From c2b290c3d0ff878c33b3540df530f64af23163bf Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Mon, 19 Mar 2018 12:58:05 +0000 Subject: [PATCH] Fix no-psk Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/5667) --- ssl/statem/extensions_clnt.c | 4 +++- ssl/statem/extensions_srvr.c | 2 ++ test/sslapitest.c | 10 ++++++++++ 3 files changed, 15 insertions(+), 1 deletion(-) diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c index bd025d7c02..bebf73a49c 100644 --- a/ssl/statem/extensions_clnt.c +++ b/ssl/statem/extensions_clnt.c @@ -744,7 +744,6 @@ EXT_RETURN tls_construct_ctos_early_data(SSL *s, WPACKET *pkt, unsigned int context, X509 *x, size_t chainidx) { - char identity[PSK_MAX_IDENTITY_LEN + 1]; const unsigned char *id = NULL; size_t idlen = 0; SSL_SESSION *psksess = NULL; @@ -764,7 +763,9 @@ EXT_RETURN tls_construct_ctos_early_data(SSL *s, WPACKET *pkt, return EXT_RETURN_FAIL; } +#ifndef OPENSSL_NO_PSK if (psksess == NULL && s->psk_client_callback != NULL) { + char identity[PSK_MAX_IDENTITY_LEN + 1]; unsigned char psk[PSK_MAX_PSK_LEN]; size_t psklen = 0; @@ -815,6 +816,7 @@ EXT_RETURN tls_construct_ctos_early_data(SSL *s, WPACKET *pkt, OPENSSL_cleanse(psk, psklen); } } +#endif /* OPENSSL_NO_PSK */ SSL_SESSION_free(s->psksession); s->psksession = psksess; diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c index ee4cad124c..90142eb505 100644 --- a/ssl/statem/extensions_srvr.c +++ b/ssl/statem/extensions_srvr.c @@ -1047,6 +1047,7 @@ int tls_parse_ctos_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x, return 0; } +#ifndef OPENSSL_NO_PSK if(sess == NULL && s->psk_server_callback != NULL && idlen <= PSK_MAX_IDENTITY_LEN) { @@ -1097,6 +1098,7 @@ int tls_parse_ctos_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x, OPENSSL_cleanse(pskdata, pskdatalen); } } +#endif /* OPENSSL_NO_PSK */ if (sess != NULL) { /* We found a PSK */ diff --git a/test/sslapitest.c b/test/sslapitest.c index 64f10cc192..a0da25f246 100644 --- a/test/sslapitest.c +++ b/test/sslapitest.c @@ -1455,6 +1455,7 @@ static int use_session_cb(SSL *ssl, const EVP_MD *md, const unsigned char **id, return 1; } +#ifndef OPENSSL_NO_PSK static unsigned int psk_client_cb(SSL *ssl, const char *hint, char *id, unsigned int max_id_len, unsigned char *psk, @@ -1482,6 +1483,7 @@ static unsigned int psk_client_cb(SSL *ssl, const char *hint, char *id, return psklen; } +#endif /* OPENSSL_NO_PSK */ static int find_session_cb(SSL *ssl, const unsigned char *identity, size_t identity_len, SSL_SESSION **sess) @@ -1509,6 +1511,7 @@ static int find_session_cb(SSL *ssl, const unsigned char *identity, return 1; } +#ifndef OPENSSL_NO_PSK static unsigned int psk_server_cb(SSL *ssl, const char *identity, unsigned char *psk, unsigned int max_psk_len) { @@ -1535,6 +1538,7 @@ static unsigned int psk_server_cb(SSL *ssl, const char *identity, return psklen; } +#endif /* OPENSSL_NO_PSK */ #define MSG1 "Hello" #define MSG2 "World." @@ -2590,10 +2594,12 @@ static int test_tls13_psk(int idx) SSL_CTX_set_psk_use_session_callback(cctx, use_session_cb); SSL_CTX_set_psk_find_session_callback(sctx, find_session_cb); } +#ifndef OPENSSL_NO_PSK if (idx == 1 || idx == 2) { SSL_CTX_set_psk_client_callback(cctx, psk_client_cb); SSL_CTX_set_psk_server_callback(sctx, psk_server_cb); } +#endif srvid = pskid; use_session_cb_cnt = 0; find_session_cb_cnt = 0; @@ -3756,7 +3762,11 @@ int setup_tests(void) #endif #ifndef OPENSSL_NO_TLS1_3 ADD_TEST(test_ciphersuite_change); +#ifdef OPENSSL_NO_PSK + ADD_ALL_TESTS(test_tls13_psk, 1); +#else ADD_ALL_TESTS(test_tls13_psk, 3); +#endif /* OPENSSL_NO_PSK */ ADD_ALL_TESTS(test_custom_exts, 5); ADD_TEST(test_stateless); ADD_TEST(test_pha_key_update); -- 2.34.1