Merge pull request #2247 from SparkiDev/psk_once

Use TLS v1.3 PSK callback in extension allow for one call in client
2026-01-31 18:09:16 +01:00 · 2019-05-23 11:49:40 -07:00
parent 6fe4c3ff34 1ce8e227d2
commit ac5a5dfd56
3 changed files with 34 additions and 2 deletions
--- a/src/tls.c
+++ b/src/tls.c
@@ -9612,14 +9612,28 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer)
            }
        #endif
        #ifndef NO_PSK
-            if (ssl->options.client_psk_cb != NULL) {
+            if (ssl->options.client_psk_cb != NULL ||
+                                     ssl->options.client_psk_tls13_cb != NULL) {
                /* Default ciphersuite. */
                byte cipherSuite0 = TLS13_BYTE;
                byte cipherSuite = WOLFSSL_DEF_PSK_CIPHER;
+                const char* cipherName = NULL;

-                ssl->arrays->psk_keySz = ssl->options.client_psk_cb(ssl,
+                if (ssl->options.client_psk_tls13_cb != NULL) {
+                    ssl->arrays->psk_keySz = ssl->options.client_psk_tls13_cb(
+                        ssl, ssl->arrays->server_hint,
+                        ssl->arrays->client_identity, MAX_PSK_ID_LEN,
+                        ssl->arrays->psk_key, MAX_PSK_KEY_LEN, &cipherName);
+                    if (GetCipherSuiteFromName(cipherName, &cipherSuite0,
+                                                           &cipherSuite) != 0) {
+                        return PSK_KEY_ERROR;
+                    }
+                }
+                else {
+                    ssl->arrays->psk_keySz = ssl->options.client_psk_cb(ssl,
                        ssl->arrays->server_hint, ssl->arrays->client_identity,
                        MAX_PSK_ID_LEN, ssl->arrays->psk_key, MAX_PSK_KEY_LEN);
+                }
                if (ssl->arrays->psk_keySz == 0 ||
                                     ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN) {
                    return PSK_KEY_ERROR;
--- a/src/tls13.c
+++ b/src/tls13.c
@@ -2402,6 +2402,7 @@ static int SetupPskKey(WOLFSSL* ssl, PreSharedKey* psk)
 #endif
 #ifndef NO_PSK
    if (!psk->resumption) {
+    #ifndef WOLFSSL_PSK_ONE_ID
        const char* cipherName = NULL;
        byte cipherSuite0 = TLS13_BYTE, cipherSuite = WOLFSSL_DEF_PSK_CIPHER;

@@ -2430,6 +2431,9 @@ static int SetupPskKey(WOLFSSL* ssl, PreSharedKey* psk)
                                              psk->cipherSuite != cipherSuite) {
            return PSK_KEY_ERROR;
        }
+    #else
+        /* PSK information loaded during setting of default TLS extensions. */
+    #endif
    }
 #endif