Merge pull request #8434 from valeriosetti/issue8407

[G2] Make TLS work without Cipher
2023-11-04 15:05:00 +00:00 · 2023-11-04 15:05:00 +00:00 · 8b6b41f6cd
commit 8b6b41f6cd
parent c5ce9fcf03 74d48c89fa
8 changed files with 608 additions and 444 deletions
--- a/programs/ssl/ssl_context_info.c
+++ b/programs/ssl/ssl_context_info.c
@ -547,7 +547,6 @@ void print_deserialized_ssl_session(const uint8_t *ssl, uint32_t len,
    if (ciphersuite_info == NULL) {
        printf_err("Cannot find ciphersuite info\n");
    } else {
-        const mbedtls_cipher_info_t *cipher_info;
 #if defined(MBEDTLS_MD_C)
        const mbedtls_md_info_t *md_info;
 #endif
@ -555,12 +554,18 @@ void print_deserialized_ssl_session(const uint8_t *ssl, uint32_t len,
        printf("\tciphersuite    : %s\n", ciphersuite_info->name);
        printf("\tcipher flags   : 0x%02X\n", ciphersuite_info->flags);

+#if defined(MBEDTLS_CIPHER_C)
+        const mbedtls_cipher_info_t *cipher_info;
        cipher_info = mbedtls_cipher_info_from_type(ciphersuite_info->cipher);
        if (cipher_info == NULL) {
            printf_err("Cannot find cipher info\n");
        } else {
            printf("\tcipher         : %s\n", cipher_info->name);
        }
+#else /* MBEDTLS_CIPHER_C */
+        printf("\tcipher type     : %d\n", ciphersuite_info->cipher);
+#endif /* MBEDTLS_CIPHER_C */
+
 #if defined(MBEDTLS_MD_C)
        md_info = mbedtls_md_info_from_type(ciphersuite_info->mac);
        if (md_info == NULL) {
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@ -271,6 +271,7 @@ int main(void)
 #else
 #define USAGE_PSK ""
 #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
+
 #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
 #define USAGE_CA_CALLBACK                       \
    "   ca_callback=%%d       default: 0 (disabled)\n"      \
@ -278,13 +279,21 @@ int main(void)
 #else
 #define USAGE_CA_CALLBACK ""
 #endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
+
 #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C)
+#if defined(MBEDTLS_CIPHER_C)
 #define USAGE_TICKETS                                       \
    "    tickets=%%d          default: 1 (enabled)\n"       \
    "    ticket_rotate=%%d    default: 0 (disabled)\n"      \
    "    ticket_timeout=%%d   default: 86400 (one day)\n"   \
    "    ticket_aead=%%s      default: \"AES-256-GCM\"\n"
-#else
+#else /* MBEDTLS_CIPHER_C */
+#define USAGE_TICKETS                                       \
+    "    tickets=%%d          default: 1 (enabled)\n"       \
+    "    ticket_rotate=%%d    default: 0 (disabled)\n"      \
+    "    ticket_timeout=%%d   default: 86400 (one day)\n"
+#endif /* MBEDTLS_CIPHER_C */
+#else /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_TICKET_C */
 #define USAGE_TICKETS ""
 #endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_TICKET_C */

@ -2134,14 +2143,18 @@ usage:
            if (opt.ticket_timeout < 0) {
                goto usage;
            }
-        } else if (strcmp(p, "ticket_aead") == 0) {
+        }
+#if defined(MBEDTLS_CIPHER_C)
+        else if (strcmp(p, "ticket_aead") == 0) {
            const mbedtls_cipher_info_t *ci = mbedtls_cipher_info_from_string(q);

            if (ci == NULL) {
                goto usage;
            }
            opt.ticket_aead = mbedtls_cipher_info_get_type(ci);
-        } else if (strcmp(p, "cache_max") == 0) {
+        }
+#endif
+        else if (strcmp(p, "cache_max") == 0) {
            opt.cache_max = atoi(q);
            if (opt.cache_max < 0) {
                goto usage;