ssl-opt needs debug messages

Many test cases in ssl-opt.sh need error messages (MBEDTLS_ERROR_C) or SSL
traces (MBEDTLS_DEBUG_C). Some sample configurations don't include these
options. When running ssl-opt.sh on those configurations, enable the
required options. They must be listed in the config*.h file, commented out.

Run ssl-opt in the following configurations with debug options:
ccm-psk-tls1_2, ccm-psk-dtls1_2, suite-b. Skip mini-tls1_1 for now because
it requires significant improvements to ssl-opt.sh (lots of missing
requires_xxx).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine 2022-02-25 21:00:16 +01:00
parent 89d892ffdd
commit dcb13af837
5 changed files with 37 additions and 0 deletions

View file

@ -99,6 +99,11 @@
//#define MBEDTLS_USE_PSA_CRYPTO //#define MBEDTLS_USE_PSA_CRYPTO
//#define MBEDTLS_PSA_CRYPTO_C //#define MBEDTLS_PSA_CRYPTO_C
/* Error messages and TLS debugging traces
* (huge code size increase, needed for tests/ssl-opt.sh) */
//#define MBEDTLS_DEBUG_C
//#define MBEDTLS_ERROR_C
#include "mbedtls/check_config.h" #include "mbedtls/check_config.h"
#endif /* MBEDTLS_CONFIG_H */ #endif /* MBEDTLS_CONFIG_H */

View file

@ -90,6 +90,11 @@
//#define MBEDTLS_USE_PSA_CRYPTO //#define MBEDTLS_USE_PSA_CRYPTO
//#define MBEDTLS_PSA_CRYPTO_C //#define MBEDTLS_PSA_CRYPTO_C
/* Error messages and TLS debugging traces
* (huge code size increase, needed for tests/ssl-opt.sh) */
//#define MBEDTLS_DEBUG_C
//#define MBEDTLS_ERROR_C
#include "mbedtls/check_config.h" #include "mbedtls/check_config.h"
#endif /* MBEDTLS_CONFIG_H */ #endif /* MBEDTLS_CONFIG_H */

View file

@ -82,4 +82,9 @@
#endif #endif
#include "mbedtls/check_config.h" #include "mbedtls/check_config.h"
/* Error messages and TLS debugging traces
* (huge code size increase, needed for tests/ssl-opt.sh) */
//#define MBEDTLS_DEBUG_C
//#define MBEDTLS_ERROR_C
#endif /* MBEDTLS_CONFIG_H */ #endif /* MBEDTLS_CONFIG_H */

View file

@ -119,6 +119,11 @@
#define MBEDTLS_PK_WRITE_C #define MBEDTLS_PK_WRITE_C
#endif #endif
/* Error messages and TLS debugging traces
* (huge code size increase, needed for tests/ssl-opt.sh) */
//#define MBEDTLS_DEBUG_C
//#define MBEDTLS_ERROR_C
#include "mbedtls/check_config.h" #include "mbedtls/check_config.h"
#endif /* MBEDTLS_CONFIG_H */ #endif /* MBEDTLS_CONFIG_H */

View file

@ -34,10 +34,16 @@ my %configs = (
}, },
'config-ccm-psk-dtls1_2.h' => { 'config-ccm-psk-dtls1_2.h' => {
'compat' => '-m dtls12 -f \'^TLS-PSK-WITH-AES-...-CCM-8\'', 'compat' => '-m dtls12 -f \'^TLS-PSK-WITH-AES-...-CCM-8\'',
'opt' => ' ',
'opt_needs_debug' => 1,
'test_again_with_use_psa' => 1 'test_again_with_use_psa' => 1
}, },
'config-mini-tls1_1.h' => { 'config-mini-tls1_1.h' => {
'compat' => '-m tls1_1 -f \'^DES-CBC3-SHA$\|^TLS-RSA-WITH-3DES-EDE-CBC-SHA$\'', #', 'compat' => '-m tls1_1 -f \'^DES-CBC3-SHA$\|^TLS-RSA-WITH-3DES-EDE-CBC-SHA$\'', #',
## Skip ssl-opt testing for now because ssl-opt.sh is missing a lot
## of requires_xxx so it would try to run tests that don't apply.
# 'opt' => ' ',
# 'opt_needs_debug' => 1,
'test_again_with_use_psa' => 1 'test_again_with_use_psa' => 1
}, },
'config-no-entropy.h' => { 'config-no-entropy.h' => {
@ -45,6 +51,8 @@ my %configs = (
'config-suite-b.h' => { 'config-suite-b.h' => {
'compat' => "-m tls12 -f 'ECDHE-ECDSA.*AES.*GCM' -p mbedTLS", 'compat' => "-m tls12 -f 'ECDHE-ECDSA.*AES.*GCM' -p mbedTLS",
'test_again_with_use_psa' => 1, 'test_again_with_use_psa' => 1,
'opt' => ' ',
'opt_needs_debug' => 1,
}, },
'config-symmetric-only.h' => { 'config-symmetric-only.h' => {
'test_again_with_use_psa' => 0, # Uses PSA by default, no need to test it twice 'test_again_with_use_psa' => 0, # Uses PSA by default, no need to test it twice
@ -136,6 +144,15 @@ sub perform_test {
my $opt = $data->{'opt'}; my $opt = $data->{'opt'};
if( $opt ) if( $opt )
{ {
if( $data->{'opt_needs_debug'} )
{
print "\nrebuilding with debug traces for ssl-opt\n";
system( "make clean" );
system( "scripts/config.py set MBEDTLS_DEBUG_C" );
system( "scripts/config.py set MBEDTLS_ERROR_C" );
system( "CFLAGS='-Os -Werror -Wall -Wextra' make" ) and abort "Failed to build: $conf +debug\n";
}
print "\nrunning ssl-opt.sh $opt\n"; print "\nrunning ssl-opt.sh $opt\n";
system( "tests/ssl-opt.sh $opt" ) system( "tests/ssl-opt.sh $opt" )
and abort "Failed ssl-opt.sh: $conf\n"; and abort "Failed ssl-opt.sh: $conf\n";