Merge commit 'd7e2483' into dtls

* commit 'd7e2483': (57 commits) Skip signature_algorithms ext if PSK only Fix bug in ssl_client2 reconnect option Cosmetics in ssl_server2 Improve debugging message. Fix net_usleep for durations greater than 1 second Use pk_load_file() in X509 Create ticket keys only if enabled Fix typo in #ifdef Clarify documentation a bit Fix comment on resumption Update comment from draft to RFC Use more #ifdef's on CLI_C and SRV_C in ssl_tls.c Add recursion.pl to all.sh Allow x509_crt_verify_child() in recursion.pl Set a compile-time limit to X.509 chain length Fix 3DES -> DES in all.sh (+ time estimates) Add curves.pl to all.sh Rework all.sh to use MSan instead of valgrind Fix depends on individual curves in tests Add script to test depends on individual curves ... Conflicts: CMakeLists.txt programs/ssl/ssl_client2.c
2025-12-06 12:00:59 +03:00 · 2015-01-20 16:45:20 +00:00
parent f9c8a606b5 d7e2483bfc
commit edb7ed3a43
56 changed files with 1279 additions and 365 deletions
--- a/include/polarssl/ssl.h
+++ b/include/polarssl/ssl.h
@@ -491,7 +491,7 @@ union _ssl_premaster_secret
 #if defined(POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED)
    unsigned char _pms_rsa_psk[52 + POLARSSL_PSK_MAX_LEN];      /* RFC 4279 4 */
 #endif
-#if defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED)
+#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
    unsigned char _pms_ecdhe_psk[4 + POLARSSL_ECP_MAX_BYTES
                                   + POLARSSL_PSK_MAX_LEN];     /* RFC 5489 2 */
 #endif
@@ -1204,6 +1204,7 @@ void ssl_set_bio( ssl_context *ssl,
        int (*f_recv)(void *, unsigned char *, size_t), void *p_recv,
        int (*f_send)(void *, const unsigned char *, size_t), void *p_send );

+#if defined(POLARSSL_SSL_SRV_C)
 /**
 * \brief          Set the underlying BIO callbacks for write, read and
 *                 read-with-timeout.
@@ -1380,7 +1381,8 @@ void ssl_set_handshake_timeout( ssl_context *ssl, uint32_t min, uint32_t max );

 /**
 * \brief          Set the session cache callbacks (server-side only)
- *                 If not set, no session resuming is done.
+ *                 If not set, no session resuming is done (except if session
+ *                 tickets are enabled too).
 *
 *                 The session cache has the responsibility to check for stale
 *                 entries based on timeout. See RFC 5246 for recommendations.
@@ -1418,7 +1420,9 @@ void ssl_set_handshake_timeout( ssl_context *ssl, uint32_t min, uint32_t max );
 void ssl_set_session_cache( ssl_context *ssl,
        int (*f_get_cache)(void *, ssl_session *), void *p_get_cache,
        int (*f_set_cache)(void *, const ssl_session *), void *p_set_cache );
+#endif /* POLARSSL_SSL_SRV_C */

+#if defined(POLARSSL_SSL_CLI_C)
 /**
 * \brief          Request resumption of session (client-side only)
 *                 Session data is copied from presented session structure.
@@ -1434,6 +1438,7 @@ void ssl_set_session_cache( ssl_context *ssl,
 * \sa             ssl_get_session()
 */
 int ssl_set_session( ssl_context *ssl, const ssl_session *session );
+#endif /* POLARSSL_SSL_CLI_C */

 /**
 * \brief               Set the list of allowed ciphersuites and the preference
@@ -2011,6 +2016,7 @@ int ssl_get_record_expansion( const ssl_context *ssl );
 const x509_crt *ssl_get_peer_cert( const ssl_context *ssl );
 #endif /* POLARSSL_X509_CRT_PARSE_C */

+#if defined(POLARSSL_SSL_CLI_C)
 /**
 * \brief          Save session in order to resume it later (client-side only)
 *                 Session data is copied to presented session structure.
@@ -2028,6 +2034,7 @@ const x509_crt *ssl_get_peer_cert( const ssl_context *ssl );
 * \sa             ssl_set_session()
 */
 int ssl_get_session( const ssl_context *ssl, ssl_session *session );
+#endif /* POLARSSL_SSL_CLI_C */

 /**
 * \brief          Perform the SSL handshake