Add missing dependencies / alternatives

A number of places lacked the necessary dependencies on one of the used features: MD, key exchange with certificate, entropy, or ETM. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2025-08-08 17:42:09 +03:00 · 2022-08-17 16:17:00 -04:00
parent 7bb8bab457
commit 8c95ac4500
6 changed files with 17 additions and 8 deletions
--- a/programs/fuzz/fuzz_privkey.c
+++ b/programs/fuzz/fuzz_privkey.c
@@ -16,7 +16,7 @@ const char *pers = "fuzz_privkey";
 #endif // MBEDTLS_PK_PARSE_C && MBEDTLS_CTR_DRBG_C

 int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
-#if defined(MBEDTLS_PK_PARSE_C) && defined(MBEDTLS_CTR_DRBG_C)
+#if defined(MBEDTLS_PK_PARSE_C) && defined(MBEDTLS_CTR_DRBG_C) && defined(MBEDTLS_ENTROPY_C)
    int ret;
    mbedtls_pk_context pk;
    mbedtls_ctr_drbg_context ctr_drbg;
@@ -88,7 +88,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
 #else
    (void) Data;
    (void) Size;
-#endif // MBEDTLS_PK_PARSE_C && MBEDTLS_CTR_DRBG_C
+#endif // MBEDTLS_PK_PARSE_C && MBEDTLS_CTR_DRBG_C && MBEDTLS_ENTROPY_C

    return 0;
 }
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -1789,6 +1789,7 @@ int main( int argc, char *argv[] )
    }

 #if defined(MBEDTLS_X509_CRT_PARSE_C)
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
    /* The default algorithms profile disables SHA-1, but our tests still
       rely on it heavily. */
    if( opt.allow_sha1 > 0 )
@@ -1797,11 +1798,11 @@ int main( int argc, char *argv[] )
        mbedtls_ssl_conf_cert_profile( &conf, &crt_profile_for_test );
        mbedtls_ssl_conf_sig_algs( &conf, ssl_sig_algs_for_test );
    }
-
    if( opt.context_crt_cb == 0 )
        mbedtls_ssl_conf_verify( &conf, my_verify, NULL );

    memset( peer_crt_info, 0, sizeof( peer_crt_info ) );
+#endif
 #endif /* MBEDTLS_X509_CRT_PARSE_C */

 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
--- a/programs/ssl/ssl_context_info.c
+++ b/programs/ssl/ssl_context_info.c
@@ -645,7 +645,7 @@ void print_deserialized_ssl_session( const uint8_t *ssl, uint32_t len,
        {
            printf( "\tcipher         : %s\n", cipher_info->name );
        }
-
+#if defined(MBEDTLS_MD_C)
        md_info = mbedtls_md_info_from_type( ciphersuite_info->mac );
        if( md_info == NULL )
        {
@@ -655,6 +655,7 @@ void print_deserialized_ssl_session( const uint8_t *ssl, uint32_t len,
        {
            printf( "\tMessage-Digest : %s\n", mbedtls_md_get_name( md_info ) );
        }
+#endif
    }

    CHECK_SSL_END( 1 );
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -2753,6 +2753,7 @@ int main( int argc, char *argv[] )
    }

 #if defined(MBEDTLS_X509_CRT_PARSE_C)
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
    /* The default algorithms profile disables SHA-1, but our tests still
       rely on it heavily. Hence we allow it here. A real-world server
       should use the default profile unless there is a good reason not to. */
@@ -2762,6 +2763,7 @@ int main( int argc, char *argv[] )
        mbedtls_ssl_conf_cert_profile( &conf, &crt_profile_for_test );
        mbedtls_ssl_conf_sig_algs( &conf, ssl_sig_algs_for_test );
    }
+#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
 #endif /* MBEDTLS_X509_CRT_PARSE_C */

    if( opt.auth_mode != DFL_AUTH_MODE )