Don't select a PSK ciphersuite if no key available

This commit is contained in:
Manuel Pégourié-Gonnard 2013-10-27 14:47:25 +01:00 committed by Paul Bakker
parent 18dc0e2746
commit 21ef42f257
3 changed files with 26 additions and 0 deletions

View file

@ -215,6 +215,7 @@ pk_type_t ssl_get_ciphersuite_sig_pk_alg( const ssl_ciphersuite_t *info );
#endif
int ssl_ciphersuite_uses_ec( const ssl_ciphersuite_t *info );
int ssl_ciphersuite_uses_psk( const ssl_ciphersuite_t *info );
#ifdef __cplusplus
}

View file

@ -1210,4 +1210,19 @@ int ssl_ciphersuite_uses_ec( const ssl_ciphersuite_t *info )
}
}
int ssl_ciphersuite_uses_psk( const ssl_ciphersuite_t *info )
{
switch( info->key_exchange )
{
case POLARSSL_KEY_EXCHANGE_PSK:
case POLARSSL_KEY_EXCHANGE_RSA_PSK:
case POLARSSL_KEY_EXCHANGE_DHE_PSK:
case POLARSSL_KEY_EXCHANGE_ECDHE_PSK:
return( 1 );
default:
return( 0 );
}
}
#endif

View file

@ -1394,6 +1394,16 @@ static int ssl_parse_client_hello( ssl_context *ssl )
continue;
#endif
#if defined(POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED)
/* If the ciphersuite requires a pre-shared key and we don't
* have one, skip it now rather than failing later */
if( ssl_ciphersuite_uses_psk( ciphersuite_info ) &&
ssl->f_psk == NULL &&
( ssl->psk == NULL || ssl->psk_identity == NULL ||
ssl->psk_identity_len == 0 || ssl->psk_len == 0 ) )
continue;
#endif
#if defined(POLARSSL_X509_CRT_PARSE_C)
/*
* Final check: if ciphersuite requires us to have a