Merge pull request #6208 from AndrzejKurek/tls-tests-no-md-structured

Remove the dependency on MD from TLS 1.2 tests
2025-08-08 17:42:09 +03:00 · 2022-08-30 12:34:37 +02:00
parent a84ce3fa81 32bd063773
commit bf22a2500b
16 changed files with 953 additions and 955 deletions
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -1789,6 +1789,7 @@ int main( int argc, char *argv[] )
    }

 #if defined(MBEDTLS_X509_CRT_PARSE_C)
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
    /* The default algorithms profile disables SHA-1, but our tests still
       rely on it heavily. */
    if( opt.allow_sha1 > 0 )
@@ -1797,11 +1798,11 @@ int main( int argc, char *argv[] )
        mbedtls_ssl_conf_cert_profile( &conf, &crt_profile_for_test );
        mbedtls_ssl_conf_sig_algs( &conf, ssl_sig_algs_for_test );
    }
-
    if( opt.context_crt_cb == 0 )
        mbedtls_ssl_conf_verify( &conf, my_verify, NULL );

    memset( peer_crt_info, 0, sizeof( peer_crt_info ) );
+#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
 #endif /* MBEDTLS_X509_CRT_PARSE_C */

 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
--- a/programs/ssl/ssl_context_info.c
+++ b/programs/ssl/ssl_context_info.c
@@ -645,7 +645,7 @@ void print_deserialized_ssl_session( const uint8_t *ssl, uint32_t len,
        {
            printf( "\tcipher         : %s\n", cipher_info->name );
        }
-
+#if defined(MBEDTLS_MD_C)
        md_info = mbedtls_md_info_from_type( ciphersuite_info->mac );
        if( md_info == NULL )
        {
@@ -655,6 +655,7 @@ void print_deserialized_ssl_session( const uint8_t *ssl, uint32_t len,
        {
            printf( "\tMessage-Digest : %s\n", mbedtls_md_get_name( md_info ) );
        }
+#endif /* MBEDTLS_MD_C */
    }

    CHECK_SSL_END( 1 );
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -2753,6 +2753,7 @@ int main( int argc, char *argv[] )
    }

 #if defined(MBEDTLS_X509_CRT_PARSE_C)
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
    /* The default algorithms profile disables SHA-1, but our tests still
       rely on it heavily. Hence we allow it here. A real-world server
       should use the default profile unless there is a good reason not to. */
@@ -2762,6 +2763,7 @@ int main( int argc, char *argv[] )
        mbedtls_ssl_conf_cert_profile( &conf, &crt_profile_for_test );
        mbedtls_ssl_conf_sig_algs( &conf, ssl_sig_algs_for_test );
    }
+#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
 #endif /* MBEDTLS_X509_CRT_PARSE_C */

    if( opt.auth_mode != DFL_AUTH_MODE )