domenico/openwrt_NSS_ACW
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

mbedtls: Kconfig option to enable/disable debug functions

Browse Source 
This introduces a new Kconfig option to switch on/off mbedtls' support
for debug functions.

The idea behind is to inspect TLS traffic with Wireshark for debug
purposes. At the moment, there is no native or 'nice' support for
this, but at
68aea15833
an example implementation can be found which uses the debug functions
of the library. However, this requires to have this debug stuff enabled
in the library, but at the moment it is staticly patched out.

So this patch removes the static part from the configuration patch
and introduces a dynamic config file editing during build.

When enabled, this heavily increases the library size, so I added
a warning in the Kconfig help section.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
This commit is contained in:
Michael Heimpold
2019-01-04 00:00:41 +01:00
committed by Hauke Mehrtens
parent e8f2302516
commit 268b5bec80
2 changed files with 28 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
package/libs/mbedtls/Makefile
View File

@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=mbedtls PKG_NAME:=mbedtls
PKG_VERSION:=2.16.0 PKG_VERSION:=2.16.0
PKG_RELEASE:=1 PKG_RELEASE:=2
PKG_USE_MIPS16:=0 PKG_USE_MIPS16:=0
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-gpl.tgz PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-gpl.tgz
@@ -20,6 +20,8 @@ PKG_BUILD_PARALLEL:=1
PKG_LICENSE:=GPL-2.0+ PKG_LICENSE:=GPL-2.0+
PKG_CPE_ID:=cpe:/a:arm:mbed_tls PKG_CPE_ID:=cpe:/a:arm:mbed_tls
PKG_CONFIG_DEPENDS:=CONFIG_LIBMBEDTLS_DEBUG_C
include $(INCLUDE_DIR)/package.mk include $(INCLUDE_DIR)/package.mk
include $(INCLUDE_DIR)/cmake.mk include $(INCLUDE_DIR)/cmake.mk
@@ -42,6 +44,20 @@ $(call Package/mbedtls/Default)
ABI_VERSION:=12 ABI_VERSION:=12
endef endef
define Package/libmbedtls/config
config LIBMBEDTLS_DEBUG_C
depends on PACKAGE_libmbedtls
bool "Enable debug functions"
default n
help
This option enables mbedtls library's debug functions.
It increases the uncompressed libmbedtls binary size
by around 60 KiB (for an ARMv5 platform).
Usually, you don't need this, so don't select this if you're unsure.
endef
define Package/mbedtls-util define Package/mbedtls-util
$(call Package/mbedtls/Default) $(call Package/mbedtls/Default)
SECTION:=utils SECTION:=utils
@@ -71,6 +87,17 @@ CMAKE_OPTIONS += \
-DENABLE_TESTING:Bool=OFF \ -DENABLE_TESTING:Bool=OFF \
-DENABLE_PROGRAMS:Bool=ON -DENABLE_PROGRAMS:Bool=ON
define Build/Configure
$(Build/Configure/Default)
awk 'BEGIN { rc = 1 } \
/#define MBEDTLS_DEBUG_C/ { $$$$0 = "$(if $(CONFIG_LIBMBEDTLS_DEBUG_C),,// )#define MBEDTLS_DEBUG_C"; rc = 0 } \
{ print } \
END { exit(rc) }' $(PKG_BUILD_DIR)/include/mbedtls/config.h \
>$(PKG_BUILD_DIR)/include/mbedtls/config.h.new && \
mv $(PKG_BUILD_DIR)/include/mbedtls/config.h.new $(PKG_BUILD_DIR)/include/mbedtls/config.h
endef
define Build/InstallDev define Build/InstallDev
$(INSTALL_DIR) $(1)/usr/include $(INSTALL_DIR) $(1)/usr/include
$(CP) $(PKG_INSTALL_DIR)/usr/include/mbedtls $(1)/usr/include/ $(CP) $(PKG_INSTALL_DIR)/usr/include/mbedtls $(1)/usr/include/

9
package/libs/mbedtls/patches/200-config.patch
View File

@@ -180,15 +180,6 @@
/** /**
* \def MBEDTLS_CHACHA20_C * \def MBEDTLS_CHACHA20_C
@@ -2120,7 +2120,7 @@
*
* This module provides debugging functions.
*/
-#define MBEDTLS_DEBUG_C
+//#define MBEDTLS_DEBUG_C
/**
* \def MBEDTLS_DES_C
@@ -2149,7 +2149,7 @@ @@ -2149,7 +2149,7 @@
* \warning DES is considered a weak cipher and its use constitutes a * \warning DES is considered a weak cipher and its use constitutes a
* security risk. We recommend considering stronger ciphers instead. * security risk. We recommend considering stronger ciphers instead.