Don't accept CertificateRequest with PSK suites

This commit is contained in:
Manuel Pégourié-Gonnard 2013-11-25 17:38:36 +01:00 committed by Paul Bakker
parent dc953e8c41
commit da1ff38715
2 changed files with 42 additions and 1 deletions

View file

@ -1592,15 +1592,51 @@ exit:
return( 0 ); return( 0 );
} }
#if !defined(POLARSSL_KEY_EXCHANGE_RSA_ENABLED) && \
!defined(POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED) && \
!defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) && \
!defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
static int ssl_parse_certificate_request( ssl_context *ssl )
{
int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE;
const ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info;
SSL_DEBUG_MSG( 2, ( "=> parse certificate request" ) );
if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_PSK ||
ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_RSA_PSK ||
ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_DHE_PSK ||
ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_PSK )
{
SSL_DEBUG_MSG( 2, ( "<= skip parse certificate request" ) );
ssl->state++;
return( 0 );
}
SSL_DEBUG_MSG( 1, ( "should not happen" ) );
return( ret );
}
#else
static int ssl_parse_certificate_request( ssl_context *ssl ) static int ssl_parse_certificate_request( ssl_context *ssl )
{ {
int ret; int ret;
unsigned char *buf, *p; unsigned char *buf, *p;
size_t n = 0, m = 0; size_t n = 0, m = 0;
size_t cert_type_len = 0, dn_len = 0; size_t cert_type_len = 0, dn_len = 0;
const ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info;
SSL_DEBUG_MSG( 2, ( "=> parse certificate request" ) ); SSL_DEBUG_MSG( 2, ( "=> parse certificate request" ) );
if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_PSK ||
ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_RSA_PSK ||
ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_DHE_PSK ||
ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_PSK )
{
SSL_DEBUG_MSG( 2, ( "<= skip parse certificate request" ) );
ssl->state++;
return( 0 );
}
/* /*
* 0 . 0 handshake type * 0 . 0 handshake type
* 1 . 3 handshake length * 1 . 3 handshake length
@ -1726,6 +1762,10 @@ exit:
return( 0 ); return( 0 );
} }
#endif /* !POLARSSL_KEY_EXCHANGE_RSA_ENABLED &&
!POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED &&
!POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED &&
!POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
static int ssl_parse_server_hello_done( ssl_context *ssl ) static int ssl_parse_server_hello_done( ssl_context *ssl )
{ {

View file

@ -1933,7 +1933,8 @@ static int ssl_write_certificate_request( ssl_context *ssl )
} }
#endif /* !POLARSSL_KEY_EXCHANGE_RSA_ENABLED && #endif /* !POLARSSL_KEY_EXCHANGE_RSA_ENABLED &&
!POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED && !POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED &&
!POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED */ !POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED &&
!POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
static int ssl_write_server_key_exchange( ssl_context *ssl ) static int ssl_write_server_key_exchange( ssl_context *ssl )
{ {