diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 8a1834fd22..ae602562de 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -1366,7 +1366,8 @@ MBEDTLS_CHECK_RETURN_CRITICAL int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exchange_type_t key_ex ); #endif /* !MBEDTLS_USE_PSA_CRYPTO */ -#if defined(MBEDTLS_SSL_CLI_C) && defined(MBEDTLS_SSL_PROTO_TLS1_2) + +#if defined(MBEDTLS_SSL_CLI_C) MBEDTLS_CHECK_RETURN_CRITICAL int mbedtls_ssl_conf_has_static_psk( mbedtls_ssl_config const *conf ); #endif diff --git a/library/ssl_tls.c b/library/ssl_tls.c index a3586e7470..b62e2ac73f 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1600,15 +1600,20 @@ int mbedtls_ssl_set_hs_ecjpake_password( mbedtls_ssl_context *ssl, #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_conf_psk_is_configured( mbedtls_ssl_config const *conf ) +int mbedtls_ssl_conf_has_static_psk( mbedtls_ssl_config const *conf ) { + if( conf->psk_identity == NULL || + conf->psk_identity_len == 0 ) + { + return( 0 ); + } + #if defined(MBEDTLS_USE_PSA_CRYPTO) - if( !mbedtls_svc_key_id_is_null( conf->psk_opaque ) ) + if( ! mbedtls_svc_key_id_is_null( conf->psk_opaque ) ) return( 1 ); #endif /* MBEDTLS_USE_PSA_CRYPTO */ - if( conf->psk != NULL ) + + if( conf->psk != NULL && conf->psk_len != 0 ) return( 1 ); return( 0 ); @@ -1678,7 +1683,7 @@ int mbedtls_ssl_conf_psk( mbedtls_ssl_config *conf, int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; /* We currently only support one PSK, raw or opaque. */ - if( ssl_conf_psk_is_configured( conf ) ) + if( mbedtls_ssl_conf_has_static_psk( conf ) ) return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); /* Check and set raw PSK */ @@ -1796,7 +1801,7 @@ int mbedtls_ssl_conf_psk_opaque( mbedtls_ssl_config *conf, int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; /* We currently only support one PSK, raw or opaque. */ - if( ssl_conf_psk_is_configured( conf ) ) + if( mbedtls_ssl_conf_has_static_psk( conf ) ) return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); /* Check and set opaque PSK */ diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index 7b62e71a55..72c77bb891 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -49,27 +49,6 @@ #include "hash_info.h" -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) -int mbedtls_ssl_conf_has_static_psk( mbedtls_ssl_config const *conf ) -{ - if( conf->psk_identity == NULL || - conf->psk_identity_len == 0 ) - { - return( 0 ); - } - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - if( ! mbedtls_svc_key_id_is_null( conf->psk_opaque ) ) - return( 1 ); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - - if( conf->psk != NULL && conf->psk_len != 0 ) - return( 1 ); - - return( 0 ); -} -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ - #if defined(MBEDTLS_SSL_RENEGOTIATION) MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_write_renegotiation_ext( mbedtls_ssl_context *ssl, diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 8510d8f3e6..4aba59f9ea 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -728,11 +728,6 @@ static int ssl_tls13_ticket_get_psk( mbedtls_ssl_context *ssl, } #endif /* MBEDTLS_SSL_SESSION_TICKETS */ -static int ssl_tls13_has_configured_psk( const mbedtls_ssl_config *conf ) -{ - return( conf->psk != NULL && conf->psk_identity != NULL ); -} - MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_tls13_psk_get_identity( mbedtls_ssl_context *ssl, psa_algorithm_t *hash_alg, @@ -740,7 +735,7 @@ static int ssl_tls13_psk_get_identity( mbedtls_ssl_context *ssl, size_t *identity_len ) { - if( !ssl_tls13_has_configured_psk( ssl->conf ) ) + if( !mbedtls_ssl_conf_has_static_psk( ssl->conf ) ) return( -1 ); *hash_alg = PSA_ALG_SHA_256; @@ -756,7 +751,7 @@ static int ssl_tls13_psk_get_psk( mbedtls_ssl_context *ssl, size_t *psk_len ) { - if( !ssl_tls13_has_configured_psk( ssl->conf ) ) + if( !mbedtls_ssl_conf_has_static_psk( ssl->conf ) ) return( -1 ); *hash_alg = PSA_ALG_SHA_256; @@ -775,7 +770,7 @@ static int ssl_tls13_get_configured_psk_count( mbedtls_ssl_context *ssl ) configured_psk_count++; } #endif - if( ssl_tls13_has_configured_psk( ssl->conf ) ) + if( mbedtls_ssl_conf_has_static_psk( ssl->conf ) ) { MBEDTLS_SSL_DEBUG_MSG( 3, ( "PSK is configured" ) ); configured_psk_count++; @@ -1094,7 +1089,7 @@ static int ssl_tls13_parse_server_pre_shared_key_ext( mbedtls_ssl_context *ssl, } else #endif - if( ssl_tls13_has_configured_psk( ssl->conf ) ) + if( mbedtls_ssl_conf_has_static_psk( ssl->conf ) ) { ret = ssl_tls13_psk_get_psk( ssl, &hash_alg, &psk, &psk_len ); }