wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-30 10:47:28 +02:00
Code Issues Packages Projects Releases Wiki Activity

Use TLS v1.3 PSK callback in extension allow for one call in client

Browse Source 
New compile time option WOLFSSL_PSK_ONE_ID. Indicates one identity
available. No need for client to call callback when generating binder -
already cached.
This commit is contained in:
Sean Parkinson
2019-05-17 08:01:40 +10:00
parent 013e4429da
commit 1ce8e227d2
3 changed files with 34 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
configure.ac
View File

@ -1662,6 +1662,20 @@ AC_ARG_ENABLE([psk],
[ ENABLED_PSK=no ] [ ENABLED_PSK=no ]
) )
# Single PSK identity
AC_ARG_ENABLE([psk-one-id],
[AS_HELP_STRING([--enable-psk-one-id],[Enable PSK (default: disabled)])],
[ ENABLED_PSK_ONE_ID=$enableval ],
[ ENABLED_PSK_ONE_ID=no ]
)
if test "$ENABLED_PSK_ONE_ID" = "yes"
then
if test "$ENABLED_PSK" = "no"
then
ENABLED_PSK="yes"
fi
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_PSK_ONE_ID"
fi
# ERROR STRINGS # ERROR STRINGS
AC_ARG_ENABLE([errorstrings], AC_ARG_ENABLE([errorstrings],

18
src/tls.c
View File

@ -9595,14 +9595,28 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer)
} }
#endif #endif
#ifndef NO_PSK #ifndef NO_PSK
if (ssl->options.client_psk_cb != NULL) { if (ssl->options.client_psk_cb != NULL ||
ssl->options.client_psk_tls13_cb != NULL) {
/* Default ciphersuite. */ /* Default ciphersuite. */
byte cipherSuite0 = TLS13_BYTE; byte cipherSuite0 = TLS13_BYTE;
byte cipherSuite = WOLFSSL_DEF_PSK_CIPHER; byte cipherSuite = WOLFSSL_DEF_PSK_CIPHER;
const char* cipherName = NULL;
ssl->arrays->psk_keySz = ssl->options.client_psk_cb(ssl, if (ssl->options.client_psk_tls13_cb != NULL) {
ssl->arrays->psk_keySz = ssl->options.client_psk_tls13_cb(
ssl, ssl->arrays->server_hint,
ssl->arrays->client_identity, MAX_PSK_ID_LEN,
ssl->arrays->psk_key, MAX_PSK_KEY_LEN, &cipherName);
if (GetCipherSuiteFromName(cipherName, &cipherSuite0,
&cipherSuite) != 0) {
return PSK_KEY_ERROR;
}
}
else {
ssl->arrays->psk_keySz = ssl->options.client_psk_cb(ssl,
ssl->arrays->server_hint, ssl->arrays->client_identity, ssl->arrays->server_hint, ssl->arrays->client_identity,
MAX_PSK_ID_LEN, ssl->arrays->psk_key, MAX_PSK_KEY_LEN); MAX_PSK_ID_LEN, ssl->arrays->psk_key, MAX_PSK_KEY_LEN);
}
if (ssl->arrays->psk_keySz == 0 || if (ssl->arrays->psk_keySz == 0 ||
ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN) { ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN) {
return PSK_KEY_ERROR; return PSK_KEY_ERROR;

4
src/tls13.c
View File

@ -2394,6 +2394,7 @@ static int SetupPskKey(WOLFSSL* ssl, PreSharedKey* psk)
#endif #endif
#ifndef NO_PSK #ifndef NO_PSK
if (!psk->resumption) { if (!psk->resumption) {
#ifndef WOLFSSL_PSK_ONE_ID
const char* cipherName = NULL; const char* cipherName = NULL;
byte cipherSuite0 = TLS13_BYTE, cipherSuite = WOLFSSL_DEF_PSK_CIPHER; byte cipherSuite0 = TLS13_BYTE, cipherSuite = WOLFSSL_DEF_PSK_CIPHER;
@ -2422,6 +2423,9 @@ static int SetupPskKey(WOLFSSL* ssl, PreSharedKey* psk)
psk->cipherSuite != cipherSuite) { psk->cipherSuite != cipherSuite) {
return PSK_KEY_ERROR; return PSK_KEY_ERROR;
} }
#else
/* PSK information loaded during setting of default TLS extensions. */
#endif
} }
#endif #endif