedtls/oid.h"
 #endif
 
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \
+                                                           psa_to_ssl_errors, \
+                                                           psa_generic_status_to_mbedtls)
+#endif
+
 #if defined(MBEDTLS_TEST_HOOKS)
 static mbedtls_ssl_chk_buf_ptr_args chk_buf_ptr_fail_args;
 
@@ -5759,7 +5765,7 @@
     !defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
     (void) ssl;
 #endif
-    return psa_ssl_status_to_mbedtls(status);
+    return PSA_TO_MBEDTLS_ERR(status);
 }
 #else /* MBEDTLS_USE_PSA_CRYPTO */
 
@@ -8230,7 +8236,7 @@
                                             &alg,
                                             &key_type,
                                             &key_bits)) != PSA_SUCCESS) {
-        ret = psa_ssl_status_to_mbedtls(status);
+        ret = PSA_TO_MBEDTLS_ERR(status);
         MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_cipher_to_psa", ret);
         goto end;
     }
@@ -8478,7 +8484,7 @@
                                      PSA_BITS_TO_BYTES(key_bits),
                                      &transform->psa_key_enc)) != PSA_SUCCESS) {
             MBEDTLS_SSL_DEBUG_RET(3, "psa_import_key", (int) status);
-            ret = psa_ssl_status_to_mbedtls(status);
+            ret = PSA_TO_MBEDTLS_ERR(status);
             MBEDTLS_SSL_DEBUG_RET(1, "psa_import_key", ret);
             goto end;
         }
@@ -8489,7 +8495,7 @@
                                      key2,
                                      PSA_BITS_TO_BYTES(key_bits),
                                      &transform->psa_key_dec)) != PSA_SUCCESS) {
-            ret = psa_ssl_status_to_mbedtls(status);
+            ret = PSA_TO_MBEDTLS_ERR(status);
             MBEDTLS_SSL_DEBUG_RET(1, "psa_import_key", ret);
             goto end;
         }
@@ -8552,7 +8558,7 @@
         if ((status = psa_import_key(&attributes,
                                      mac_enc, mac_key_len,
                                      &transform->psa_mac_enc)) != PSA_SUCCESS) {
-            ret = psa_ssl_status_to_mbedtls(status);
+            ret = PSA_TO_MBEDTLS_ERR(status);
             MBEDTLS_SSL_DEBUG_RET(1, "psa_import_mac_key", ret);
             goto end;
         }
@@ -8573,7 +8579,7 @@
         if ((status = psa_import_key(&attributes,
                                      mac_dec, mac_key_len,
                                      &transform->psa_mac_dec)) != PSA_SUCCESS) {
-            ret = psa_ssl_status_to_mbedtls(status);
+            ret = PSA_TO_MBEDTLS_ERR(status);
             MBEDTLS_SSL_DEBUG_RET(1, "psa_import_mac_key", ret);
             goto end;
         }
@@ -8628,7 +8634,7 @@
             status = psa_pake_input(pake_ctx, step,
                                     buf + input_offset, length);
             if (status != PSA_SUCCESS) {
-                return psa_ssl_status_to_mbedtls(status);
+                return PSA_TO_MBEDTLS_ERR(status);
             }
 
             input_offset += length;
@@ -8670,7 +8676,7 @@
                                      len - output_offset - 1,
                                      &output_len);
             if (status != PSA_SUCCESS) {
-                return psa_ssl_status_to_mbedtls(status);
+                return PSA_TO_MBEDTLS_ERR(status);
             }
 
             *(buf + output_offset) = (uint8_t) output_len;

diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c
index fc99fde..890e9a9 100644
--- a/library/ssl_tls12_client.c
+++ b/library/ssl_tls12_client.c

@@ -33,6 +33,9 @@
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
 #include "mbedtls/psa_util.h"
 #include "psa/crypto.h"
+#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status,   \
+                                                           psa_to_ssl_errors,             \
+                                                           psa_generic_status_to_mbedtls)
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 
 #include <string.h>
@@ -2951,7 +2954,7 @@
         status = psa_generate_key(&key_attributes,
                                   &handshake->ecdh_psa_privkey);
         if (status != PSA_SUCCESS) {
-            return psa_ssl_status_to_mbedtls(status);
+            return PSA_TO_MBEDTLS_ERR(status);
         }
 
         /* Export the public part of the ECDH private key from PSA.
@@ -2968,7 +2971,7 @@
         if (status != PSA_SUCCESS) {
             psa_destroy_key(handshake->ecdh_psa_privkey);
             handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
-            return psa_ssl_status_to_mbedtls(status);
+            return PSA_TO_MBEDTLS_ERR(status);
         }
 
         *p = (unsigned char) own_pubkey_len;
@@ -3000,9 +3003,9 @@
         handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
 
         if (status != PSA_SUCCESS) {
-            return psa_ssl_status_to_mbedtls(status);
+            return PSA_TO_MBEDTLS_ERR(status);
         } else if (destruction_status != PSA_SUCCESS) {
-            return psa_ssl_status_to_mbedtls(destruction_status);
+            return PSA_TO_MBEDTLS_ERR(destruction_status);
         }
 
         /* Write the ECDH computation length before the ECDH computation */

diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c
index d5c8b7c..0806f7f 100644
--- a/library/ssl_tls12_server.c
+++ b/library/ssl_tls12_server.c

@@ -34,6 +34,12 @@
 
 #include <string.h>
 
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status,   \
+                                                           psa_to_ssl_errors,             \
+                                                           psa_generic_status_to_mbedtls)
+#endif
+
 #if defined(MBEDTLS_ECP_C)
 #include "mbedtls/ecp.h"
 #endif
@@ -2588,7 +2594,7 @@
                                             &key_attributes);
             if (status != PSA_SUCCESS) {
                 ssl->handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
-                return psa_ssl_status_to_mbedtls(status);
+                return PSA_TO_MBEDTLS_ERR(status);
             }
 
             ssl->handshake->ecdh_psa_type = psa_get_key_type(&key_attributes);
@@ -2635,7 +2641,7 @@
             status = psa_import_key(&key_attributes, buf, key_len,
                                     &ssl->handshake->ecdh_psa_privkey);
             if (status != PSA_SUCCESS) {
-                ret = psa_ssl_status_to_mbedtls(status);
+                ret = PSA_TO_MBEDTLS_ERR(status);
                 goto cleanup;
             }
 
@@ -2956,7 +2962,7 @@
         status = psa_generate_key(&key_attributes,
                                   &handshake->ecdh_psa_privkey);
         if (status != PSA_SUCCESS) {
-            ret = psa_ssl_status_to_mbedtls(status);
+            ret = PSA_TO_MBEDTLS_ERR(status);
             MBEDTLS_SSL_DEBUG_RET(1, "psa_generate_key", ret);
             return ret;
         }
@@ -2980,7 +2986,7 @@
                                        own_pubkey, own_pubkey_max_len,
                                        &len);
         if (status != PSA_SUCCESS) {
-            ret = psa_ssl_status_to_mbedtls(status);
+            ret = PSA_TO_MBEDTLS_ERR(status);
             MBEDTLS_SSL_DEBUG_RET(1, "psa_export_public_key", ret);
             (void) psa_destroy_key(handshake->ecdh_psa_privkey);
             handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
@@ -3688,7 +3694,7 @@
             handshake->premaster, sizeof(handshake->premaster),
             &handshake->pmslen);
         if (status != PSA_SUCCESS) {
-            ret = psa_ssl_status_to_mbedtls(status);
+            ret = PSA_TO_MBEDTLS_ERR(status);
             MBEDTLS_SSL_DEBUG_RET(1, "psa_raw_key_agreement", ret);
             if (handshake->ecdh_psa_privkey_is_external == 0) {
                 (void) psa_destroy_key(handshake->ecdh_psa_privkey);
@@ -3701,7 +3707,7 @@
             status = psa_destroy_key(handshake->ecdh_psa_privkey);
 
             if (status != PSA_SUCCESS) {
-                ret = psa_ssl_status_to_mbedtls(status);
+                ret = PSA_TO_MBEDTLS_ERR(status);
                 MBEDTLS_SSL_DEBUG_RET(1, "psa_destroy_key", ret);
                 return ret;
             }
@@ -3894,9 +3900,9 @@
         handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
 
         if (status != PSA_SUCCESS) {
-            return psa_ssl_status_to_mbedtls(status);
+            return PSA_TO_MBEDTLS_ERR(status);
         } else if (destruction_status != PSA_SUCCESS) {
-            return psa_ssl_status_to_mbedtls(destruction_status);
+            return PSA_TO_MBEDTLS_ERR(destruction_status);
         }
 
         /* Write the ECDH computation length before the ECDH computation */

diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 0dd762e..05c7364 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c

@@ -34,6 +34,10 @@
 #include "ssl_tls13_keys.h"
 #include "ssl_debug_helpers.h"
 
+#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status,   \
+                                                           psa_to_ssl_errors,             \
+                                                           psa_generic_status_to_mbedtls)
+
 /* Write extensions */
 
 /*
@@ -188,7 +192,7 @@
         /* Destroy generated private key. */
         status = psa_destroy_key(ssl->handshake->ecdh_psa_privkey);
         if (status != PSA_SUCCESS) {
-            ret = psa_ssl_status_to_mbedtls(status);
+            ret = PSA_TO_MBEDTLS_ERR(status);
             MBEDTLS_SSL_DEBUG_RET(1, "psa_destroy_key", ret);
             return ret;
         }

diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index f607e36..512656e 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c

@@ -36,6 +36,13 @@
 #include "ssl_tls13_keys.h"
 #include "ssl_debug_helpers.h"
 
+#include "psa/crypto.h"
+#include "mbedtls/psa_util.h"
+
+#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status,   \
+                                                           psa_to_ssl_errors,             \
+                                                           psa_generic_status_to_mbedtls)
+
 const uint8_t mbedtls_ssl_tls13_hello_retry_request_magic[
     MBEDTLS_SERVER_HELLO_RANDOM_LEN] =
 { 0xCF, 0x21, 0xAD, 0x74, 0xE5, 0x9A, 0x61, 0x11,
@@ -1016,7 +1023,7 @@
                                   verify_hash, sizeof(verify_hash),
                                   &verify_hash_len);
         if (status != PSA_SUCCESS) {
-            return psa_ssl_status_to_mbedtls(status);
+            return PSA_TO_MBEDTLS_ERR(status);
         }
 
         MBEDTLS_SSL_DEBUG_BUF(3, "verify hash", verify_hash, verify_hash_len);
@@ -1482,7 +1489,7 @@
     status = psa_generate_key(&key_attributes,
                               &handshake->ecdh_psa_privkey);
     if (status != PSA_SUCCESS) {
-        ret = psa_ssl_status_to_mbedtls(status);
+        ret = PSA_TO_MBEDTLS_ERR(status);
         MBEDTLS_SSL_DEBUG_RET(1, "psa_generate_key", ret);
         return ret;
 
@@ -1493,7 +1500,7 @@
                                    buf, (size_t) (end - buf),
                                    &own_pubkey_len);
     if (status != PSA_SUCCESS) {
-        ret = psa_ssl_status_to_mbedtls(status);
+        ret = PSA_TO_MBEDTLS_ERR(status);
         MBEDTLS_SSL_DEBUG_RET(1, "psa_export_public_key", ret);
         return ret;
 

diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c
index a95d2fd..6edce50 100644
--- a/library/ssl_tls13_keys.c
+++ b/library/ssl_tls13_keys.c

@@ -35,6 +35,10 @@
 
 #include "psa/crypto.h"
 
+#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status,   \
+                                                           psa_to_ssl_errors,             \
+                                                           psa_generic_status_to_mbedtls)
+
 #define MBEDTLS_SSL_TLS1_3_LABEL(name, string)       \
     .name = string,
 
@@ -215,7 +219,7 @@
     abort_status = psa_key_derivation_abort(&operation);
     status = (status == PSA_SUCCESS ? abort_status : status);
     mbedtls_platform_zeroize(hkdf_label, hkdf_label_len);
-    return psa_ssl_status_to_mbedtls(status);
+    return PSA_TO_MBEDTLS_ERR(status);
 }
 
 MBEDTLS_CHECK_RETURN_CRITICAL
@@ -309,7 +313,7 @@
         status = psa_hash_compute(hash_alg, ctx, ctx_len, hashed_context,
                                   PSA_HASH_LENGTH(hash_alg), &ctx_len);
         if (status != PSA_SUCCESS) {
-            ret = psa_ssl_status_to_mbedtls(status);
+            ret = PSA_TO_MBEDTLS_ERR(status);
             return ret;
         }
     } else {
@@ -416,7 +420,7 @@
 cleanup:
     abort_status = psa_key_derivation_abort(&operation);
     status = (status == PSA_SUCCESS ? abort_status : status);
-    ret = (ret == 0 ? psa_ssl_status_to_mbedtls(status) : ret);
+    ret = (ret == 0 ? PSA_TO_MBEDTLS_ERR(status) : ret);
     mbedtls_platform_zeroize(tmp_secret, sizeof(tmp_secret));
     return ret;
 }
@@ -740,19 +744,19 @@
 
     status = psa_import_key(&attributes, finished_key, hash_len, &key);
     if (status != PSA_SUCCESS) {
-        ret = psa_ssl_status_to_mbedtls(status);
+        ret = PSA_TO_MBEDTLS_ERR(status);
         goto exit;
     }
 
     status = psa_mac_compute(key, alg, transcript, hash_len,
                              dst, hash_len, dst_len);
-    ret = psa_ssl_status_to_mbedtls(status);
+    ret = PSA_TO_MBEDTLS_ERR(status);
 
 exit:
 
     status = psa_destroy_key(key);
     if (ret == 0) {
-        ret = psa_ssl_status_to_mbedtls(status);
+        ret = PSA_TO_MBEDTLS_ERR(status);
     }
 
     mbedtls_platform_zeroize(finished_key, sizeof(finished_key));
@@ -1040,8 +1044,8 @@
                                             &alg,
                                             &key_type,
                                             &key_bits)) != PSA_SUCCESS) {
-        MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_cipher_to_psa", psa_ssl_status_to_mbedtls(status));
-        return psa_ssl_status_to_mbedtls(status);
+        MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_cipher_to_psa", PSA_TO_MBEDTLS_ERR(status));
+        return PSA_TO_MBEDTLS_ERR(status);
     }
 
     transform->psa_alg = alg;
@@ -1055,8 +1059,8 @@
                                      key_enc,
                                      PSA_BITS_TO_BYTES(key_bits),
                                      &transform->psa_key_enc)) != PSA_SUCCESS) {
-            MBEDTLS_SSL_DEBUG_RET(1, "psa_import_key", psa_ssl_status_to_mbedtls(status));
-            return psa_ssl_status_to_mbedtls(status);
+            MBEDTLS_SSL_DEBUG_RET(1, "psa_import_key", PSA_TO_MBEDTLS_ERR(status));
+            return PSA_TO_MBEDTLS_ERR(status);
         }
 
         psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DECRYPT);
@@ -1065,8 +1069,8 @@
                                      key_dec,
                                      PSA_BITS_TO_BYTES(key_bits),
                                      &transform->psa_key_dec)) != PSA_SUCCESS) {
-            MBEDTLS_SSL_DEBUG_RET(1, "psa_import_key", psa_ssl_status_to_mbedtls(status));
-            return psa_ssl_status_to_mbedtls(status);
+            MBEDTLS_SSL_DEBUG_RET(1, "psa_import_key", PSA_TO_MBEDTLS_ERR(status));
+            return PSA_TO_MBEDTLS_ERR(status);
         }
     }
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
@@ -1094,7 +1098,7 @@
     status = mbedtls_ssl_cipher_to_psa(ciphersuite_info->cipher, taglen,
                                        &alg, &key_type, &key_bits);
     if (status != PSA_SUCCESS) {
-        return psa_ssl_status_to_mbedtls(status);
+        return PSA_TO_MBEDTLS_ERR(status);
     }
 
     *key_len = PSA_BITS_TO_BYTES(key_bits);
@@ -1467,7 +1471,7 @@
             status = psa_get_key_attributes(handshake->ecdh_psa_privkey,
                                             &key_attributes);
             if (status != PSA_SUCCESS) {
-                ret = psa_ssl_status_to_mbedtls(status);
+                ret = PSA_TO_MBEDTLS_ERR(status);
             }
 
             shared_secret_len = PSA_BITS_TO_BYTES(
@@ -1482,14 +1486,14 @@
                 handshake->ecdh_psa_peerkey, handshake->ecdh_psa_peerkey_len,
                 shared_secret, shared_secret_len, &shared_secret_len);
             if (status != PSA_SUCCESS) {
-                ret = psa_ssl_status_to_mbedtls(status);
+                ret = PSA_TO_MBEDTLS_ERR(status);
                 MBEDTLS_SSL_DEBUG_RET(1, "psa_raw_key_agreement", ret);
                 goto cleanup;
             }
 
             status = psa_destroy_key(handshake->ecdh_psa_privkey);
             if (status != PSA_SUCCESS) {
-                ret = psa_ssl_status_to_mbedtls(status);
+                ret = PSA_TO_MBEDTLS_ERR(status);
                 MBEDTLS_SSL_DEBUG_RET(1, "psa_destroy_key", ret);
                 goto cleanup;
             }
@@ -1826,7 +1830,7 @@
 
     status = psa_get_key_attributes(ssl->handshake->psk_opaque, &key_attributes);
     if (status != PSA_SUCCESS) {
-        return psa_ssl_status_to_mbedtls(status);
+        return PSA_TO_MBEDTLS_ERR(status);
     }
 
     *psk_len = PSA_BITS_TO_BYTES(psa_get_key_bits(&key_attributes));
@@ -1840,7 +1844,7 @@
     if (status != PSA_SUCCESS) {
         mbedtls_free((void *) *psk);
         *psk = NULL;
-        return psa_ssl_status_to_mbedtls(status);
+        return PSA_TO_MBEDTLS_ERR(status);
     }
     return 0;
 #else
commit	8a045ce5e669045c8ef374374d4d3f19ecd5def5	[log] [tgz]
author	Andrzej Kurek <andrzej.kurek@arm.com>	Fri Dec 23 11:00:06 2022 -0500
committer	Andrzej Kurek <andrzej.kurek@arm.com>	Fri Mar 03 05:23:44 2023 -0500
tree	e207b45b4238b8d791f9c619c88ee336a5eeb314
parent	05b80a4eeeb1c614dcee55ace40f81e93e27e9ad [diff]