commit a3daa21d8c962a97d63d263362a5c6cc125ce8d4
author Jaeden Amero <jaeden.amero@arm.com> Mon Jun 10 11:00:14 2019 +0100
committer Jaeden Amero <jaeden.amero@arm.com> Mon Jun 10 11:00:14 2019 +0100
tree 2d5008b05fd2ca537af17ac599bcb57cfc998f3a
parent 048df33d628450410ce2b1122c40d24b683ce7ed
parent e1ae731efa2c18f34fcb6173762b0645329cd6be

Merge remote-tracking branch 'origin/pr/2678' into development

* origin/pr/2678:
  Update crypto submodule to 1.1.0d2
  all.sh: Perform targeted EtM tests for MAC-less configs
  ssl: Don't access non-existent encrypt_then_mac field

crypto

diff --git a/crypto b/crypto
index 8907b01..47f2de1 160000
--- a/crypto
+++ b/crypto
@@ -1 +1 @@
-Subproject commit 8907b019e756d2f02f21a1a32f072d20de13965e
+Subproject commit 47f2de132936905d97a93e2ddf7f5237ab232fbe

library/ssl_tls.c

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 56e9c8b..d9e777d 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -953,7 +953,8 @@
 
     MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> derive keys" ) );
 
-#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
+#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) && \
+    defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
     transform->encrypt_then_mac = session->encrypt_then_mac;
 #endif
     transform->minor_ver = ssl->minor_ver;

tests/scripts/all.sh

diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 86c0ce5..22579fc 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -953,6 +953,20 @@
     if_build_succeeded tests/ssl-opt.sh -f "Max fragment length\|Large buffer"
 }
 
+component_test_when_no_ciphersuites_have_mac () {
+    msg "build: when no ciphersuites have MAC"
+    scripts/config.pl unset MBEDTLS_CIPHER_NULL_CIPHER
+    scripts/config.pl unset MBEDTLS_ARC4_C
+    scripts/config.pl unset MBEDTLS_CIPHER_MODE_CBC
+    make
+
+    msg "test: !MBEDTLS_SSL_SOME_MODES_USE_MAC"
+    make test
+
+    msg "test ssl-opt.sh: !MBEDTLS_SSL_SOME_MODES_USE_MAC"
+    if_build_succeeded tests/ssl-opt.sh -f 'Default\|EtM' -e 'without EtM'
+}
+
 component_test_null_entropy () {
     msg "build: default config with  MBEDTLS_TEST_NULL_ENTROPY (ASan build)"
     scripts/config.pl set MBEDTLS_TEST_NULL_ENTROPY

tests/suites/test_suite_ssl.function

diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index cc7d8dc..104a52f 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@@ -159,7 +159,8 @@
      * Setup transforms
      */
 
-#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
+#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) && \
+    defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
     t_out->encrypt_then_mac = etm;
     t_in->encrypt_then_mac = etm;
 #else