extmod/modussl_mbedtls: Integrate shorter error strings.

The stm32 and esp32 ports now use shorter error strings for mbedtls errors.
Also, MBEDTLS_ERROR_C is enabled on stm32 by default to get these strings.
This commit is contained in:
Thorsten von Eicken 2020-07-02 12:34:36 -07:00 committed by Damien George
parent 3e758ef235
commit 5264478007
6 changed files with 23 additions and 13 deletions

View File

@ -77,17 +77,21 @@ STATIC void mbedtls_debug(void *ctx, int level, const char *file, int line, cons
#endif #endif
STATIC NORETURN void mbedtls_raise_error(int err) { STATIC NORETURN void mbedtls_raise_error(int err) {
#if defined(MBEDTLS_ERROR_C) // _mbedtls_ssl_send and _mbedtls_ssl_recv (below) turn positive error codes from the
// Including mbedtls_strerror takes about 16KB on the esp32 due to all the strings. // underlying socket into negative codes to pass them through mbedtls. Here we turn them
// MBEDTLS_ERROR_C is the define used by mbedtls to conditionally include mbedtls_strerror. // positive again so they get interpreted as the OSError they really are. The
// It is set/unset in the MBEDTLS_CONFIG_FILE which is defined in the Makefile. // cut-off of -256 is a bit hacky, sigh.
// "small" negative integer error codes come from underlying stream/sockets, not mbedtls
if (err < 0 && err > -256) { if (err < 0 && err > -256) {
mp_raise_OSError(-err); mp_raise_OSError(-err);
} }
#if defined(MBEDTLS_ERROR_C)
// Including mbedtls_strerror takes about 1.5KB due to the error strings.
// MBEDTLS_ERROR_C is the define used by mbedtls to conditionally include mbedtls_strerror.
// It is set/unset in the MBEDTLS_CONFIG_FILE which is defined in the Makefile.
// Try to allocate memory for the message // Try to allocate memory for the message
#define ERR_STR_MAX 100 // mbedtls_strerror truncates if it doesn't fit #define ERR_STR_MAX 80 // mbedtls_strerror truncates if it doesn't fit
mp_obj_str_t *o_str = m_new_obj_maybe(mp_obj_str_t); mp_obj_str_t *o_str = m_new_obj_maybe(mp_obj_str_t);
byte *o_str_buf = m_new_maybe(byte, ERR_STR_MAX); byte *o_str_buf = m_new_maybe(byte, ERR_STR_MAX);
if (o_str == NULL || o_str_buf == NULL) { if (o_str == NULL || o_str_buf == NULL) {
@ -96,7 +100,7 @@ STATIC NORETURN void mbedtls_raise_error(int err) {
// print the error message into the allocated buffer // print the error message into the allocated buffer
mbedtls_strerror(err, (char *)o_str_buf, ERR_STR_MAX); mbedtls_strerror(err, (char *)o_str_buf, ERR_STR_MAX);
size_t len = strnlen((char *)o_str_buf, ERR_STR_MAX); size_t len = strlen((char *)o_str_buf);
// Put the exception object together // Put the exception object together
o_str->base.type = &mp_type_str; o_str->base.type = &mp_type_str;
@ -108,7 +112,7 @@ STATIC NORETURN void mbedtls_raise_error(int err) {
nlr_raise(mp_obj_exception_make_new(&mp_type_OSError, 2, 0, args)); nlr_raise(mp_obj_exception_make_new(&mp_type_OSError, 2, 0, args));
#else #else
// mbedtls is compiled without error strings so we simply return the err number // mbedtls is compiled without error strings so we simply return the err number
mp_raise_OSError(err); // typ. err is negative mp_raise_OSError(err); // err is typically a large negative number
#endif #endif
} }

View File

@ -362,6 +362,7 @@ EXTMOD_SRC_C += $(addprefix extmod/,\
) )
LIB_SRC_C = $(addprefix lib/,\ LIB_SRC_C = $(addprefix lib/,\
mbedtls_errors/mp_mbedtls_errors.c \
mp-readline/readline.c \ mp-readline/readline.c \
netutils/netutils.c \ netutils/netutils.c \
timeutils/timeutils.c \ timeutils/timeutils.c \
@ -506,11 +507,12 @@ ESPIDF_LWIP_O = $(patsubst %.c,%.o,\
$(wildcard $(ESPCOMP)/lwip/port/esp32/*/*.c) \ $(wildcard $(ESPCOMP)/lwip/port/esp32/*/*.c) \
) )
ESPIDF_MBEDTLS_O = $(patsubst %.c,%.o,\ # Mbedtls source files, exclude error.c in favor of lib/mbedtls_errors/mp_mbedtls_errors.c
ESPIDF_MBEDTLS_O = $(patsubst %.c,%.o, $(filter-out %/error.c,\
$(wildcard $(ESPCOMP)/mbedtls/mbedtls/library/*.c) \ $(wildcard $(ESPCOMP)/mbedtls/mbedtls/library/*.c) \
$(wildcard $(ESPCOMP)/mbedtls/port/*.c) \ $(wildcard $(ESPCOMP)/mbedtls/port/*.c) \
$(wildcard $(ESPCOMP)/mbedtls/port/esp32/*.c) \ $(wildcard $(ESPCOMP)/mbedtls/port/esp32/*.c) \
) ))
ESPIDF_MDNS_O = $(patsubst %.c,%.o,$(wildcard $(ESPCOMP)/mdns/*.c)) ESPIDF_MDNS_O = $(patsubst %.c,%.o,$(wildcard $(ESPCOMP)/mdns/*.c))

View File

@ -472,6 +472,9 @@ endif
ifeq ($(MICROPY_SSL_MBEDTLS),1) ifeq ($(MICROPY_SSL_MBEDTLS),1)
CFLAGS_MOD += -DMBEDTLS_CONFIG_FILE='"mbedtls/mbedtls_config.h"' CFLAGS_MOD += -DMBEDTLS_CONFIG_FILE='"mbedtls/mbedtls_config.h"'
SRC_MOD += mbedtls/mbedtls_port.c SRC_MOD += mbedtls/mbedtls_port.c
# replace mbedtls' error.c by ours
SRC_MOD := $(filter-out %/mbedtls/library/error.c, $(SRC_MOD))
LIB_SRC_C += lib/mbedtls_errors/mp_mbedtls_errors.c
endif endif
ifeq ($(MICROPY_PY_BLUETOOTH),1) ifeq ($(MICROPY_PY_BLUETOOTH),1)

View File

@ -67,6 +67,7 @@
#define MBEDTLS_CTR_DRBG_C #define MBEDTLS_CTR_DRBG_C
//#define MBEDTLS_ECP_C //#define MBEDTLS_ECP_C
#define MBEDTLS_ENTROPY_C #define MBEDTLS_ENTROPY_C
#define MBEDTLS_ERROR_C
#define MBEDTLS_MD_C #define MBEDTLS_MD_C
#define MBEDTLS_MD5_C #define MBEDTLS_MD5_C
#define MBEDTLS_OID_C #define MBEDTLS_OID_C

View File

@ -54,7 +54,7 @@ def main():
test_one(site, opts) test_one(site, opts)
print(site, "ok") print(site, "ok")
except Exception as e: except Exception as e:
print(site, repr(e)) print(site, e)
main() main()

View File

@ -14,10 +14,10 @@ def test(addr):
print("wrap: no exception") print("wrap: no exception")
except OSError as e: except OSError as e:
# mbedtls produces "mbedtls -0x7200: SSL - An invalid SSL record was received" # mbedtls produces "mbedtls -0x7200: SSL - An invalid SSL record was received"
# axtls produces "RECORD_OVERFLOW" # axtls produces "RECORD_OVERFLOW" but also prints "TLS buffer overflow,..."
# CPython produces "[SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:1108)" # CPython produces "[SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:1108)"
ok = ( ok = (
"invalid SSL record" in str(e) "SSL_INVALID_RECORD" in str(e)
or "RECORD_OVERFLOW" in str(e) or "RECORD_OVERFLOW" in str(e)
or "wrong version" in str(e) or "wrong version" in str(e)
) )