commit 8c51b7cd9427e9ab10a399270e66307bc0452e49
author Jarno Lamsa <jarno.lamsa@arm.com> Wed Aug 21 13:45:05 2019 +0300
committer Jarno Lamsa <jarno.lamsa@arm.com> Fri Aug 23 13:11:31 2019 +0300
tree aa4badec3e78634741cab0f98878cd34b7317eb2
parent bccf03591f38d8fd07f48fc8df54ee5881368db2

Add debug messages

Add debug messages to easier identify which condition fails
with usage restrictions in mbedtls_ssl_context_save()

library/ssl_tls.c

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 930613b..c60c5f7 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -11415,32 +11415,62 @@
      */
     /* The initial handshake must be over */
     if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "Initial handshake isn't over" ) );
         return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    }
     if( ssl->handshake != NULL )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "Handshake isn't completed" ) );
         return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    }
     /* Double-check that sub-structures are indeed ready */
     if( ssl->transform == NULL || ssl->session == NULL )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "Serialised structures aren't ready" ) );
         return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    }
     /* There must be no pending incoming or outgoing data */
     if( mbedtls_ssl_check_pending( ssl ) != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "There is pending incoming data" ) );
         return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    }
     if( ssl->out_left != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "There is pending outgoing data" ) );
         return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    }
     /* Protocol must be DLTS, not TLS */
     if( ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "Only DTLS is supported" ) );
         return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    }
     /* Version must be 1.2 */
     if( ssl->major_ver != MBEDTLS_SSL_MAJOR_VERSION_3 )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "Only version 1.2 supported" ) );
         return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    }
     if( ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_3 )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "Only version 1.2 supported" ) );
         return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    }
     /* We must be using an AEAD ciphersuite */
     if( mbedtls_ssl_transform_uses_aead( ssl->transform ) != 1 )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "Only AEAD ciphersuites supported" ) );
         return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    }
     /* Renegotiation must not be enabled */
 #if defined(MBEDTLS_SSL_RENEGOTIATION)
     if( ssl->conf->disable_renegotiation != MBEDTLS_SSL_RENEGOTIATION_DISABLED )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "Renegotiation must not be enabled" ) );
         return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    }
 #endif
 
     /*