Don't select a PSK ciphersuite if no key available

2025-07-28 00:21:48 +03:00 · 2013-10-27 14:47:25 +01:00
parent 18dc0e2746
commit 21ef42f257
3 changed files with 26 additions and 0 deletions
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@ -1394,6 +1394,16 @@ static int ssl_parse_client_hello( ssl_context *ssl )
                    continue;
 #endif

+#if defined(POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED)
+                /* If the ciphersuite requires a pre-shared key and we don't
+                 * have one, skip it now rather than failing later */
+                if( ssl_ciphersuite_uses_psk( ciphersuite_info ) &&
+                    ssl->f_psk == NULL &&
+                    ( ssl->psk == NULL || ssl->psk_identity == NULL ||
+                      ssl->psk_identity_len == 0 || ssl->psk_len == 0 ) )
+                    continue;
+#endif
+
 #if defined(POLARSSL_X509_CRT_PARSE_C)
                /*
                 * Final check: if ciphersuite requires us to have a