@@ -33223,21 +33223,27 @@ static int AddPSKtoPreMasterSecret(WOLFSSL* ssl)
3322333223#endif
3322433224
3322533225#ifndef NO_PSK
33226- static void MakePSKPreMasterSecret(Arrays* arrays, word16 sz )
33226+ static void MakePSKPreMasterSecret(Arrays* arrays, byte use_psk_key )
3322733227{
3322833228 byte* pms = arrays->preMasterSecret;
33229+ word16 sz;
3322933230
33230- if ((int)arrays->psk_keySz > 0) {
33231- /* sz + sz 0s + length of key + key */
33231+ /* sz + (use_psk_key ? sz 0s : sz unaltered) + length of psk + psk */
33232+ if (!use_psk_key) {
33233+ sz = (word16)arrays->preMasterSz;
3323233234 c16toa(sz, pms);
33233- pms += OPAQUE16_LEN;
33234-
33235- XMEMSET(pms, 0, sz);
33236- pms += sz;
33237-
33235+ pms += OPAQUE16_LEN + sz;
33236+ }
33237+ if ((int)arrays->psk_keySz > 0) {
33238+ if (use_psk_key) {
33239+ sz = (word16)arrays->psk_keySz;
33240+ c16toa(sz, pms);
33241+ pms += OPAQUE16_LEN;
33242+ XMEMSET(pms, 0, sz);
33243+ pms += sz;
33244+ }
3323833245 c16toa(arrays->psk_keySz, pms);
3323933246 pms += OPAQUE16_LEN;
33240-
3324133247 XMEMCPY(pms, arrays->psk_key, arrays->psk_keySz);
3324233248 arrays->preMasterSz = sz + arrays->psk_keySz + OPAQUE16_LEN * 2;
3324333249 ForceZero(arrays->psk_key, arrays->psk_keySz);
@@ -33693,8 +33699,7 @@ int SendClientKeyExchange(WOLFSSL* ssl)
3369333699 XMEMCPY(args->encSecret, ssl->arrays->client_identity,
3369433700 args->encSz);
3369533701 ssl->options.peerAuthGood = 1;
33696- MakePSKPreMasterSecret(ssl->arrays,
33697- (word16)ssl->arrays->psk_keySz);
33702+ MakePSKPreMasterSecret(ssl->arrays, 1);
3369833703 break;
3369933704 }
3370033705 #endif /* !NO_PSK */
@@ -34200,8 +34205,7 @@ int SendClientKeyExchange(WOLFSSL* ssl)
3420034205 c16toa((word16)args->length, args->output);
3420134206 args->encSz += args->length + OPAQUE16_LEN;
3420234207
34203- MakePSKPreMasterSecret(ssl->arrays,
34204- (word16)ssl->arrays->preMasterSz);
34208+ MakePSKPreMasterSecret(ssl->arrays, 0);
3420534209 break;
3420634210 }
3420734211 #endif /* !NO_DH && !NO_PSK */
@@ -34220,8 +34224,7 @@ int SendClientKeyExchange(WOLFSSL* ssl)
3422034224
3422134225 /* Create pre master secret is the concatenation of
3422234226 * eccSize + eccSharedKey + pskSize + pskKey */
34223- MakePSKPreMasterSecret(ssl->arrays,
34224- (word16)ssl->arrays->preMasterSz);
34227+ MakePSKPreMasterSecret(ssl->arrays, 0);
3422534228 break;
3422634229 }
3422734230 #endif /* (HAVE_ECC || HAVE_CURVE25519 || HAVE_CURVE448) && !NO_PSK */
@@ -41027,8 +41030,7 @@ static int DefTicketEncCb(WOLFSSL* ssl, byte key_name[WOLFSSL_TICKET_NAME_SZ],
4102741030 ssl->arrays->client_identity[ci_sz] = '\0'; /* null term */
4102841031 if (AddPSKtoPreMasterSecret(ssl))
4102941032 ERROR_OUT(PSK_KEY_ERROR, exit_dcke);
41030- MakePSKPreMasterSecret(ssl->arrays,
41031- (word16)ssl->arrays->psk_keySz);
41033+ MakePSKPreMasterSecret(ssl->arrays, 1);
4103241034 break;
4103341035 }
4103441036 #endif /* !NO_PSK */
@@ -41835,8 +41837,7 @@ static int DefTicketEncCb(WOLFSSL* ssl, byte key_name[WOLFSSL_TICKET_NAME_SZ],
4183541837 * preMasterSecret here. */
4183641838 if (AddPSKtoPreMasterSecret(ssl))
4183741839 ERROR_OUT(PSK_KEY_ERROR, exit_dcke);
41838- MakePSKPreMasterSecret(ssl->arrays,
41839- (word16)ssl->arrays->preMasterSz);
41840+ MakePSKPreMasterSecret(ssl->arrays, 0);
4184041841 break;
4184141842 }
4184241843 #endif /* !NO_DH && !NO_PSK */
@@ -41856,8 +41857,7 @@ static int DefTicketEncCb(WOLFSSL* ssl, byte key_name[WOLFSSL_TICKET_NAME_SZ],
4185641857 * preMasterSecret here. */
4185741858 if (AddPSKtoPreMasterSecret(ssl))
4185841859 ERROR_OUT(PSK_KEY_ERROR, exit_dcke);
41859- MakePSKPreMasterSecret(ssl->arrays,
41860- (word16)ssl->arrays->preMasterSz);
41860+ MakePSKPreMasterSecret(ssl->arrays, 0);
4186141861 break;
4186241862 }
4186341863 #endif /* (HAVE_ECC || CURVE25519 || CURVE448) && !NO_PSK */
0 commit comments