Fix no-psk (14e35350) · Commits · CYBER - Cyber Security / TS 103 523 MSP / ETS / ETS OpenSSL

apps/apps.h

+2 −2

Original line number	Diff line number	Diff line
		@@ -515,9 +515,9 @@ int do_X509_REQ_sign(X509_REQ x, EVP_PKEY pkey, const EVP_MD *md,
		STACK_OF(OPENSSL_STRING) *sigopts);
		int do_X509_CRL_sign(X509_CRL x, EVP_PKEY pkey, const EVP_MD *md,
		STACK_OF(OPENSSL_STRING) *sigopts);
		# ifndef OPENSSL_NO_PSK

		extern char *psk_key;
		# endif


		unsigned char next_protos_parse(size_t outlen, const char *in);

apps/s_client.c

+1 −7

Original line number	Diff line number	Diff line
		@@ -109,10 +109,10 @@ static void do_ssl_shutdown(SSL *ssl)
		} while (ret < 0);
		}

		#ifndef OPENSSL_NO_PSK
		/* Default PSK identity and key */
		static char *psk_identity = "Client_identity";

		#ifndef OPENSSL_NO_PSK
		static unsigned int psk_client_cb(SSL ssl, const char hint, char *identity,
		unsigned int max_identity_len,
		unsigned char *psk,
		@@ -570,9 +570,7 @@ typedef enum OPTION_choice {
		OPT_DEBUG, OPT_TLSEXTDEBUG, OPT_STATUS, OPT_WDEBUG,
		OPT_MSG, OPT_MSGFILE, OPT_ENGINE, OPT_TRACE, OPT_SECURITY_DEBUG,
		OPT_SECURITY_DEBUG_VERBOSE, OPT_SHOWCERTS, OPT_NBIO_TEST, OPT_STATE,
		#ifndef OPENSSL_NO_PSK
		OPT_PSK_IDENTITY, OPT_PSK,
		#endif
		OPT_PSK_SESS,
		#ifndef OPENSSL_NO_SRP
		OPT_SRPUSER, OPT_SRPPASS, OPT_SRP_STRENGTH, OPT_SRP_LATEUSER,
		@@ -752,10 +750,8 @@ const OPTIONS s_client_options[] = {
		{"wdebug", OPT_WDEBUG, '-', "WATT-32 tcp debugging"},
		#endif
		{"nbio", OPT_NBIO, '-', "Use non-blocking IO"},
		#ifndef OPENSSL_NO_PSK
		{"psk_identity", OPT_PSK_IDENTITY, 's', "PSK identity"},
		{"psk", OPT_PSK, 's', "PSK in hex (without 0x)"},
		#endif
		{"psk_session", OPT_PSK_SESS, '<', "File to read PSK SSL session from"},
		#ifndef OPENSSL_NO_SRP
		{"srpuser", OPT_SRPUSER, 's', "SRP authentication for 'user'"},
		@@ -1202,7 +1198,6 @@ int s_client_main(int argc, char **argv)
		case OPT_STATE:
		state = 1;
		break;
		#ifndef OPENSSL_NO_PSK
		case OPT_PSK_IDENTITY:
		psk_identity = opt_arg();
		break;
		@@ -1214,7 +1209,6 @@ int s_client_main(int argc, char **argv)
		goto end;
		}
		break;
		#endif
		case OPT_PSK_SESS:
		psksessf = opt_arg();
		break;

apps/s_server.c

+4 −8

Original line number	Diff line number	Diff line
		@@ -119,10 +119,10 @@ static int dtlslisten = 0;
		static int early_data = 0;
		static SSL_SESSION *psksess = NULL;

		#ifndef OPENSSL_NO_PSK
		static char *psk_identity = "Client_identity";
		char psk_key = NULL; / by default PSK is not used */

		#ifndef OPENSSL_NO_PSK
		static unsigned int psk_server_cb(SSL ssl, const char identity,
		unsigned char *psk,
		unsigned int max_psk_len)
		@@ -892,11 +892,11 @@ const OPTIONS s_server_options[] = {
		OPT_V_OPTIONS,
		OPT_X_OPTIONS,
		{"nbio", OPT_NBIO, '-', "Use non-blocking IO"},
		#ifndef OPENSSL_NO_PSK
		{"psk_identity", OPT_PSK_IDENTITY, 's', "PSK identity to expect"},
		#ifndef OPENSSL_NO_PSK
		{"psk_hint", OPT_PSK_HINT, 's', "PSK identity hint to use"},
		{"psk", OPT_PSK, 's', "PSK in hex (without 0x)"},
		#endif
		{"psk", OPT_PSK, 's', "PSK in hex (without 0x)"},
		{"psk_session", OPT_PSK_SESS, '<', "File to read PSK SSL session from"},
		#ifndef OPENSSL_NO_SRP
		{"srpvfile", OPT_SRPVFILE, '<', "The verifier file for SRP"},
		@@ -1011,8 +1011,8 @@ int s_server_main(int argc, char *argv[])
		#ifndef OPENSSL_NO_PSK
		/* by default do not send a PSK identity hint */
		char *psk_identity_hint = NULL;
		char *p;
		#endif
		char *p;
		#ifndef OPENSSL_NO_SRP
		char *srpuserseed = NULL;
		char *srp_verifier_file = NULL;
		@@ -1379,9 +1379,7 @@ int s_server_main(int argc, char *argv[])
		no_resume_ephemeral = 1;
		break;
		case OPT_PSK_IDENTITY:
		#ifndef OPENSSL_NO_PSK
		psk_identity = opt_arg();
		#endif
		break;
		case OPT_PSK_HINT:
		#ifndef OPENSSL_NO_PSK
		@@ -1389,14 +1387,12 @@ int s_server_main(int argc, char *argv[])
		#endif
		break;
		case OPT_PSK:
		#ifndef OPENSSL_NO_PSK
		for (p = psk_key = opt_arg(); *p; p++) {
		if (isxdigit(_UC(*p)))
		continue;
		BIO_printf(bio_err, "Not a hex number '%s'\n", *argv);
		goto end;
		}
		#endif
		break;
		case OPT_PSK_SESS:
		psksessf = opt_arg();

include/openssl/ssl.h

+9 −8

Original line number	Diff line number	Diff line
		@@ -763,14 +763,6 @@ typedef unsigned int (SSL_psk_server_cb_func)(SSL ssl,
		const char *identity,
		unsigned char *psk,
		unsigned int max_psk_len);
		typedef int (SSL_psk_find_session_cb_func)(SSL ssl,
		const unsigned char *identity,
		size_t identity_len,
		SSL_SESSION **sess);
		typedef int (SSL_psk_use_session_cb_func)(SSL ssl, const EVP_MD *md,
		const unsigned char **id,
		size_t *idlen,
		SSL_SESSION **sess);
		void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, SSL_psk_server_cb_func cb);
		void SSL_set_psk_server_callback(SSL *ssl, SSL_psk_server_cb_func cb);

		@@ -780,6 +772,15 @@ const char SSL_get_psk_identity_hint(const SSL s);
		const char SSL_get_psk_identity(const SSL s);
		# endif

		typedef int (SSL_psk_find_session_cb_func)(SSL ssl,
		const unsigned char *identity,
		size_t identity_len,
		SSL_SESSION **sess);
		typedef int (SSL_psk_use_session_cb_func)(SSL ssl, const EVP_MD *md,
		const unsigned char **id,
		size_t *idlen,
		SSL_SESSION **sess);

		void SSL_set_psk_find_session_callback(SSL *s, SSL_psk_find_session_cb_func cb);
		void SSL_CTX_set_psk_find_session_callback(SSL_CTX *ctx,
		SSL_psk_find_session_cb_func cb);