Don't select a PSK ciphersuite if no key available
This commit is contained in:
parent
18dc0e2746
commit
21ef42f257
@ -215,6 +215,7 @@ pk_type_t ssl_get_ciphersuite_sig_pk_alg( const ssl_ciphersuite_t *info );
|
||||
#endif
|
||||
|
||||
int ssl_ciphersuite_uses_ec( const ssl_ciphersuite_t *info );
|
||||
int ssl_ciphersuite_uses_psk( const ssl_ciphersuite_t *info );
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
|
@ -1210,4 +1210,19 @@ int ssl_ciphersuite_uses_ec( const ssl_ciphersuite_t *info )
|
||||
}
|
||||
}
|
||||
|
||||
int ssl_ciphersuite_uses_psk( const ssl_ciphersuite_t *info )
|
||||
{
|
||||
switch( info->key_exchange )
|
||||
{
|
||||
case POLARSSL_KEY_EXCHANGE_PSK:
|
||||
case POLARSSL_KEY_EXCHANGE_RSA_PSK:
|
||||
case POLARSSL_KEY_EXCHANGE_DHE_PSK:
|
||||
case POLARSSL_KEY_EXCHANGE_ECDHE_PSK:
|
||||
return( 1 );
|
||||
|
||||
default:
|
||||
return( 0 );
|
||||
}
|
||||
}
|
||||
|
||||
#endif
|
||||
|
@ -1394,6 +1394,16 @@ static int ssl_parse_client_hello( ssl_context *ssl )
|
||||
continue;
|
||||
#endif
|
||||
|
||||
#if defined(POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED)
|
||||
/* If the ciphersuite requires a pre-shared key and we don't
|
||||
* have one, skip it now rather than failing later */
|
||||
if( ssl_ciphersuite_uses_psk( ciphersuite_info ) &&
|
||||
ssl->f_psk == NULL &&
|
||||
( ssl->psk == NULL || ssl->psk_identity == NULL ||
|
||||
ssl->psk_identity_len == 0 || ssl->psk_len == 0 ) )
|
||||
continue;
|
||||
#endif
|
||||
|
||||
#if defined(POLARSSL_X509_CRT_PARSE_C)
|
||||
/*
|
||||
* Final check: if ciphersuite requires us to have a
|
||||
|
Loading…
Reference in New Issue
Block a user