diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h index b8d798b18c..b6944f1343 100644 --- a/include/polarssl/ssl.h +++ b/include/polarssl/ssl.h @@ -614,7 +614,9 @@ struct _ssl_context void *p_vrfy; /*!< context for verification */ #endif -#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED) +#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED) || \ + defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED) || \ + defined(POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED) int (*f_psk)(void *, ssl_context *, const unsigned char *, size_t); void *p_psk; /*!< context for PSK retrieval */ #endif @@ -712,7 +714,9 @@ struct _ssl_context mpi dhm_G; /*!< generator for DHM */ #endif -#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED) +#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED) || \ + defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED) || \ + defined(POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED) /* * PSK values */ @@ -1054,7 +1058,9 @@ int ssl_set_own_cert_alt( ssl_context *ssl, x509_crt *own_cert, rsa_key_len_func rsa_key_len ); #endif /* POLARSSL_X509_CRT_PARSE_C */ -#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED) +#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED) || \ + defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED) || \ + defined(POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED) /** * \brief Set the Pre Shared Key (PSK) and the identity name connected * to it. @@ -1094,7 +1100,9 @@ void ssl_set_psk_cb( ssl_context *ssl, int (*f_psk)(void *, ssl_context *, const unsigned char *, size_t), void *p_psk ); -#endif /* POLARSSL_KEY_EXCHANGE_PSK_ENABLED */ +#endif /* POLARSSL_KEY_EXCHANGE_PSK_ENABLED || + POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED || + POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED */ #if defined(POLARSSL_DHM_C) /** diff --git a/library/ssl_cli.c b/library/ssl_cli.c index eaa80015ff..77a18ed35f 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -1973,6 +1973,7 @@ static int ssl_write_certificate_verify( ssl_context *ssl ) SSL_DEBUG_MSG( 2, ( "=> write certificate verify" ) ); if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_PSK || + ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_PSK || ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_DHE_PSK ) { SSL_DEBUG_MSG( 2, ( "<= skip write certificate verify" ) ); @@ -1997,6 +1998,7 @@ static int ssl_write_certificate_verify( ssl_context *ssl ) SSL_DEBUG_MSG( 2, ( "=> write certificate verify" ) ); if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_PSK || + ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_PSK || ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_DHE_PSK ) { SSL_DEBUG_MSG( 2, ( "<= skip write certificate verify" ) ); diff --git a/library/ssl_srv.c b/library/ssl_srv.c index f09b924672..336add2e3a 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -1915,6 +1915,7 @@ static int ssl_write_server_key_exchange( ssl_context *ssl ) #if defined(POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED) || \ defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED) || \ defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ + defined(POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \ defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) unsigned char *p = ssl->out_msg + 4; unsigned char *dig_signed = p; @@ -2637,6 +2638,7 @@ static int ssl_parse_certificate_verify( ssl_context *ssl ) SSL_DEBUG_MSG( 2, ( "=> parse certificate verify" ) ); if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_PSK || + ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_PSK || ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_DHE_PSK ) { SSL_DEBUG_MSG( 2, ( "<= skip parse certificate verify" ) ); @@ -2664,6 +2666,7 @@ static int ssl_parse_certificate_verify( ssl_context *ssl ) SSL_DEBUG_MSG( 2, ( "=> parse certificate verify" ) ); if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_PSK || + ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_PSK || ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_DHE_PSK ) { SSL_DEBUG_MSG( 2, ( "<= skip parse certificate verify" ) ); diff --git a/library/ssl_tls.c b/library/ssl_tls.c index e4ae682297..2be20163f7 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -830,7 +830,6 @@ void ssl_calc_verify_tls_sha384( ssl_context *ssl, unsigned char hash[48] ) defined(POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED) int ssl_psk_derive_premaster( ssl_context *ssl, key_exchange_type_t key_ex ) { - int ret; unsigned char *p = ssl->handshake->premaster; unsigned char *end = p + sizeof( ssl->handshake->premaster ); @@ -856,6 +855,7 @@ int ssl_psk_derive_premaster( ssl_context *ssl, key_exchange_type_t key_ex ) #if defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED) if( key_ex == POLARSSL_KEY_EXCHANGE_DHE_PSK ) { + int ret; size_t len = ssl->handshake->dhm_ctx.len; if( end - p < 2 + (int) len ) @@ -878,6 +878,7 @@ int ssl_psk_derive_premaster( ssl_context *ssl, key_exchange_type_t key_ex ) #if defined(POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED) if( key_ex == POLARSSL_KEY_EXCHANGE_ECDHE_PSK ) { + int ret; size_t zlen; if( ( ret = ecdh_calc_secret( &ssl->handshake->ecdh_ctx, &zlen, @@ -3659,7 +3660,9 @@ int ssl_set_own_cert_alt( ssl_context *ssl, x509_crt *own_cert, } #endif /* POLARSSL_X509_CRT_PARSE_C */ -#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED) +#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED) || \ + defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED) || \ + defined(POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED) int ssl_set_psk( ssl_context *ssl, const unsigned char *psk, size_t psk_len, const unsigned char *psk_identity, size_t psk_identity_len ) { @@ -3695,7 +3698,9 @@ void ssl_set_psk_cb( ssl_context *ssl, ssl->f_psk = f_psk; ssl->p_psk = p_psk; } -#endif /* POLARSSL_KEY_EXCHANGE_PSK_ENABLED */ +#endif /* POLARSSL_KEY_EXCHANGE_PSK_ENABLED || + POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED || + POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED */ #if defined(POLARSSL_DHM_C) int ssl_set_dh_param( ssl_context *ssl, const char *dhm_P, const char *dhm_G ) @@ -4363,7 +4368,9 @@ void ssl_free( ssl_context *ssl ) } #endif -#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED) +#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED) || \ + defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED) || \ + defined(POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED) if( ssl->psk != NULL ) { memset( ssl->psk, 0, ssl->psk_len ); diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 2093d1a6a5..7b978411f5 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -166,13 +166,17 @@ static int my_verify( void *data, x509_crt *crt, int depth, int *flags ) #define USAGE_IO "" #endif /* POLARSSL_X509_CRT_PARSE_C */ -#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED) +#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED) || \ + defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED) || \ + defined(POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED) #define USAGE_PSK \ " psk=%%s default: \"\" (in hex, without 0x)\n" \ " psk_identity=%%s default: \"Client_identity\"\n" #else #define USAGE_PSK "" -#endif /* POLARSSL_KEY_EXCHANGE_PSK_ENABLED */ +#endif /* POLARSSL_KEY_EXCHANGE_PSK_ENABLED || + POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED || + POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED */ #if defined(POLARSSL_SSL_SESSION_TICKETS) #define USAGE_TICKETS \ @@ -240,7 +244,9 @@ int main( int argc, char *argv[] ) { int ret = 0, len, server_fd, i, written, frags; unsigned char buf[1024]; -#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED) +#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED) || \ + defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED) || \ + defined(POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED) unsigned char psk[256]; size_t psk_len = 0; #endif @@ -494,7 +500,9 @@ int main( int argc, char *argv[] ) opt.min_version = ciphersuite_info->min_minor_ver; } -#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED) +#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED) || \ + defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED) || \ + defined(POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED) /* * Unhexify the pre-shared key if any is given */ @@ -542,7 +550,9 @@ int main( int argc, char *argv[] ) psk[ j / 2 ] |= c; } } -#endif /* POLARSSL_KEY_EXCHANGE_PSK_ENABLED */ +#endif /* POLARSSL_KEY_EXCHANGE_PSK_ENABLED || + POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED || + POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED */ /* * 0. Initialize the RNG and the session data @@ -710,7 +720,9 @@ int main( int argc, char *argv[] ) ssl_set_own_cert( &ssl, &clicert, &pkey ); #endif -#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED) +#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED) || \ + defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED) || \ + defined(POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED) ssl_set_psk( &ssl, psk, psk_len, (const unsigned char *) opt.psk_identity, strlen( opt.psk_identity ) ); #endif diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 43d7d79b70..0148103e02 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -144,13 +144,17 @@ static void my_debug( void *ctx, int level, const char *str ) #define USAGE_IO "" #endif /* POLARSSL_X509_CRT_PARSE_C */ -#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED) +#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED) || \ + defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED) || \ + defined(POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED) #define USAGE_PSK \ " psk=%%s default: \"\" (in hex, without 0x)\n" \ " psk_identity=%%s default: \"Client_identity\"\n" #else #define USAGE_PSK "" -#endif /* POLARSSL_KEY_EXCHANGE_PSK_ENABLED */ +#endif /* POLARSSL_KEY_EXCHANGE_PSK_ENABLED || + POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED || + POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED */ #if defined(POLARSSL_SSL_SESSION_TICKETS) #define USAGE_TICKETS \ @@ -209,7 +213,9 @@ int main( int argc, char *argv[] ) int listen_fd; int client_fd = -1; unsigned char buf[1024]; -#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED) +#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED) || \ + defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED) || \ + defined(POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED) unsigned char psk[256]; size_t psk_len = 0; #endif @@ -467,7 +473,9 @@ int main( int argc, char *argv[] ) opt.min_version = ciphersuite_info->min_minor_ver; } -#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED) +#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED) || \ + defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED) || \ + defined(POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED) /* * Unhexify the pre-shared key if any is given */ @@ -515,7 +523,9 @@ int main( int argc, char *argv[] ) psk[ j / 2 ] |= c; } } -#endif /* POLARSSL_KEY_EXCHANGE_PSK_ENABLED */ +#endif /* POLARSSL_KEY_EXCHANGE_PSK_ENABLED || + POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED || + POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED */ /* * 0. Initialize the RNG and the session data @@ -729,7 +739,9 @@ int main( int argc, char *argv[] ) ssl_set_own_cert( &ssl, &srvcert2, &pkey2 ); #endif -#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED) +#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED) || \ + defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED) || \ + defined(POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED) ssl_set_psk( &ssl, psk, psk_len, (const unsigned char *) opt.psk_identity, strlen( opt.psk_identity ) ); #endif