commit 21ef42f257dec3aee48d6f314579fa891e0309c5
author Manuel Pégourié-Gonnard <mpg@elzevir.fr> Sun Oct 27 14:47:25 2013 +0100
committer Paul Bakker <p.j.bakker@polarssl.org> Mon Oct 28 14:00:45 2013 +0100
tree f80c8c9014c2ab8d032078a5239c39c6b8188c86
parent 18dc0e2746194414aca8bb0911cf1fec8fbd80fe

Don't select a PSK ciphersuite if no key available

library/ssl_ciphersuites.c

diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c
index 781edb2..9186cc4 100644
--- a/library/ssl_ciphersuites.c
+++ b/library/ssl_ciphersuites.c
@@ -1210,4 +1210,19 @@
     }
 }
 
+int ssl_ciphersuite_uses_psk( const ssl_ciphersuite_t *info )
+{
+    switch( info->key_exchange )
+    {
+        case POLARSSL_KEY_EXCHANGE_PSK:
+        case POLARSSL_KEY_EXCHANGE_RSA_PSK:
+        case POLARSSL_KEY_EXCHANGE_DHE_PSK:
+        case POLARSSL_KEY_EXCHANGE_ECDHE_PSK:
+            return( 1 );
+
+        default:
+            return( 0 );
+    }
+}
+
 #endif

library/ssl_srv.c

diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 42ff467..7d81fc9 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -1394,6 +1394,16 @@
                     continue;
 #endif
 
+#if defined(POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED)
+                /* If the ciphersuite requires a pre-shared key and we don't
+                 * have one, skip it now rather than failing later */
+                if( ssl_ciphersuite_uses_psk( ciphersuite_info ) &&
+                    ssl->f_psk == NULL &&
+                    ( ssl->psk == NULL || ssl->psk_identity == NULL ||
+                      ssl->psk_identity_len == 0 || ssl->psk_len == 0 ) )
+                    continue;
+#endif
+
 #if defined(POLARSSL_X509_CRT_PARSE_C)
                 /*
                  * Final check: if ciphersuite requires us to have a