Hi,
I am using wolfSSL embedded SSL version 2.9.4. I modified the suites tables to add TLS_DHE_PSK_WITH_AES_128_GCM_SHA256.

According to RFC 4279, I do not use certificates in the handshaking between my server and my client. However I found in many places the "NO_CERTS" preprocessor directive that forbids me to use the serverDH_P field, for instance, of the WOLFSSL_CTX struct.

If I try to use certificates with Diffie Hellman key exchange and with PSK, however, I ran into a problem with the SendCertificate when allocating an output buffer. Long story. But in the internal.c initialization section there are lots of areas that are affected by the NO_CERTS directive which also include data structures used by Diffie Hellman key exchange.

Also in the SendServerKeyExchange function in internal.c where ssl->specs.kea == diffie_hellman_key, the code assumes we have a private key, which is a RSA private key but not a pre shared key.

I went through my wolfSSL code and where it had the NO_CERTS, I added a || (!defined(NO_DH) && !defined(NO_PSK)) and I got a NO_PRIVATE_KEY error in the sendServerKeyExchange

My keys.c has this block I added:

#ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
    case TLS_DHE_PSK_WITH_AES_128_GCM_SHA256:
        ssl->specs.bulk_cipher_algorithm = cyassl_aes_gcm;
        ssl->specs.cipher_type = aead;
        ssl->specs.mac_algorithm = sha256_mac;
        ssl->specs.kea = diffie_hellman_kea;
        ssl->specs.sig_algo = anonymous_sa_algo;
        ssl->specs.hash_size = SHA256_DIGEST_SIZE;
        ssl->specs.pad_size = PAD_SHA;
        ssl->specs.static_ecdh = 0;
        ssl->specs.key_size = AES_128_KEY_SIZE;
        ssl->specs.block_size = AES_BLOCK_SIZE;
        ssl->specs.iv_size = AEAD_IMP_IV_SZ;
        ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;

        break;
#endif

Am I totally off base here?

thanks

Bill