Google Git
Sign in
pigweed / third_party / github / ARMmbed / mbedtls / 2de07f1dd1b771c19d22aa58e083c0c69ca270aa^! / . / tests / scripts / all.sh
commit2de07f1dd1b771c19d22aa58e083c0c69ca270aa[log] [tgz]
authorJaeden Amero <jaeden@patater.com>Wed Jun 05 13:32:08 2019 +0100
committerJaeden Amero <jaeden@patater.com>Wed Jun 05 14:09:29 2019 +0100
treea5d996e42fdd141de3239df34ec644324fa354ae
parenta1491fe74f7f7d8b42512957cf5f705bbd9cfe54 [diff] [blame]
ssl: Don't access non-existent encrypt_then_mac field

When MBEDTLS_SSL_ENCRYPT_THEN_MAC is enabled, but not
MBEDTLS_SSL_SOME_MODES_USE_MAC, mbedtls_ssl_derive_keys() and
build_transforms() will attempt to use a non-existent `encrypt_then_mac`
field in the ssl_transform.

    Compile [ 93.7%]: ssl_tls.c
    [Error] ssl_tls.c@865,14: 'mbedtls_ssl_transform {aka struct mbedtls_ssl_transform}' ha
s no member named 'encrypt_then_mac'
    [ERROR] ./mbed-os/features/mbedtls/src/ssl_tls.c: In function 'mbedtls_ssl_derive_keys'
:
    ./mbed-os/features/mbedtls/src/ssl_tls.c:865:14: error: 'mbedtls_ssl_transform {aka str
uct mbedtls_ssl_transform}' has no member named 'encrypt_then_mac'
         transform->encrypt_then_mac = session->encrypt_then_mac;
                  ^~

Change mbedtls_ssl_derive_keys() and build_transforms() to only access
`encrypt_then_mac` if `encrypt_then_mac` is actually present.

Add a regression test to detect when we have regressions with
configurations that do not include any MAC ciphersuites.

Fixes d56ed2491be9 ("Reduce size of `ssl_transform` if no MAC ciphersuite is enabled")

diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 86c0ce5..51053d7 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh

@@ -953,6 +953,20 @@
     if_build_succeeded tests/ssl-opt.sh -f "Max fragment length\|Large buffer"
 }
 
+component_test_when_no_ciphersuites_have_mac () {
+    msg "build: when no ciphersuites have MAC"
+    scripts/config.pl unset MBEDTLS_CIPHER_NULL_CIPHER
+    scripts/config.pl unset MBEDTLS_ARC4_C
+    scripts/config.pl unset MBEDTLS_CIPHER_MODE_CBC
+    make
+
+    msg "test: !MBEDTLS_SSL_SOME_MODES_USE_MAC"
+    make test
+
+    msg "test ssl-opt.sh: !MBEDTLS_SSL_SOME_MODES_USE_MAC"
+    if_build_succeeded tests/ssl-opt.sh
+}
+
 component_test_null_entropy () {
     msg "build: default config with  MBEDTLS_TEST_NULL_ENTROPY (ASan build)"
     scripts/config.pl set MBEDTLS_TEST_NULL_ENTROPY