Backport 2.28: Report configuration settings in the outcome file

[gilles-peskine-arm]

Backport of #9172 and its framework companion Mbed-TLS/mbedtls-framework#28.

I followed the same commit structure for the common content, but several things are different in 2.28.

• Minor fixes from the main PR.
• Test code and manually written test cases.
• Commits from the framework PR to create the Python script at a temporary location.
• Move the script to its pre-framework location.
• Adapt the script content for 2.28. Maybe dependencies_of_setting needs more 2.28-only stuff but we can do that later based on looking at outcome analysis.
• Check in the generated files, since we do that in 2.28.
• Add the generated files to check-generated-files. In 2.28, there is no handling of generated files in **/Makefile and **/CMakeLists.txt, and no framework submodule to update.

PR checklist

Please tick as appropriate and edit the reasons (e.g.: "backport: not needed because this is a new feature")

• changelog no (test only)
• backport of Report configuration settings in the outcome file #9172
• tests provided

[ronald-cron-arm]

Just to be sure, do we really need that in 2.28? Its end of life is at the end of the year thus what the point to "Check that all configuration options are tested in all.sh" now for it?

[gilles-peskine-arm]

I don't think it's worth it to enforce the same level of configuration testing in 2.28. And in that respect, I didn't go digging for options with dependencies in 2.28 (options where A requires B so we want to check A:B and !A:B, not just A and !A), not even to the small level I did for 3.6. But to even evaluate this, I need to get the reports from this pull request. Doing the backport was only about ½h of engineering time, plus the time to review it. I think that's well worth it.

[coolleng2525]

@CodiumAI-Agent /review

[CodiumAI-Agent]

PR Reviewer Guide 🔍

⏱️ Estimated effort to review [1-5]	4
🧪 Relevant tests	Yes
🔒 Security concerns	No
⚡ Key issues to review	Possible Bug: The PR introduces a new script generate_config_tests.py which generates test cases for configuration settings. It is crucial to ensure that this script correctly handles all edge cases, especially since it deals with conditional dependencies and complex configurations.
	Code Complexity: The config.py script has been modified to include handling for inclusion guards and other complex parsing logic. This increases the complexity of the script, which could lead to maintenance challenges in the future.
	Generated Data Verification: The PR includes a large amount of automatically generated test data. It is important to verify that this data is correct and covers all necessary scenarios.

[paul-elliott-arm]

LGTM, just one question.

[paul-elliott-arm]

Was this deliberate or copypasta? I don't think generate_config_tests.py has a --list option, but is the generate_bignum_tests.py list compatible?

[gilles-peskine-arm]

Woops, copypasta. Fixed.

All the generate_xxx_tests.py use the same main function from test_data_generation.py and they take the same command line options.

[ronald-cron-arm]

I've checked the backport and reviewed the additional commits. One comment otherwise this looks good to me.

[ronald-cron-arm]

Suggested change

	return 'MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_SRV_C:MBEDTLS_SSL_PROTO_TLS1_3'
	return 'MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_SRV_C:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL'

TLS 1.3 is actually not supported in 2.28 thus we could probably just remove this case.

[ronald-cron-arm]

LGTM, thanks.

[paul-elliott-arm]

LGTM