commit cc3b7ccb04656e96ede99256ba25881be9021d08
author Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Mon Jun 24 18:06:53 2019 +0200
committer GitHub <noreply@github.com> Mon Jun 24 18:06:53 2019 +0200
tree 63463ebfba1eb0c2dc727e47f5a8aa30821a3f6b
parent e210b6616dab66367a24c00787419395c7795045
parent fa8e6dabd2259d8b3922e592f43a005df91e1435

Merge pull request #579 from Patater/bm-dont-use-non-existent-encrypt-then-mac

[Baremetal] ssl: Don't access non-existent encrypt_then_mac field

library/ssl_tls.c

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index a5c8c33..096b6c8 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -735,12 +735,14 @@
 static int ssl_populate_transform( mbedtls_ssl_transform *transform,
                                    int ciphersuite,
                                    const unsigned char master[48],
+#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
 #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
                                    int encrypt_then_mac,
 #endif
 #if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
                                    int trunc_hmac,
 #endif
+#endif /* MBEDTLS_SSL_SOME_MODES_USE_MAC */
 #if defined(MBEDTLS_ZLIB_SUPPORT)
                                    int compression,
 #endif
@@ -771,7 +773,8 @@
 #endif
 
     /* Copy info about negotiated version and extensions */
-#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
+#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) && \
+    defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
     transform->encrypt_then_mac = encrypt_then_mac;
 #endif
     transform->minor_ver = minor_ver;
@@ -1332,12 +1335,14 @@
     ret = ssl_populate_transform( ssl->transform_negotiate,
                                   ssl->session_negotiate->ciphersuite,
                                   ssl->session_negotiate->master,
+#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
 #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
                                   ssl->session_negotiate->encrypt_then_mac,
 #endif
 #if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
                                   ssl->session_negotiate->trunc_hmac,
 #endif
+#endif /* MBEDTLS_SSL_SOME_MODES_USE_MAC */
 #if defined(MBEDTLS_ZLIB_SUPPORT)
                                   ssl->session_negotiate->compression,
 #endif

tests/scripts/all.sh

diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index cd6d2da..8414d54 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -897,6 +897,20 @@
     if_build_succeeded tests/ssl-opt.sh -f "Max fragment length\|Large buffer"
 }
 
+component_test_when_no_ciphersuites_have_mac () {
+    msg "build: when no ciphersuites have MAC"
+    scripts/config.pl unset MBEDTLS_CIPHER_NULL_CIPHER
+    scripts/config.pl unset MBEDTLS_ARC4_C
+    scripts/config.pl unset MBEDTLS_CIPHER_MODE_CBC
+    make
+
+    msg "test: !MBEDTLS_SSL_SOME_MODES_USE_MAC"
+    make test
+
+    msg "test ssl-opt.sh: !MBEDTLS_SSL_SOME_MODES_USE_MAC"
+    if_build_succeeded tests/ssl-opt.sh -f 'Default\|EtM' -e 'without EtM'
+}
+
 component_test_null_entropy () {
     msg "build: default config with  MBEDTLS_TEST_NULL_ENTROPY (ASan build)"
     scripts/config.pl set MBEDTLS_TEST_NULL_ENTROPY

tests/suites/test_suite_ssl.function

diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index 65f5852..c6dd564 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@@ -159,7 +159,8 @@
      * Setup transforms
      */
 
-#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
+#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) && \
+    defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
     t_out->encrypt_then_mac = etm;
     t_in->encrypt_then_mac = etm;
 #else