Merge remote-tracking branch 'origin/pr/2678' into development

* origin/pr/2678:
  Update crypto submodule to 1.1.0d2
  all.sh: Perform targeted EtM tests for MAC-less configs
  ssl: Don't access non-existent encrypt_then_mac field

crypto

@@ -1 +1 @@
-Subproject commit 8907b019e756d2f02f21a1a32f072d20de13965e
+Subproject commit 47f2de132936905d97a93e2ddf7f5237ab232fbe

library/ssl_tls.c

@@ -953,7 +953,8 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
 
     MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> derive keys" ) );
 
-#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
+#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) && \
+    defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
     transform->encrypt_then_mac = session->encrypt_then_mac;
 #endif
     transform->minor_ver = ssl->minor_ver;

tests/scripts/all.sh

@@ -953,6 +953,20 @@ component_test_no_max_fragment_length_small_ssl_out_content_len () {
     if_build_succeeded tests/ssl-opt.sh -f "Max fragment length\|Large buffer"
 }
 
+component_test_when_no_ciphersuites_have_mac () {
+    msg "build: when no ciphersuites have MAC"
+    scripts/config.pl unset MBEDTLS_CIPHER_NULL_CIPHER
+    scripts/config.pl unset MBEDTLS_ARC4_C
+    scripts/config.pl unset MBEDTLS_CIPHER_MODE_CBC
+    make
+
+    msg "test: !MBEDTLS_SSL_SOME_MODES_USE_MAC"
+    make test
+
+    msg "test ssl-opt.sh: !MBEDTLS_SSL_SOME_MODES_USE_MAC"
+    if_build_succeeded tests/ssl-opt.sh -f 'Default\|EtM' -e 'without EtM'
+}
+
 component_test_null_entropy () {
     msg "build: default config with  MBEDTLS_TEST_NULL_ENTROPY (ASan build)"
     scripts/config.pl set MBEDTLS_TEST_NULL_ENTROPY

tests/suites/test_suite_ssl.function

@@ -159,7 +159,8 @@ static int build_transforms( mbedtls_ssl_transform *t_in,
      * Setup transforms
      */
 
-#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
+#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) && \
+    defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
     t_out->encrypt_then_mac = etm;
     t_in->encrypt_then_mac = etm;
 #else