extmod/modussl_mbedtls: Integrate shorter error strings.

tve · dpgeorge · commit 5264478007c7 · 2020-07-21T00:31:05.000+10:00
The stm32 and esp32 ports now use shorter error strings for mbedtls errors.
Also, MBEDTLS_ERROR_C is enabled on stm32 by default to get these strings.
diff --git a/extmod/modussl_mbedtls.c b/extmod/modussl_mbedtls.c
@@ -77,17 +77,21 @@ STATIC void mbedtls_debug(void *ctx, int level, const char *file, int line, cons
 #endif
 
 STATIC NORETURN void mbedtls_raise_error(int err) {
-    #if defined(MBEDTLS_ERROR_C)
-    // Including mbedtls_strerror takes about 16KB on the esp32 due to all the strings.
-    // MBEDTLS_ERROR_C is the define used by mbedtls to conditionally include mbedtls_strerror.
-    // It is set/unset in the MBEDTLS_CONFIG_FILE which is defined in the Makefile.
-    // "small" negative integer error codes come from underlying stream/sockets, not mbedtls
+    // _mbedtls_ssl_send and _mbedtls_ssl_recv (below) turn positive error codes from the
+    // underlying socket into negative codes to pass them through mbedtls. Here we turn them
+    // positive again so they get interpreted as the OSError they really are. The
+    // cut-off of -256 is a bit hacky, sigh.
     if (err < 0 && err > -256) {
         mp_raise_OSError(-err);
     }
 
+    #if defined(MBEDTLS_ERROR_C)
+    // Including mbedtls_strerror takes about 1.5KB due to the error strings.
+    // MBEDTLS_ERROR_C is the define used by mbedtls to conditionally include mbedtls_strerror.
+    // It is set/unset in the MBEDTLS_CONFIG_FILE which is defined in the Makefile.
+
     // Try to allocate memory for the message
-    #define ERR_STR_MAX 100  // mbedtls_strerror truncates if it doesn't fit
+    #define ERR_STR_MAX 80  // mbedtls_strerror truncates if it doesn't fit
     mp_obj_str_t *o_str = m_new_obj_maybe(mp_obj_str_t);
     byte *o_str_buf = m_new_maybe(byte, ERR_STR_MAX);
     if (o_str == NULL || o_str_buf == NULL) {
@@ -96,7 +100,7 @@ STATIC NORETURN void mbedtls_raise_error(int err) {
 
     // print the error message into the allocated buffer
     mbedtls_strerror(err, (char *)o_str_buf, ERR_STR_MAX);
-    size_t len = strnlen((char *)o_str_buf, ERR_STR_MAX);
+    size_t len = strlen((char *)o_str_buf);
 
     // Put the exception object together
     o_str->base.type = &mp_type_str;
@@ -108,7 +112,7 @@ STATIC NORETURN void mbedtls_raise_error(int err) {
     nlr_raise(mp_obj_exception_make_new(&mp_type_OSError, 2, 0, args));
     #else
     // mbedtls is compiled without error strings so we simply return the err number
-    mp_raise_OSError(err); // typ. err is negative
+    mp_raise_OSError(err); // err is typically a large negative number
     #endif
 }
 
diff --git a/ports/esp32/Makefile b/ports/esp32/Makefile
@@ -362,6 +362,7 @@ EXTMOD_SRC_C += $(addprefix extmod/,\
 	)
 
 LIB_SRC_C = $(addprefix lib/,\
+	mbedtls_errors/mp_mbedtls_errors.c \
 	mp-readline/readline.c \
 	netutils/netutils.c \
 	timeutils/timeutils.c \
@@ -506,11 +507,12 @@ ESPIDF_LWIP_O = $(patsubst %.c,%.o,\
 	$(wildcard $(ESPCOMP)/lwip/port/esp32/*/*.c) \
 	)
 
-ESPIDF_MBEDTLS_O = $(patsubst %.c,%.o,\
+# Mbedtls source files, exclude error.c in favor of lib/mbedtls_errors/mp_mbedtls_errors.c
+ESPIDF_MBEDTLS_O = $(patsubst %.c,%.o, $(filter-out %/error.c,\
 	$(wildcard $(ESPCOMP)/mbedtls/mbedtls/library/*.c) \
 	$(wildcard $(ESPCOMP)/mbedtls/port/*.c) \
 	$(wildcard $(ESPCOMP)/mbedtls/port/esp32/*.c) \
-	)
+	))
 
 ESPIDF_MDNS_O = $(patsubst %.c,%.o,$(wildcard $(ESPCOMP)/mdns/*.c))
 
diff --git a/ports/stm32/Makefile b/ports/stm32/Makefile
@@ -472,6 +472,9 @@ endif
 ifeq ($(MICROPY_SSL_MBEDTLS),1)
 CFLAGS_MOD += -DMBEDTLS_CONFIG_FILE='"mbedtls/mbedtls_config.h"'
 SRC_MOD += mbedtls/mbedtls_port.c
+# replace mbedtls' error.c by ours
+SRC_MOD := $(filter-out %/mbedtls/library/error.c, $(SRC_MOD))
+LIB_SRC_C += lib/mbedtls_errors/mp_mbedtls_errors.c
 endif
 
 ifeq ($(MICROPY_PY_BLUETOOTH),1)
diff --git a/ports/stm32/mbedtls/mbedtls_config.h b/ports/stm32/mbedtls/mbedtls_config.h
@@ -67,6 +67,7 @@
 #define MBEDTLS_CTR_DRBG_C
 //#define MBEDTLS_ECP_C
 #define MBEDTLS_ENTROPY_C
+#define MBEDTLS_ERROR_C
 #define MBEDTLS_MD_C
 #define MBEDTLS_MD5_C
 #define MBEDTLS_OID_C
diff --git a/tests/net_inet/test_tls_sites.py b/tests/net_inet/test_tls_sites.py
@@ -54,7 +54,7 @@ def main():
             test_one(site, opts)
             print(site, "ok")
         except Exception as e:
-            print(site, repr(e))
+            print(site, e)
 
 
 main()
diff --git a/tests/net_inet/tls_text_errors.py b/tests/net_inet/tls_text_errors.py
@@ -14,10 +14,10 @@ def test(addr):
         print("wrap: no exception")
     except OSError as e:
         # mbedtls produces "mbedtls -0x7200: SSL - An invalid SSL record was received"
-        # axtls produces "RECORD_OVERFLOW"
+        # axtls produces "RECORD_OVERFLOW" but also prints "TLS buffer overflow,..."
         # CPython produces "[SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:1108)"
         ok = (
-            "invalid SSL record" in str(e)
+            "SSL_INVALID_RECORD" in str(e)
             or "RECORD_OVERFLOW" in str(e)
             or "wrong version" in str(e)
         )
