From 73fe8df9221b4627bf995f656772dcf8457c9c33 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 5 Oct 2022 14:31:43 +0200 Subject: [PATCH] Introduce and use MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED Introduce and use MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED to guard TLS code (both 1.2 and 1.3) specific to handshakes involving PSKs. Signed-off-by: Ronald Cron --- include/mbedtls/ssl.h | 10 +++++----- include/mbedtls/ssl_ciphersuites.h | 5 +++++ library/ssl_misc.h | 9 +++++---- library/ssl_tls.c | 12 +++++------ programs/ssl/ssl_client2.c | 24 +++++++++++----------- programs/ssl/ssl_server2.c | 30 ++++++++++++++-------------- tests/suites/test_suite_ssl.function | 8 ++++---- 7 files changed, 52 insertions(+), 46 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 8b2a8b64c..9677c7163 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1393,7 +1393,7 @@ struct mbedtls_ssl_config void *MBEDTLS_PRIVATE(p_vrfy); /*!< context for X.509 verify calllback */ #endif -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) +#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) #if defined(MBEDTLS_SSL_SRV_C) /** Callback to retrieve PSK key from identity */ int (*MBEDTLS_PRIVATE(f_psk))(void *, mbedtls_ssl_context *, const unsigned char *, size_t); @@ -1463,7 +1463,7 @@ struct mbedtls_ssl_config mbedtls_mpi MBEDTLS_PRIVATE(dhm_G); /*!< generator for DHM */ #endif -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) +#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) #if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_svc_key_id_t MBEDTLS_PRIVATE(psk_opaque); /*!< PSA key slot holding opaque PSK. This field @@ -1494,7 +1494,7 @@ struct mbedtls_ssl_config * Its value is non-zero if and only if * \c psk is not \c NULL or \c psk_opaque * is not \c 0. */ -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ +#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */ #if defined(MBEDTLS_SSL_ALPN) const char **MBEDTLS_PRIVATE(alpn_list); /*!< ordered list of protocols */ @@ -3296,7 +3296,7 @@ int mbedtls_ssl_conf_own_cert( mbedtls_ssl_config *conf, mbedtls_pk_context *pk_key ); #endif /* MBEDTLS_X509_CRT_PARSE_C */ -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) +#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) /** * \brief Configure pre-shared keys (PSKs) and their * identities to be used in PSK-based ciphersuites. @@ -3465,7 +3465,7 @@ void mbedtls_ssl_conf_psk_cb( mbedtls_ssl_config *conf, size_t), void *p_psk ); #endif /* MBEDTLS_SSL_SRV_C */ -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ +#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */ #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C) /** diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h index 6682ee830..b46116e0d 100644 --- a/include/mbedtls/ssl_ciphersuites.h +++ b/include/mbedtls/ssl_ciphersuites.h @@ -346,6 +346,11 @@ typedef enum { #define MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED #endif +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) || \ + defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) +#define MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED +#endif + /* Key exchanges using DHE */ #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 7917a2333..41bb9c514 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -675,7 +675,7 @@ struct mbedtls_ssl_handshake_params const mbedtls_ecp_curve_info **curves; /*!< Supported elliptic curves */ #endif -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) +#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) #if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_svc_key_id_t psk_opaque; /*!< Opaque PSK from the callback */ uint8_t psk_opaque_is_internal; @@ -684,7 +684,7 @@ struct mbedtls_ssl_handshake_params size_t psk_len; /*!< Length of PSK from callback */ #endif /* MBEDTLS_USE_PSA_CRYPTO */ uint16_t selected_identity; -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ +#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */ #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) mbedtls_x509_crt_restart_ctx ecrs_ctx; /*!< restart context */ @@ -1366,12 +1366,13 @@ MBEDTLS_CHECK_RETURN_CRITICAL int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exchange_type_t key_ex ); #endif /* !MBEDTLS_USE_PSA_CRYPTO */ +#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ +#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) #if defined(MBEDTLS_SSL_CLI_C) MBEDTLS_CHECK_RETURN_CRITICAL int mbedtls_ssl_conf_has_static_psk( mbedtls_ssl_config const *conf ); #endif - #if defined(MBEDTLS_USE_PSA_CRYPTO) /** * Get the first defined opaque PSK by order of precedence: @@ -1424,7 +1425,7 @@ static inline int mbedtls_ssl_get_psk( const mbedtls_ssl_context *ssl, } #endif /* MBEDTLS_USE_PSA_CRYPTO */ -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ +#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */ #if defined(MBEDTLS_PK_C) unsigned char mbedtls_ssl_sig_from_pk( mbedtls_pk_context *pk ); diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 0ea40085f..63a433dbe 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1599,7 +1599,7 @@ int mbedtls_ssl_set_hs_ecjpake_password( mbedtls_ssl_context *ssl, } #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) +#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) int mbedtls_ssl_conf_has_static_psk( mbedtls_ssl_config const *conf ) { if( conf->psk_identity == NULL || @@ -1842,7 +1842,7 @@ void mbedtls_ssl_conf_psk_cb( mbedtls_ssl_config *conf, } #endif /* MBEDTLS_SSL_SRV_C */ -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ +#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */ #if defined(MBEDTLS_USE_PSA_CRYPTO) static mbedtls_ssl_mode_t mbedtls_ssl_get_base_mode( @@ -3645,7 +3645,7 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl ) mbedtls_free( (void *) handshake->curves ); #endif -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) +#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) #if defined(MBEDTLS_USE_PSA_CRYPTO) if( ! mbedtls_svc_key_id_is_null( ssl->handshake->psk_opaque ) ) { @@ -3665,7 +3665,7 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl ) mbedtls_free( handshake->psk ); } #endif /* MBEDTLS_USE_PSA_CRYPTO */ -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ +#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */ #if defined(MBEDTLS_X509_CRT_PARSE_C) && \ defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) @@ -4873,7 +4873,7 @@ void mbedtls_ssl_config_free( mbedtls_ssl_config *conf ) mbedtls_mpi_free( &conf->dhm_G ); #endif -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) +#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) #if defined(MBEDTLS_USE_PSA_CRYPTO) if( ! mbedtls_svc_key_id_is_null( conf->psk_opaque ) ) { @@ -4895,7 +4895,7 @@ void mbedtls_ssl_config_free( mbedtls_ssl_config *conf ) conf->psk_identity = NULL; conf->psk_identity_len = 0; } -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ +#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */ #if defined(MBEDTLS_X509_CRT_PARSE_C) ssl_key_cert_free( conf->key_cert ); diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 6b797117f..556ecb97c 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -173,7 +173,7 @@ int main( void ) #define USAGE_CID "" #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) +#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) #define USAGE_PSK_RAW \ " psk=%%s default: \"\" (disabled)\n" \ " The PSK values are in hex, without 0x.\n" \ @@ -195,7 +195,7 @@ int main( void ) #define USAGE_PSK USAGE_PSK_RAW USAGE_PSK_SLOT #else #define USAGE_PSK "" -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ +#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */ #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) #define USAGE_CA_CALLBACK \ @@ -724,7 +724,7 @@ int main( int argc, char *argv[] ) unsigned char buf[MAX_REQUEST_SIZE + 1]; -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) +#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) unsigned char psk[MBEDTLS_PSK_MAX_LEN]; size_t psk_len = 0; #endif @@ -756,7 +756,7 @@ int main( int argc, char *argv[] ) const char *pers = "ssl_client2"; #if defined(MBEDTLS_USE_PSA_CRYPTO) -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) +#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) mbedtls_svc_key_id_t slot = MBEDTLS_SVC_KEY_ID_INIT; psa_algorithm_t alg = 0; psa_key_attributes_t key_attributes; @@ -1403,7 +1403,7 @@ int main( int argc, char *argv[] ) mbedtls_debug_set_threshold( opt.debug_level ); #endif -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) +#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) /* * Unhexify the pre-shared key if any is given */ @@ -1416,7 +1416,7 @@ int main( int argc, char *argv[] ) goto exit; } } -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ +#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */ #if defined(MBEDTLS_USE_PSA_CRYPTO) if( opt.psk_opaque != 0 ) @@ -1475,7 +1475,7 @@ int main( int argc, char *argv[] ) } #if defined(MBEDTLS_USE_PSA_CRYPTO) -#if defined (MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) +#if defined (MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) if( opt.psk_opaque != 0 ) { /* Determine KDF algorithm the opaque PSK will be used in. */ @@ -1486,7 +1486,7 @@ int main( int argc, char *argv[] ) #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256); } -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ +#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */ #endif /* MBEDTLS_USE_PSA_CRYPTO */ } @@ -2027,7 +2027,7 @@ int main( int argc, char *argv[] ) mbedtls_ssl_conf_sig_algs( &conf, sig_alg_list ); #endif -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) +#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) #if defined(MBEDTLS_USE_PSA_CRYPTO) if( opt.psk_opaque != 0 ) { @@ -2065,7 +2065,7 @@ int main( int argc, char *argv[] ) goto exit; } } -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ +#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */ if( opt.min_version != DFL_MIN_VERSION ) mbedtls_ssl_conf_min_tls_version( &conf, opt.min_version ); @@ -3195,7 +3195,7 @@ exit: #endif #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) && \ +#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) && \ defined(MBEDTLS_USE_PSA_CRYPTO) if( opt.psk_opaque != 0 ) { @@ -3214,7 +3214,7 @@ exit: ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; } } -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED && +#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED && MBEDTLS_USE_PSA_CRYPTO */ #if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index c8594ffbf..67be9bf8a 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -241,7 +241,7 @@ int main( void ) #define USAGE_CID "" #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) +#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) #define USAGE_PSK_RAW \ " psk=%%s default: \"\" (disabled)\n" \ " The PSK values are in hex, without 0x.\n" \ @@ -276,7 +276,7 @@ int main( void ) #define USAGE_PSK USAGE_PSK_RAW USAGE_PSK_SLOT #else #define USAGE_PSK "" -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ +#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */ #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) #define USAGE_CA_CALLBACK \ " ca_callback=%%d default: 0 (disabled)\n" \ @@ -907,7 +907,7 @@ int cert_callback( mbedtls_ssl_context *ssl ) #endif /* SNI_OPTION */ -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) +#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) typedef struct _psk_entry psk_entry; @@ -1020,7 +1020,7 @@ int psk_callback( void *p_info, mbedtls_ssl_context *ssl, return( -1 ); } -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ +#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */ static mbedtls_net_context listen_fd, client_fd; @@ -1280,7 +1280,7 @@ static void ssl_async_cancel( mbedtls_ssl_context *ssl ) #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ #if defined(MBEDTLS_USE_PSA_CRYPTO) -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) +#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) static psa_status_t psa_setup_psk_key_slot( mbedtls_svc_key_id_t *slot, psa_algorithm_t alg, unsigned char *psk, @@ -1303,7 +1303,7 @@ static psa_status_t psa_setup_psk_key_slot( mbedtls_svc_key_id_t *slot, return( PSA_SUCCESS ); } -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ +#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */ #endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) @@ -1431,7 +1431,7 @@ int main( int argc, char *argv[] ) int query_config_ret = 0; io_ctx_t io_ctx; unsigned char* buf = 0; -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) +#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) #if defined(MBEDTLS_USE_PSA_CRYPTO) psa_algorithm_t alg = 0; mbedtls_svc_key_id_t psk_slot = MBEDTLS_SVC_KEY_ID_INIT; @@ -2336,7 +2336,7 @@ int main( int argc, char *argv[] ) } #if defined(MBEDTLS_USE_PSA_CRYPTO) -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) +#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) if( opt.psk_opaque != 0 || opt.psk_list_opaque != 0 ) { /* Determine KDF algorithm the opaque PSK will be used in. */ @@ -2347,7 +2347,7 @@ int main( int argc, char *argv[] ) #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256); } -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ +#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */ #endif /* MBEDTLS_USE_PSA_CRYPTO */ } @@ -2374,7 +2374,7 @@ int main( int argc, char *argv[] ) } #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) +#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) /* * Unhexify the pre-shared key and parse the list if any given */ @@ -2393,7 +2393,7 @@ int main( int argc, char *argv[] ) goto exit; } } -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ +#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */ #if defined(MBEDTLS_ECP_C) if( opt.curves != NULL ) @@ -3233,7 +3233,7 @@ int main( int argc, char *argv[] ) mbedtls_ssl_conf_sig_algs( &conf, sig_alg_list ); #endif -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) +#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) if( strlen( opt.psk ) != 0 && strlen( opt.psk_identity ) != 0 ) { @@ -4314,7 +4314,7 @@ exit: sni_free( sni_info ); #endif -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) +#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) ret = psk_free( psk_info ); if( ( ret != 0 ) && ( opt.query_config_mode == DFL_QUERY_CONFIG_MODE ) ) mbedtls_printf( "Failed to list of opaque PSKs - error was %d\n", ret ); @@ -4348,7 +4348,7 @@ exit: } #endif -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) && \ +#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) && \ defined(MBEDTLS_USE_PSA_CRYPTO) if( opt.psk_opaque != 0 ) { @@ -4365,7 +4365,7 @@ exit: (int) status ); } } -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED && +#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED && MBEDTLS_USE_PSA_CRYPTO */ #if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 9ac642b2f..7447a1d0e 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -2076,7 +2076,7 @@ void perform_handshake( handshake_test_options *options ) int forced_ciphersuite[2]; enum { BUFFSIZE = 17000 }; mbedtls_endpoint client, server; -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) +#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) const char *psk_identity = "foo"; #endif #if defined(MBEDTLS_TIMING_C) @@ -2188,7 +2188,7 @@ void perform_handshake( handshake_test_options *options ) TEST_ASSERT( MBEDTLS_SSL_MAX_FRAG_LEN_NONE == options->mfl ); #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) +#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) if( options->psk_str != NULL && options->psk_str->len > 0 ) { TEST_ASSERT( mbedtls_ssl_conf_psk( &client.conf, options->psk_str->x, @@ -5621,7 +5621,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ +/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */ void test_multiple_psks() { unsigned char psk0[10] = { 0 }; @@ -5651,7 +5651,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED:MBEDTLS_USE_PSA_CRYPTO */ +/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED:MBEDTLS_USE_PSA_CRYPTO */ void test_multiple_psks_opaque( int mode ) { /*