Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Configuration detection can fail in ssl-opt.sh #2030

Closed
gilles-peskine-arm opened this issue Sep 26, 2018 · 4 comments · Fixed by #2105
Closed

Configuration detection can fail in ssl-opt.sh #2030

gilles-peskine-arm opened this issue Sep 26, 2018 · 4 comments · Fixed by #2105

Comments

@gilles-peskine-arm
Copy link
Contributor

Depending on the configuration, ssl-opt.sh may skip some tests that it should run or run some tests that will fail. There are in fact errors if you run test-ref-configs.pl, which turn out to be benign in this case.

Here's an excerpt from test-ref-configs.pl:

******************************************
* Testing configuration: config-thread.h
******************************************
…
running ssl-opt.sh -f ECJPAKE.*nolog
ECJPAKE: working, DTLS, nolog .......................................... PASS
tests/ssl-opt.sh: 176: [: Illegal number: 
tests/ssl-opt.sh: 176: [: Illegal number: 
tests/ssl-opt.sh: 183: [: Illegal number: 
tests/ssl-opt.sh: 176: [: Illegal number: 
tests/ssl-opt.sh: 183: [: Illegal number: 
------------------------------------------------------------------------
PASSED (1 / 1 tests (0 skipped))

The problem turns out to be the detection of the value of MBEDTLS_SSL_DTLS_MAX_BUFFERING. If include/mbedtls/config.h does not contain a line with #define MBEDTLS_SSL_DTLS_MAX_BUFFERING … or //#define MBEDTLS_SSL_DTLS_MAX_BUFFERING …, which happens to be the case for configs/config-thread.h, then the function get_config_value_or_default produces empty output and this leads to the error messages above from requires_config_value_at_least and requires_config_value_at_most.

It is legitimate for config.h not to define MBEDTLS_SSL_DTLS_MAX_BUFFERING, since ssl.h will supply a fallback value. I think the whole mechanism to detect the value of MBEDTLS_SSL_DTLS_MAX_BUFFERING should be changed. We could make a program in programs/tests or programs/util that just prints out the value: this would be a lot more robust than parsing header files in sh.

@hanno-becker
Copy link

I think adding an example program printing numerous configuration values, as @gilles-peskine-arm suggested, should be straightforward and very helpful for testing.

@simonbutcher
Copy link
Contributor

Isn't this just a duplicate of #2029? Am I missing something?

@gilles-peskine-arm
Copy link
Contributor Author

No, the issue I'm pointing out here isn't specific to an OS. I think this and #2029 should be fixed together, #2029 could also be fixed by sticking to portable use of sed, and this wouldn't fix #2030.

@ciarmcom
Copy link

ARM Internal Ref: IOTSSL-2555

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging a pull request may close this issue.

4 participants