diff --git a/src/ssl.c b/src/ssl.c index b0f75214c..c26437ec5 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -14697,25 +14697,12 @@ int wolfSSL_set_compression(WOLFSSL* ssl) void wolfSSL_set_psk_use_session_callback(WOLFSSL* ssl, wc_psk_use_session_cb_func cb) { - byte haveRSA = 1; - int keySz = 0; - WOLFSSL_ENTER("wolfSSL_set_psk_use_session_callback"); ssl->options.havePSK = 1; ssl->options.session_psk_cb = cb; - - #ifdef NO_RSA - haveRSA = 0; - #endif - #ifndef NO_CERTS - keySz = ssl->buffers.keySz; - #endif - InitSuites(ssl->suites, ssl->version, keySz, haveRSA, TRUE, - ssl->options.haveDH, ssl->options.haveNTRU, - ssl->options.haveECDSAsig, ssl->options.haveECC, - ssl->options.haveStaticECC, ssl->options.haveAnon, - ssl->options.side); + + WOLFSSL_LEAVE("wolfSSL_set_psk_use_session_callback", WOLFSSL_SUCCESS); } #endif @@ -22383,18 +22370,19 @@ word32 wolfSSL_CIPHER_get_id(const WOLFSSL_CIPHER* cipher) const WOLFSSL_CIPHER* wolfSSL_get_cipher_by_value(word16 value) { - WOLFSSL_CIPHER* cipher = NULL; + const WOLFSSL_CIPHER* cipher = NULL; + byte cipherSuite0, cipherSuite; WOLFSSL_ENTER("SSL_get_cipher_by_value"); - cipher = (WOLFSSL_CIPHER*)XMALLOC(sizeof(WOLFSSL_CIPHER), NULL, - DYNAMIC_TYPE_OPENSSL); - if (cipher != NULL) { - /* extract cipher id information */ - cipher->cipherSuite = (value & 0xFF); - cipher->cipherSuite0 = ((value >> 8) & 0xFF); - } + /* extract cipher id information */ + cipherSuite = (value & 0xFF); + cipherSuite0 = ((value >> 8) & 0xFF); - return (const WOLFSSL_CIPHER*)cipher; + /* TODO: lookup by cipherSuite0 / cipherSuite */ + (void)cipherSuite0; + (void)cipherSuite; + + return cipher; } diff --git a/src/tls13.c b/src/tls13.c index 767c287d9..5a49a100d 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -2618,28 +2618,28 @@ static const WOLFSSL_EVP_MD* ssl_handshake_md(const byte mac_alg) { switch(mac_alg) { case no_mac: - #ifndef NO_MD5 + #ifndef NO_MD5 case md5_mac: return wolfSSL_EVP_md5(); - #endif - #ifndef NO_SHA + #endif + #ifndef NO_SHA case sha_mac: return wolfSSL_EVP_sha1(); - #endif - #ifdef WOLFSSL_SHA224 + #endif + #ifdef WOLFSSL_SHA224 case sha224_mac: return wolfSSL_EVP_sha224(); - #endif + #endif case sha256_mac: return wolfSSL_EVP_sha256(); - #ifdef WOLFSSL_SHA384 + #ifdef WOLFSSL_SHA384 case sha384_mac: return wolfSSL_EVP_sha384(); - #endif - #ifdef WOLFSSL_SHA512 + #endif + #ifdef WOLFSSL_SHA512 case sha512_mac: return wolfSSL_EVP_sha512(); - #endif + #endif case rmd_mac: case blake2b_mac: WOLFSSL_MSG("no suitable EVP_MD"); @@ -2696,30 +2696,31 @@ static int SetupPskKey(WOLFSSL* ssl, PreSharedKey* psk) byte cipherSuite0 = TLS13_BYTE, cipherSuite = WOLFSSL_DEF_PSK_CIPHER; int cipherSuiteFlags = WOLFSSL_CIPHER_SUITE_FLAG_NONE; - #ifdef OPENSSL_EXTRA + #ifdef OPENSSL_EXTRA const unsigned char* id = NULL; size_t idlen = 0; WOLFSSL_SESSION* psksession = NULL; const WOLFSSL_EVP_MD* handshake_md = NULL; - if (ssl->msgsReceived.got_hello_retry_request >= 1) { - handshake_md = ssl_handshake_md(ssl->specs.mac_algorithm); + if (ssl->options.session_psk_cb != NULL) { + + if (ssl->msgsReceived.got_hello_retry_request >= 1) { + handshake_md = ssl_handshake_md(ssl->specs.mac_algorithm); + } + /* Get the pre-shared key. */ + if (!ssl->options.session_psk_cb(ssl, handshake_md, + &id, &idlen, &psksession)) { + wolfSSL_SESSION_free(psksession); + WOLFSSL_MSG("psk session callback failed"); + return PSK_KEY_ERROR; + } } - - /* Get the pre-shared key. */ - if (ssl->options.session_psk_cb != NULL && - (!ssl->options.session_psk_cb(ssl, handshake_md, - &id, &idlen, &psksession))) { - wolfSSL_SESSION_free(psksession); - WOLFSSL_MSG("psk session callback failed"); - return PSK_KEY_ERROR; - } - + if (psksession == NULL && - #else + #else /* Get the pre-shared key. */ if ( - #endif + #endif ssl->options.client_psk_tls13_cb != NULL) { ssl->arrays->psk_keySz = ssl->options.client_psk_tls13_cb(ssl, (char *)psk->identity, ssl->arrays->client_identity, @@ -2731,7 +2732,7 @@ static int SetupPskKey(WOLFSSL* ssl, PreSharedKey* psk) } } else { - #ifdef OPENSSL_EXTRA + #ifdef OPENSSL_EXTRA if (psksession != NULL) { if (idlen > MAX_PSK_KEY_LEN) { WOLFSSL_MSG("psk key length is too long"); @@ -2744,8 +2745,9 @@ static int SetupPskKey(WOLFSSL* ssl, PreSharedKey* psk) cipherSuite = psksession->cipherSuite; /* no need anymore */ wolfSSL_SESSION_free(psksession); - } else - #endif + } + else + #endif ssl->arrays->psk_keySz = ssl->options.client_psk_cb(ssl, (char *)psk->identity, ssl->arrays->client_identity, MAX_PSK_ID_LEN, ssl->arrays->psk_key, MAX_PSK_KEY_LEN); diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 0670988c1..6dc918c6b 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -2162,10 +2162,9 @@ enum { /* ssl Constants */ WOLFSSL_API void wolfSSL_set_psk_client_callback(WOLFSSL*, wc_psk_client_callback); #ifdef OPENSSL_EXTRA - typedef int (*wc_psk_use_session_cb_func)(WOLFSSL* ssl, const WOLFSSL_EVP_MD* md, - const unsigned char **id, - size_t* idlen, - WOLFSSL_SESSION **sess); + typedef int (*wc_psk_use_session_cb_func)(WOLFSSL* ssl, + const WOLFSSL_EVP_MD* md, const unsigned char **id, + size_t* idlen, WOLFSSL_SESSION **sess); WOLFSSL_API void wolfSSL_set_psk_use_session_callback(WOLFSSL* ssl, wc_psk_use_session_cb_func cb); #endif diff --git a/wolfssl/test.h b/wolfssl/test.h index 670106ed8..8532125d7 100644 --- a/wolfssl/test.h +++ b/wolfssl/test.h @@ -1515,19 +1515,24 @@ static WC_INLINE unsigned int my_psk_server_tls13_cb(WOLFSSL* ssl, return 32; /* length of key in octets or 0 for error */ } -#if defined(OPENSSL_EXTRA) +#if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \ + !defined(NO_FILESYSTEM) static unsigned char local_psk[32]; +#endif static WC_INLINE int my_psk_use_session_cb(WOLFSSL* ssl, const WOLFSSL_EVP_MD* md, const unsigned char **id, size_t* idlen, WOLFSSL_SESSION **sess) { +#if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \ + !defined(NO_FILESYSTEM) int i; int b = 0x01; WOLFSSL_SESSION* lsess; - /* TLS13_BYTE 0x13 */ - /* TLS_AES_128_GCM_SHA256 0x01 */ - word16 cipher_id = (0x13<<8) | 0x01; + char buf[256]; + const char* cipher_id = "TLS13-AES128-GCM-SHA256"; const SSL_CIPHER* cipher = NULL; + STACK_OF(SSL_CIPHER) *supportedCiphers = NULL; + int numCiphers = 0; (void)ssl; (void)md; @@ -1537,23 +1542,50 @@ static WC_INLINE int my_psk_use_session_cb(WOLFSSL* ssl, if (lsess == NULL) { return 0; } - cipher = SSL_get_cipher_by_value(cipher_id); - - SSL_SESSION_set_cipher(lsess, cipher); - - for (i = 0; i < 32; i++, b += 0x22) { - if (b >= 0x100) - b = 0x01; - local_psk[i] = b; + supportedCiphers = SSL_get_ciphers(ssl); + numCiphers = sk_num(supportedCiphers); + + for (i = 0; i < numCiphers; ++i) { + + if ((cipher = (const WOLFSSL_CIPHER*)sk_value(supportedCiphers, i))) { + SSL_CIPHER_description(cipher, buf, sizeof(buf)); + } + + if (XMEMCMP(cipher_id, buf, XSTRLEN(cipher_id)) == 0) { + break; + } } - *id = local_psk; - *idlen = 32; - *sess = lsess; + if (i != numCiphers) { + SSL_SESSION_set_cipher(lsess, cipher); + for (i = 0; i < 32; i++, b += 0x22) { + if (b >= 0x100) + b = 0x01; + local_psk[i] = b; + } + + *id = local_psk; + *idlen = 32; + *sess = lsess; + + return 1; + } + else { + *id = NULL; + *idlen = 0; + *sess = NULL; + return 0; + } +#else + (void)ssl; + (void)md; + (void)id; + (void)idlen; + (void)sess; - return 1; -} + return 0; #endif +} #endif /* !NO_PSK */