From 303fb2bb62440f2d644f90ffe54e236350711bec Mon Sep 17 00:00:00 2001
From: kaleb-himes <kaleb@wolfssl.com>
Date: Fri, 31 Jul 2015 21:51:04 -0600
Subject: [PATCH 1/2] Option for no PSK Id Hint and test cases

update comment file reference
---
 examples/server/server.c  |  19 ++++-
 tests/suites.c            |  11 +++
 tests/test-psk-no-id.conf | 169 ++++++++++++++++++++++++++++++++++++++
 3 files changed, 197 insertions(+), 2 deletions(-)
 create mode 100644 tests/test-psk-no-id.conf

diff --git a/examples/server/server.c b/examples/server/server.c
index 118a7e98e..cba04bc48 100644
--- a/examples/server/server.c
+++ b/examples/server/server.c
@@ -158,6 +158,9 @@ static void Usage(void)
 #ifdef HAVE_ANON
     printf("-a          Anonymous server\n");
 #endif
+#ifndef NO_PSK
+    printf("-I          Do not send PSK identity hint\n");
+#endif
 }
 
 THREAD_RETURN CYASSL_THREAD server_test(void* args)
@@ -199,6 +202,10 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
     int    argc = ((func_args*)args)->argc;
     char** argv = ((func_args*)args)->argv;
 
+#ifndef NO_PSK
+    int doNotSendPskIdentityHint = 1;
+#endif
+
 #ifdef HAVE_SNI
     char*  sniHostName = NULL;
 #endif
@@ -230,7 +237,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
     fdOpenSession(Task_self());
 #endif
 
-    while ((ch = mygetopt(argc, argv, "?dbstnNufrRawPp:v:l:A:c:k:Z:S:oO:D:"))
+    while ((ch = mygetopt(argc, argv, "?dbstnNufrRawPIp:v:l:A:c:k:Z:S:oO:D:"))
                          != -1) {
         switch (ch) {
             case '?' :
@@ -363,6 +370,11 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
                     useAnon = 1;
                 #endif
                 break;
+            case 'I':
+                #ifndef NO_PSK
+                    doNotSendPskIdentityHint = 0;
+                #endif
+                break;
 
             default:
                 Usage();
@@ -500,7 +512,10 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
     if (usePsk) {
 #ifndef NO_PSK
         SSL_CTX_set_psk_server_callback(ctx, my_psk_server_cb);
-        SSL_CTX_use_psk_identity_hint(ctx, "cyassl server");
+
+        if (doNotSendPskIdentityHint == 1)
+            SSL_CTX_use_psk_identity_hint(ctx, "cyassl server");
+
         if (cipherList == NULL) {
             const char *defaultCipherList;
             #if defined(HAVE_AESGCM) && !defined(NO_DH)
diff --git a/tests/suites.c b/tests/suites.c
index cb30cdf25..4095581e9 100644
--- a/tests/suites.c
+++ b/tests/suites.c
@@ -476,6 +476,17 @@ int SuiteTest(void)
     }
 #endif
 
+#ifndef NO_PSK
+    /* add psk extra suites */
+    strcpy(argv0[1], "tests/test-psk-no-id.conf");
+    printf("starting psk no identity extra cipher suite tests\n");
+    test_harness(&args);
+    if (args.return_code != 0) {
+        printf("error from script %d\n", args.return_code);
+        exit(EXIT_FAILURE);
+    }
+#endif
+
     printf(" End Cipher Suite Tests\n");
 
     wolfSSL_CTX_free(cipherSuiteCtx);
diff --git a/tests/test-psk-no-id.conf b/tests/test-psk-no-id.conf
new file mode 100644
index 000000000..8dff242db
--- /dev/null
+++ b/tests/test-psk-no-id.conf
@@ -0,0 +1,169 @@
+#################################
+# ^ Make sure to leave a blank line here. As suites.c parses this file
+# and determines if it's executing a test or not based on every other blank
+# line.
+#
+# Begin No PSK Identity Hint
+#################################
+# No Hint server TLSv1 PSK-AES128
+-s
+-I
+-v 1
+-l PSK-AES128-CBC-SHA
+
+# No Hint client TLSv1 PSK-AES128
+-s
+-v 1
+-l PSK-AES128-CBC-SHA
+
+# No Hint server TLSv1 PSK-AES256
+-s
+-I
+-v 1
+-l PSK-AES256-CBC-SHA
+
+# No Hint client TLSv1 PSK-AES256
+-s
+-v 1
+-l PSK-AES256-CBC-SHA
+
+# No Hint server TLSv1.1 PSK-AES128
+-s
+-I
+-v 2
+-l PSK-AES128-CBC-SHA
+
+# No Hint client TLSv1.1 PSK-AES128
+-s
+-v 2
+-l PSK-AES128-CBC-SHA
+
+# No Hint server TLSv1.1 PSK-AES256
+-s
+-I
+-v 2
+-l PSK-AES256-CBC-SHA
+
+# No Hint client TLSv1.1 PSK-AES256
+-s
+-v 2
+-l PSK-AES256-CBC-SHA
+
+# No Hint server TLSv1.2 PSK-AES128
+-s
+-I
+-v 3
+-l PSK-AES128-CBC-SHA
+
+# No Hint client TLSv1.2 PSK-AES128
+-s
+-v 3
+-l PSK-AES128-CBC-SHA
+
+# No Hint server TLSv1.2 PSK-AES256
+-s
+-I
+-v 3
+-l PSK-AES256-CBC-SHA
+
+# No Hint client TLSv1.2 PSK-AES256
+-s
+-v 3
+-l PSK-AES256-CBC-SHA
+
+# No Hint server TLSv1.0 PSK-AES128-SHA256
+-s
+-I
+-v 1
+-l PSK-AES128-CBC-SHA256
+
+# No Hint client TLSv1.0 PSK-AES128-SHA256
+-s
+-v 1
+-l PSK-AES128-CBC-SHA256
+
+# No Hint server TLSv1.1 PSK-AES128-SHA256
+-s
+-I
+-v 2
+-l PSK-AES128-CBC-SHA256
+
+# No Hint client TLSv1.1 PSK-AES128-SHA256
+-s
+-v 2
+-l PSK-AES128-CBC-SHA256
+
+# No Hint server TLSv1.2 PSK-AES128-SHA256
+-s
+-I
+-v 3
+-l PSK-AES128-CBC-SHA256
+
+# No Hint client TLSv1.2 PSK-AES128-SHA256
+-s
+-v 3
+-l PSK-AES128-CBC-SHA256
+
+# No Hint server TLSv1.0 PSK-AES256-SHA384
+-s
+-I
+-v 1
+-l PSK-AES256-CBC-SHA384
+
+# No Hint client TLSv1.0 PSK-AES256-SHA384
+-s
+-v 1
+-l PSK-AES256-CBC-SHA384
+
+# No Hint server TLSv1.1 PSK-AES256-SHA384
+-s
+-I
+-v 2
+-l PSK-AES256-CBC-SHA384
+
+# No Hint client TLSv1.1 PSK-AES256-SHA384
+-s
+-v 2
+-l PSK-AES256-CBC-SHA384
+
+# No Hint server TLSv1.2 PSK-AES256-SHA384
+-s
+-I
+-v 3
+-l PSK-AES256-CBC-SHA384
+
+# No Hint client TLSv1.2 PSK-AES256-SHA384
+-s
+-v 3
+-l PSK-AES256-CBC-SHA384
+
+# server TLSv1.2 PSK-AES128-GCM-SHA256
+-s
+-I
+-v 3
+-l PSK-AES128-GCM-SHA256
+
+# client TLSv1.2 PSK-AES128-GCM-SHA256
+-s
+-v 3
+-l PSK-AES128-GCM-SHA256
+
+# server TLSv1.2 PSK-AES256-GCM-SHA384
+-s
+-I
+-v 3
+-l PSK-AES256-GCM-SHA384
+
+# client TLSv1.2 PSK-AES256-GCM-SHA384
+-s
+-v 3
+-l PSK-AES256-GCM-SHA384
+
+#######################
+# ^ End no PSK Identity Hint
+#######################
+#################################
+# Handshake message structure is different for
+# Diffie Helman Ephemeral do not test those.
+#################################
+

From 37ba6aeee739c3d7a1dd7cec684ab796af7ecbab Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Mon, 3 Aug 2015 09:32:51 -0700
Subject: [PATCH 2/2] fix psk no identify hint example logic

---
 examples/server/server.c | 6 +++---
 tests/include.am         | 2 ++
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/examples/server/server.c b/examples/server/server.c
index cba04bc48..c0687a195 100644
--- a/examples/server/server.c
+++ b/examples/server/server.c
@@ -203,7 +203,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
     char** argv = ((func_args*)args)->argv;
 
 #ifndef NO_PSK
-    int doNotSendPskIdentityHint = 1;
+    int sendPskIdentityHint = 1;
 #endif
 
 #ifdef HAVE_SNI
@@ -372,7 +372,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
                 break;
             case 'I':
                 #ifndef NO_PSK
-                    doNotSendPskIdentityHint = 0;
+                    sendPskIdentityHint = 0;
                 #endif
                 break;
 
@@ -513,7 +513,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
 #ifndef NO_PSK
         SSL_CTX_set_psk_server_callback(ctx, my_psk_server_cb);
 
-        if (doNotSendPskIdentityHint == 1)
+        if (sendPskIdentityHint == 1)
             SSL_CTX_use_psk_identity_hint(ctx, "cyassl server");
 
         if (cipherList == NULL) {
diff --git a/tests/include.am b/tests/include.am
index 006458523..f276f3af0 100644
--- a/tests/include.am
+++ b/tests/include.am
@@ -19,5 +19,7 @@ tests_unit_test_DEPENDENCIES = src/libwolfssl.la
 endif
 EXTRA_DIST += tests/unit.h
 EXTRA_DIST += tests/test.conf \
+              tests/test-qsh.conf \
+              tests/test-psk-no-id.conf \
               tests/test-dtls.conf
 DISTCLEANFILES+= tests/.libs/unit.test