diff options
author | Matt Caswell <matt@openssl.org> | 2018-03-06 14:12:10 +0000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2018-03-09 11:22:23 +0000 |
commit | e73c6eaeff82615d20845692c5c72ba9dfa895f5 (patch) | |
tree | 3eabbfe2325ad07a300c38e299e927b026aff507 /apps/s_server.c | |
parent | a7fb4fa1708c65c0932133dca64a53d0237312e3 (diff) |
Tolerate TLSv1.3 PSKs that are a different size to the hash size
We also default to SHA256 as per the spec if we do not have an explicit
digest defined.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5554)
Diffstat (limited to 'apps/s_server.c')
-rw-r--r-- | apps/s_server.c | 10 |
1 files changed, 3 insertions, 7 deletions
diff --git a/apps/s_server.c b/apps/s_server.c index ff9ee5add9..bc1d1e5608 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -208,14 +208,10 @@ static int psk_find_session_cb(SSL *ssl, const unsigned char *identity, return 0; } - if (key_len == EVP_MD_size(EVP_sha256())) - cipher = SSL_CIPHER_find(ssl, tls13_aes128gcmsha256_id); - else if (key_len == EVP_MD_size(EVP_sha384())) - cipher = SSL_CIPHER_find(ssl, tls13_aes256gcmsha384_id); - + /* We default to SHA256 */ + cipher = SSL_CIPHER_find(ssl, tls13_aes128gcmsha256_id); if (cipher == NULL) { - /* Doesn't look like a suitable TLSv1.3 key. Ignore it */ - OPENSSL_free(key); + BIO_printf(bio_err, "Error finding suitable ciphersuite\n"); return 0; } |