search

Mbed-TLS / mbedtls

An open source, portable, easy to use, readable and flexible TLS library, and reference implementation of the PSA Cryptography API. Releases are on a varying cadence, typically around 3 - 6 months between releases.
https://www.trustedfirmware.org/projects/mbed-tls/
Other
5.25k stars 2.56k forks source link

generate_errors.pl: poor handling of long prefixed comments #8783

Open gilles-peskine-arm opened 8 months ago

gilles-peskine-arm commented 8 months ago

scripts/generate_errors.pl parses Doxygen comments attached to the definitions of MBEDTLS_ERR_xxx macros to generate messages in library/error.c. It doesn't handle prefixed messages well (thanks to irwir for the notice). As of b90e695e09363915961b62c93c69479254137769:

        case -(MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET):
            return( "SSL - * Received NewSessionTicket Post Handshake Message. This error code is experimental and may be changed or removed without notice" );
        case -(MBEDTLS_ERR_SSL_CANNOT_READ_EARLY_DATA):
            return( "SSL - Not possible to read early data" );
        case -(MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA):
            return( "SSL - * Early data has been received as part of an on-going handshake. This error code can be returned only on server side if and only if early data has been enabled by means of the mbedtls_ssl_conf_early_data() API. This error code can then be returned by mbedtls_ssl_handshake(), mbedtls_ssl_handshake_step(), mbedtls_ssl_read() or mbedtls_ssl_write() if early data has been received as part of the handshake sequence they triggered. To read the early data, call mbedtls_ssl_read_early_data()" );
irwir commented 8 months ago

The simplest fix could be to start description on the line with /** and limit error message to the first line only. Unless it breaks the general style or Doxygen.

irwir commented 6 months ago

This issue could be expected to be fixed before the release of 3.6.0. Line 425 in error.c is incorrect.