Add debug messages

Add debug messages to easier identify which condition fails with usage restrictions in mbedtls_ssl_context_save()
2025-11-03 20:22:59 -05:00 · 2019-08-21 13:45:05 +03:00 · 2019-08-21 13:45:05 +03:00 · 8c51b7cd94
commit 8c51b7cd94
parent bccf03591f
1 changed files with 30 additions and 0 deletions
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@ -11415,32 +11415,62 @@ int mbedtls_ssl_context_save( mbedtls_ssl_context *ssl,
     */
    /* The initial handshake must be over */
    if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "Initial handshake isn't over" ) );
        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    }
    if( ssl->handshake != NULL )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "Handshake isn't completed" ) );
        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    }
    /* Double-check that sub-structures are indeed ready */
    if( ssl->transform == NULL || ssl->session == NULL )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "Serialised structures aren't ready" ) );
        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    }
    /* There must be no pending incoming or outgoing data */
    if( mbedtls_ssl_check_pending( ssl ) != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "There is pending incoming data" ) );
        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    }
    if( ssl->out_left != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "There is pending outgoing data" ) );
        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    }
    /* Protocol must be DLTS, not TLS */
    if( ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "Only DTLS is supported" ) );
        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    }
    /* Version must be 1.2 */
    if( ssl->major_ver != MBEDTLS_SSL_MAJOR_VERSION_3 )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "Only version 1.2 supported" ) );
        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    }
    if( ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_3 )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "Only version 1.2 supported" ) );
        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    }
    /* We must be using an AEAD ciphersuite */
    if( mbedtls_ssl_transform_uses_aead( ssl->transform ) != 1 )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "Only AEAD ciphersuites supported" ) );
        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    }
    /* Renegotiation must not be enabled */
 #if defined(MBEDTLS_SSL_RENEGOTIATION)
    if( ssl->conf->disable_renegotiation != MBEDTLS_SSL_RENEGOTIATION_DISABLED )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "Renegotiation must not be enabled" ) );
        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    }
 #endif

    /*