[openssl-commits] [openssl] master update
Matt Caswell
matt at openssl.org
Mon Mar 19 14:52:25 UTC 2018
The branch master has been updated
via c2b290c3d0ff878c33b3540df530f64af23163bf (commit)
from 69e2b8d67d980b4dea8c5f2cb17cd86455989bb7 (commit)
- Log -----------------------------------------------------------------
commit c2b290c3d0ff878c33b3540df530f64af23163bf
Author: Matt Caswell <matt at openssl.org>
Date: Mon Mar 19 12:58:05 2018 +0000
Fix no-psk
Reviewed-by: Tim Hudson <tjh at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5667)
-----------------------------------------------------------------------
Summary of changes:
ssl/statem/extensions_clnt.c | 4 +++-
ssl/statem/extensions_srvr.c | 2 ++
test/sslapitest.c | 10 ++++++++++
3 files changed, 15 insertions(+), 1 deletion(-)
diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c
index bd025d7..bebf73a 100644
--- a/ssl/statem/extensions_clnt.c
+++ b/ssl/statem/extensions_clnt.c
@@ -744,7 +744,6 @@ EXT_RETURN tls_construct_ctos_early_data(SSL *s, WPACKET *pkt,
unsigned int context, X509 *x,
size_t chainidx)
{
- char identity[PSK_MAX_IDENTITY_LEN + 1];
const unsigned char *id = NULL;
size_t idlen = 0;
SSL_SESSION *psksess = NULL;
@@ -764,7 +763,9 @@ EXT_RETURN tls_construct_ctos_early_data(SSL *s, WPACKET *pkt,
return EXT_RETURN_FAIL;
}
+#ifndef OPENSSL_NO_PSK
if (psksess == NULL && s->psk_client_callback != NULL) {
+ char identity[PSK_MAX_IDENTITY_LEN + 1];
unsigned char psk[PSK_MAX_PSK_LEN];
size_t psklen = 0;
@@ -815,6 +816,7 @@ EXT_RETURN tls_construct_ctos_early_data(SSL *s, WPACKET *pkt,
OPENSSL_cleanse(psk, psklen);
}
}
+#endif /* OPENSSL_NO_PSK */
SSL_SESSION_free(s->psksession);
s->psksession = psksess;
diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c
index ee4cad1..90142eb 100644
--- a/ssl/statem/extensions_srvr.c
+++ b/ssl/statem/extensions_srvr.c
@@ -1047,6 +1047,7 @@ int tls_parse_ctos_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
return 0;
}
+#ifndef OPENSSL_NO_PSK
if(sess == NULL
&& s->psk_server_callback != NULL
&& idlen <= PSK_MAX_IDENTITY_LEN) {
@@ -1097,6 +1098,7 @@ int tls_parse_ctos_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
OPENSSL_cleanse(pskdata, pskdatalen);
}
}
+#endif /* OPENSSL_NO_PSK */
if (sess != NULL) {
/* We found a PSK */
diff --git a/test/sslapitest.c b/test/sslapitest.c
index 64f10cc..a0da25f 100644
--- a/test/sslapitest.c
+++ b/test/sslapitest.c
@@ -1455,6 +1455,7 @@ static int use_session_cb(SSL *ssl, const EVP_MD *md, const unsigned char **id,
return 1;
}
+#ifndef OPENSSL_NO_PSK
static unsigned int psk_client_cb(SSL *ssl, const char *hint, char *id,
unsigned int max_id_len,
unsigned char *psk,
@@ -1482,6 +1483,7 @@ static unsigned int psk_client_cb(SSL *ssl, const char *hint, char *id,
return psklen;
}
+#endif /* OPENSSL_NO_PSK */
static int find_session_cb(SSL *ssl, const unsigned char *identity,
size_t identity_len, SSL_SESSION **sess)
@@ -1509,6 +1511,7 @@ static int find_session_cb(SSL *ssl, const unsigned char *identity,
return 1;
}
+#ifndef OPENSSL_NO_PSK
static unsigned int psk_server_cb(SSL *ssl, const char *identity,
unsigned char *psk, unsigned int max_psk_len)
{
@@ -1535,6 +1538,7 @@ static unsigned int psk_server_cb(SSL *ssl, const char *identity,
return psklen;
}
+#endif /* OPENSSL_NO_PSK */
#define MSG1 "Hello"
#define MSG2 "World."
@@ -2590,10 +2594,12 @@ static int test_tls13_psk(int idx)
SSL_CTX_set_psk_use_session_callback(cctx, use_session_cb);
SSL_CTX_set_psk_find_session_callback(sctx, find_session_cb);
}
+#ifndef OPENSSL_NO_PSK
if (idx == 1 || idx == 2) {
SSL_CTX_set_psk_client_callback(cctx, psk_client_cb);
SSL_CTX_set_psk_server_callback(sctx, psk_server_cb);
}
+#endif
srvid = pskid;
use_session_cb_cnt = 0;
find_session_cb_cnt = 0;
@@ -3756,7 +3762,11 @@ int setup_tests(void)
#endif
#ifndef OPENSSL_NO_TLS1_3
ADD_TEST(test_ciphersuite_change);
+#ifdef OPENSSL_NO_PSK
+ ADD_ALL_TESTS(test_tls13_psk, 1);
+#else
ADD_ALL_TESTS(test_tls13_psk, 3);
+#endif /* OPENSSL_NO_PSK */
ADD_ALL_TESTS(test_custom_exts, 5);
ADD_TEST(test_stateless);
ADD_TEST(test_pha_key_update);
More information about the openssl-commits
mailing list