WARNING! Gitlab maintenance operation scheduled for Thursday, 18 June between 19:00 and 20:00 (CET). During this time window, short service interruptions (less than 5 minutes) may occur. Thank you in advance for your understanding.

Commit 4a424545 authored Sep 29, 2016 by Matt Caswell

Fix a bug in CKE construction for PSK

In plain PSK we don't need to do anymore construction after the preamble.
We weren't detecting this case and treating it as an unknown cipher.

Reviewed-by: Rich Salz <rsalz@openssl.org>

parent c13d2a5b

ssl/statem/statem_clnt.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -2496,7 +2496,7 @@ int tls_construct_client_key_exchange(SSL *s)
		} else if (alg_k & SSL_kSRP) {
		if (!tls_construct_cke_srp(s, &pkt, &al))
		goto err;
		} else {
		} else if (!(alg_k & SSL_kPSK)) {
		ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
		SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
		goto err;

Admin message