From: Matt Caswell <matt@openssl.org>
Date: Thu, 29 Sep 2016 11:04:08 +0000 (+0100)
Subject: Fix a bug in CKE construction for PSK
X-Git-Tag: OpenSSL_1_1_1-pre1~3429
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=4a424545c4f3148bfbf54270422e05177b4c392f;p=oweals%2Fopenssl.git

Fix a bug in CKE construction for PSK

In plain PSK we don't need to do anymore construction after the preamble.
We weren't detecting this case and treating it as an unknown cipher.

Reviewed-by: Rich Salz <rsalz@openssl.org>
---

diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index 67f4ac4310..e4b2219f06 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -2496,7 +2496,7 @@ int tls_construct_client_key_exchange(SSL *s)
     } else if (alg_k & SSL_kSRP) {
         if (!tls_construct_cke_srp(s, &pkt, &al))
             goto err;
-    } else {
+    } else if (!(alg_k & SSL_kPSK)) {
         ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
         SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
         goto err;