mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-02-17 14:32:04 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fix no-psk

Browse Source 
Broken through previous PSK related commits

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3670)
This commit is contained in:
Matt Caswell 2017-06-13 14:28:45 +01:00
parent 5ffff5990c
commit 14e353506a
4 changed files with 16 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
apps/apps.h
View File

@ -515,9 +515,9 @@ int do_X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md,
STACK_OF(OPENSSL_STRING) *sigopts);
int do_X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md,
STACK_OF(OPENSSL_STRING) *sigopts);
# ifndef OPENSSL_NO_PSK
extern char *psk_key;
# endif
unsigned char *next_protos_parse(size_t *outlen, const char *in);

8
apps/s_client.c
View File

@ -109,10 +109,10 @@ static void do_ssl_shutdown(SSL *ssl)
} while (ret < 0);
}
#ifndef OPENSSL_NO_PSK
/* Default PSK identity and key */
static char *psk_identity = "Client_identity";
#ifndef OPENSSL_NO_PSK
static unsigned int psk_client_cb(SSL *ssl, const char *hint, char *identity,
unsigned int max_identity_len,
unsigned char *psk,
@ -570,9 +570,7 @@ typedef enum OPTION_choice {
OPT_DEBUG, OPT_TLSEXTDEBUG, OPT_STATUS, OPT_WDEBUG,
OPT_MSG, OPT_MSGFILE, OPT_ENGINE, OPT_TRACE, OPT_SECURITY_DEBUG,
OPT_SECURITY_DEBUG_VERBOSE, OPT_SHOWCERTS, OPT_NBIO_TEST, OPT_STATE,
#ifndef OPENSSL_NO_PSK
OPT_PSK_IDENTITY, OPT_PSK,
#endif
OPT_PSK_SESS,
#ifndef OPENSSL_NO_SRP
OPT_SRPUSER, OPT_SRPPASS, OPT_SRP_STRENGTH, OPT_SRP_LATEUSER,
@ -752,10 +750,8 @@ const OPTIONS s_client_options[] = {
{"wdebug", OPT_WDEBUG, '-', "WATT-32 tcp debugging"},
#endif
{"nbio", OPT_NBIO, '-', "Use non-blocking IO"},
#ifndef OPENSSL_NO_PSK
{"psk_identity", OPT_PSK_IDENTITY, 's', "PSK identity"},
{"psk", OPT_PSK, 's', "PSK in hex (without 0x)"},
#endif
{"psk_session", OPT_PSK_SESS, '<', "File to read PSK SSL session from"},
#ifndef OPENSSL_NO_SRP
{"srpuser", OPT_SRPUSER, 's', "SRP authentication for 'user'"},
@ -1202,7 +1198,6 @@ int s_client_main(int argc, char **argv)
case OPT_STATE:
state = 1;
break;
#ifndef OPENSSL_NO_PSK
case OPT_PSK_IDENTITY:
psk_identity = opt_arg();
break;
@ -1214,7 +1209,6 @@ int s_client_main(int argc, char **argv)
goto end;
}
break;
#endif
case OPT_PSK_SESS:
psksessf = opt_arg();
break;

12
apps/s_server.c
View File

@ -119,10 +119,10 @@ static int dtlslisten = 0;
static int early_data = 0;
static SSL_SESSION *psksess = NULL;
#ifndef OPENSSL_NO_PSK
static char *psk_identity = "Client_identity";
char *psk_key = NULL; /* by default PSK is not used */
#ifndef OPENSSL_NO_PSK
static unsigned int psk_server_cb(SSL *ssl, const char *identity,
unsigned char *psk,
unsigned int max_psk_len)
@ -892,11 +892,11 @@ const OPTIONS s_server_options[] = {
OPT_V_OPTIONS,
OPT_X_OPTIONS,
{"nbio", OPT_NBIO, '-', "Use non-blocking IO"},
#ifndef OPENSSL_NO_PSK
{"psk_identity", OPT_PSK_IDENTITY, 's', "PSK identity to expect"},
#ifndef OPENSSL_NO_PSK
{"psk_hint", OPT_PSK_HINT, 's', "PSK identity hint to use"},
{"psk", OPT_PSK, 's', "PSK in hex (without 0x)"},
#endif
{"psk", OPT_PSK, 's', "PSK in hex (without 0x)"},
{"psk_session", OPT_PSK_SESS, '<', "File to read PSK SSL session from"},
#ifndef OPENSSL_NO_SRP
{"srpvfile", OPT_SRPVFILE, '<', "The verifier file for SRP"},
@ -1011,8 +1011,8 @@ int s_server_main(int argc, char *argv[])
#ifndef OPENSSL_NO_PSK
/* by default do not send a PSK identity hint */
char *psk_identity_hint = NULL;
char *p;
#endif
char *p;
#ifndef OPENSSL_NO_SRP
char *srpuserseed = NULL;
char *srp_verifier_file = NULL;
@ -1379,9 +1379,7 @@ int s_server_main(int argc, char *argv[])
no_resume_ephemeral = 1;
break;
case OPT_PSK_IDENTITY:
#ifndef OPENSSL_NO_PSK
psk_identity = opt_arg();
#endif
break;
case OPT_PSK_HINT:
#ifndef OPENSSL_NO_PSK
@ -1389,14 +1387,12 @@ int s_server_main(int argc, char *argv[])
#endif
break;
case OPT_PSK:
#ifndef OPENSSL_NO_PSK
for (p = psk_key = opt_arg(); *p; p++) {
if (isxdigit(_UC(*p)))
continue;
BIO_printf(bio_err, "Not a hex number '%s'\n", *argv);
goto end;
}
#endif
break;
case OPT_PSK_SESS:
psksessf = opt_arg();

17
include/openssl/ssl.h
View File

@ -763,14 +763,6 @@ typedef unsigned int (*SSL_psk_server_cb_func)(SSL *ssl,
const char *identity,
unsigned char *psk,
unsigned int max_psk_len);
typedef int (*SSL_psk_find_session_cb_func)(SSL *ssl,
const unsigned char *identity,
size_t identity_len,
SSL_SESSION **sess);
typedef int (*SSL_psk_use_session_cb_func)(SSL *ssl, const EVP_MD *md,
const unsigned char **id,
size_t *idlen,
SSL_SESSION **sess);
void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, SSL_psk_server_cb_func cb);
void SSL_set_psk_server_callback(SSL *ssl, SSL_psk_server_cb_func cb);
@ -780,6 +772,15 @@ const char *SSL_get_psk_identity_hint(const SSL *s);
const char *SSL_get_psk_identity(const SSL *s);
# endif
typedef int (*SSL_psk_find_session_cb_func)(SSL *ssl,
const unsigned char *identity,
size_t identity_len,
SSL_SESSION **sess);
typedef int (*SSL_psk_use_session_cb_func)(SSL *ssl, const EVP_MD *md,
const unsigned char **id,
size_t *idlen,
SSL_SESSION **sess);
void SSL_set_psk_find_session_callback(SSL *s, SSL_psk_find_session_cb_func cb);
void SSL_CTX_set_psk_find_session_callback(SSL_CTX *ctx,
SSL_psk_find_session_cb_func cb);