I originally missed this when backporting because the option was
removed (and changed to always-on) in 3.0.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Many test cases in ssl-opt.sh need error messages (MBEDTLS_ERROR_C) or SSL
traces (MBEDTLS_DEBUG_C). Some sample configurations don't include these
options. When running ssl-opt.sh on those configurations, enable the
required options. They must be listed in the config*.h file, commented out.
Run ssl-opt in the following configurations with debug options:
ccm-psk-tls1_2, ccm-psk-dtls1_2, suite-b. Skip mini-tls1_1 for now because
it requires significant improvements to ssl-opt.sh (lots of missing
requires_xxx).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Since MBEDTLS_TIMING_C is enabled, mbedtls_entropy_init() adds the weak
source MBEDTLS_ENTROPY_MAX_SOURCES(). With mbedtls_platform_entropy_poll(),
this makes two sources. The unit tests need room for a third source.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
1. Copy config-ccm-psk-tls1_2.h
2. Add DTLS support
3. Add some TLS and DTLS features that are useful in low-bandwidth,
low-reliability networks
4. Reduce the SSL buffer to a very small size
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
