Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Configuration detection can fail in ssl-opt.sh #2030

Closed
gilles-peskine-arm opened this issue Sep 26, 2018 · 4 comments

Comments

Projects
None yet
4 participants
@gilles-peskine-arm
Copy link
Contributor

commented Sep 26, 2018

Depending on the configuration, ssl-opt.sh may skip some tests that it should run or run some tests that will fail. There are in fact errors if you run test-ref-configs.pl, which turn out to be benign in this case.

Here's an excerpt from test-ref-configs.pl:

******************************************
* Testing configuration: config-thread.h
******************************************
…
running ssl-opt.sh -f ECJPAKE.*nolog
ECJPAKE: working, DTLS, nolog .......................................... PASS
tests/ssl-opt.sh: 176: [: Illegal number: 
tests/ssl-opt.sh: 176: [: Illegal number: 
tests/ssl-opt.sh: 183: [: Illegal number: 
tests/ssl-opt.sh: 176: [: Illegal number: 
tests/ssl-opt.sh: 183: [: Illegal number: 
------------------------------------------------------------------------
PASSED (1 / 1 tests (0 skipped))

The problem turns out to be the detection of the value of MBEDTLS_SSL_DTLS_MAX_BUFFERING. If include/mbedtls/config.h does not contain a line with #define MBEDTLS_SSL_DTLS_MAX_BUFFERING … or //#define MBEDTLS_SSL_DTLS_MAX_BUFFERING …, which happens to be the case for configs/config-thread.h, then the function get_config_value_or_default produces empty output and this leads to the error messages above from requires_config_value_at_least and requires_config_value_at_most.

It is legitimate for config.h not to define MBEDTLS_SSL_DTLS_MAX_BUFFERING, since ssl.h will supply a fallback value. I think the whole mechanism to detect the value of MBEDTLS_SSL_DTLS_MAX_BUFFERING should be changed. We could make a program in programs/tests or programs/util that just prints out the value: this would be a lot more robust than parsing header files in sh.

@hanno-arm

This comment has been minimized.

Copy link
Contributor

commented Sep 26, 2018

I think adding an example program printing numerous configuration values, as @gilles-peskine-arm suggested, should be straightforward and very helpful for testing.

@hanno-arm hanno-arm added the tracking label Sep 26, 2018

@sbutcher-arm

This comment has been minimized.

Copy link
Collaborator

commented Sep 26, 2018

Isn't this just a duplicate of #2029? Am I missing something?

@gilles-peskine-arm

This comment has been minimized.

Copy link
Contributor Author

commented Sep 26, 2018

No, the issue I'm pointing out here isn't specific to an OS. I think this and #2029 should be fixed together, #2029 could also be fixed by sticking to portable use of sed, and this wouldn't fix #2030.

@ciarmcom

This comment has been minimized.

Copy link
Member

commented Sep 26, 2018

ARM Internal Ref: IOTSSL-2555

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.