From: Dr. Stephen Henson <steve@openssl.org>
Date: Sun, 28 Jun 2015 16:09:54 +0000 (+0100)
Subject: Disable unsupported PSK algorithms
X-Git-Tag: OpenSSL_1_1_0-pre1~893
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=332a251fd7cca28b1cc34d5ddf26272a352f5299;p=oweals%2Fopenssl.git

Disable unsupported PSK algorithms

Reviewed-by: Matt Caswell <matt@openssl.org>
---

diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index dd325bbaa0..da64301b58 100644
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -495,22 +495,22 @@ void ssl_load_ciphers(void)
     disabled_auth_mask = 0;
 
 #ifdef OPENSSL_NO_RSA
-    disabled_mkey_mask |= SSL_kRSA;
+    disabled_mkey_mask |= SSL_kRSA | SSL_kRSAPSK;
     disabled_auth_mask |= SSL_aRSA;
 #endif
 #ifdef OPENSSL_NO_DSA
     disabled_auth_mask |= SSL_aDSS;
 #endif
 #ifdef OPENSSL_NO_DH
-    disabled_mkey_mask |= SSL_kDHr | SSL_kDHd | SSL_kDHE;
+    disabled_mkey_mask |= SSL_kDHr | SSL_kDHd | SSL_kDHE | SSL_kDHEPSK;
     disabled_auth_mask |= SSL_aDH;
 #endif
 #ifdef OPENSSL_NO_EC
-    disabled_mkey_mask |= SSL_kECDHe | SSL_kECDHr;
+    disabled_mkey_mask |= SSL_kECDHe | SSL_kECDHr | SSL_kECDHEPSK;
     disabled_auth_mask |= SSL_aECDSA | SSL_aECDH;
 #endif
 #ifdef OPENSSL_NO_PSK
-    disabled_mkey_mask |= SSL_kPSK;
+    disabled_mkey_mask |= SSL_PSK;
     disabled_auth_mask |= SSL_aPSK;
 #endif
 #ifdef OPENSSL_NO_SRP