extmod/modussl_mbedtls: Integrate shorter error strings.

The stm32 and esp32 ports now use shorter error strings for mbedtls errors. Also, MBEDTLS_ERROR_C is enabled on stm32 by default to get these strings.
2020-07-02 12:34:36 -07:00 · 2020-07-02 12:34:36 -07:00 · 5264478007
parent 3e758ef235
commit 5264478007
6 changed files with 23 additions and 13 deletions
--- a/extmod/modussl_mbedtls.c
+++ b/extmod/modussl_mbedtls.c
@ -77,17 +77,21 @@ STATIC void mbedtls_debug(void *ctx, int level, const char *file, int line, cons
 #endif

 STATIC NORETURN void mbedtls_raise_error(int err) {
-    #if defined(MBEDTLS_ERROR_C)
-    // Including mbedtls_strerror takes about 16KB on the esp32 due to all the strings.
-    // MBEDTLS_ERROR_C is the define used by mbedtls to conditionally include mbedtls_strerror.
-    // It is set/unset in the MBEDTLS_CONFIG_FILE which is defined in the Makefile.
-    // "small" negative integer error codes come from underlying stream/sockets, not mbedtls
+    // _mbedtls_ssl_send and _mbedtls_ssl_recv (below) turn positive error codes from the
+    // underlying socket into negative codes to pass them through mbedtls. Here we turn them
+    // positive again so they get interpreted as the OSError they really are. The
+    // cut-off of -256 is a bit hacky, sigh.
    if (err < 0 && err > -256) {
        mp_raise_OSError(-err);
    }

+    #if defined(MBEDTLS_ERROR_C)
+    // Including mbedtls_strerror takes about 1.5KB due to the error strings.
+    // MBEDTLS_ERROR_C is the define used by mbedtls to conditionally include mbedtls_strerror.
+    // It is set/unset in the MBEDTLS_CONFIG_FILE which is defined in the Makefile.
+
    // Try to allocate memory for the message
-    #define ERR_STR_MAX 100  // mbedtls_strerror truncates if it doesn't fit
+    #define ERR_STR_MAX 80  // mbedtls_strerror truncates if it doesn't fit
    mp_obj_str_t *o_str = m_new_obj_maybe(mp_obj_str_t);
    byte *o_str_buf = m_new_maybe(byte, ERR_STR_MAX);
    if (o_str == NULL || o_str_buf == NULL) {
@ -96,7 +100,7 @@ STATIC NORETURN void mbedtls_raise_error(int err) {

    // print the error message into the allocated buffer
    mbedtls_strerror(err, (char *)o_str_buf, ERR_STR_MAX);
-    size_t len = strnlen((char *)o_str_buf, ERR_STR_MAX);
+    size_t len = strlen((char *)o_str_buf);

    // Put the exception object together
    o_str->base.type = &mp_type_str;
@ -108,7 +112,7 @@ STATIC NORETURN void mbedtls_raise_error(int err) {
    nlr_raise(mp_obj_exception_make_new(&mp_type_OSError, 2, 0, args));
    #else
    // mbedtls is compiled without error strings so we simply return the err number
-    mp_raise_OSError(err); // typ. err is negative
+    mp_raise_OSError(err); // err is typically a large negative number
    #endif
 }

--- a/ports/esp32/Makefile
+++ b/ports/esp32/Makefile
@ -362,6 +362,7 @@ EXTMOD_SRC_C += $(addprefix extmod/,\
 	)

 LIB_SRC_C = $(addprefix lib/,\
+	mbedtls_errors/mp_mbedtls_errors.c \
 	mp-readline/readline.c \
 	netutils/netutils.c \
 	timeutils/timeutils.c \
@ -506,11 +507,12 @@ ESPIDF_LWIP_O = $(patsubst %.c,%.o,\
 	$(wildcard $(ESPCOMP)/lwip/port/esp32/*/*.c) \
 	)

-ESPIDF_MBEDTLS_O = $(patsubst %.c,%.o,\
+# Mbedtls source files, exclude error.c in favor of lib/mbedtls_errors/mp_mbedtls_errors.c
+ESPIDF_MBEDTLS_O = $(patsubst %.c,%.o, $(filter-out %/error.c,\
 	$(wildcard $(ESPCOMP)/mbedtls/mbedtls/library/*.c) \
 	$(wildcard $(ESPCOMP)/mbedtls/port/*.c) \
 	$(wildcard $(ESPCOMP)/mbedtls/port/esp32/*.c) \
-	)
+	))

 ESPIDF_MDNS_O = $(patsubst %.c,%.o,$(wildcard $(ESPCOMP)/mdns/*.c))

--- a/ports/stm32/Makefile
+++ b/ports/stm32/Makefile
@ -472,6 +472,9 @@ endif
 ifeq ($(MICROPY_SSL_MBEDTLS),1)
 CFLAGS_MOD += -DMBEDTLS_CONFIG_FILE='"mbedtls/mbedtls_config.h"'
 SRC_MOD += mbedtls/mbedtls_port.c
+# replace mbedtls' error.c by ours
+SRC_MOD := $(filter-out %/mbedtls/library/error.c, $(SRC_MOD))
+LIB_SRC_C += lib/mbedtls_errors/mp_mbedtls_errors.c
 endif

 ifeq ($(MICROPY_PY_BLUETOOTH),1)
--- a/ports/stm32/mbedtls/mbedtls_config.h
+++ b/ports/stm32/mbedtls/mbedtls_config.h
@ -67,6 +67,7 @@
 #define MBEDTLS_CTR_DRBG_C
 //#define MBEDTLS_ECP_C
 #define MBEDTLS_ENTROPY_C
+#define MBEDTLS_ERROR_C
 #define MBEDTLS_MD_C
 #define MBEDTLS_MD5_C
 #define MBEDTLS_OID_C
--- a/tests/net_inet/test_tls_sites.py
+++ b/tests/net_inet/test_tls_sites.py
@ -54,7 +54,7 @@ def main():
            test_one(site, opts)
            print(site, "ok")
        except Exception as e:
-            print(site, repr(e))
+            print(site, e)


 main()
--- a/tests/net_inet/tls_text_errors.py
+++ b/tests/net_inet/tls_text_errors.py
@ -14,10 +14,10 @@ def test(addr):
        print("wrap: no exception")
    except OSError as e:
        # mbedtls produces "mbedtls -0x7200: SSL - An invalid SSL record was received"
-        # axtls produces "RECORD_OVERFLOW"
+        # axtls produces "RECORD_OVERFLOW" but also prints "TLS buffer overflow,..."
        # CPython produces "[SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:1108)"
        ok = (
-            "invalid SSL record" in str(e)
+            "SSL_INVALID_RECORD" in str(e)
            or "RECORD_OVERFLOW" in str(e)
            or "wrong version" in str(e)
        )