Don't pretend to account for RSA_PSK.
RSA_PSK is really weird in that it takes a Certificate, but you're not
expected to verify it. It's just a funny way to transmit an RSA key.
(They probably should have used the RSA_EXPORT ServerKeyExchange
spelling.) Some code now already doesn't account for it right around
certificate verification.
Given ECDHE_PSK exists, hopefully there will never be any need to add
this.
Change-Id: Ia64dac28099eaa9021f8d915d45ccbfd62872317
Reviewed-on: https://boringssl-review.googlesource.com/5941
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/ssl/internal.h b/ssl/internal.h
index 8655bca..6fb8dbe 100644
--- a/ssl/internal.h
+++ b/ssl/internal.h
@@ -260,9 +260,9 @@
/* ssl_cipher_requires_server_key_exchange returns 1 if |cipher| requires a
* ServerKeyExchange message. Otherwise it returns 0.
*
- * Unlike ssl_cipher_has_server_public_key, some ciphers take optional
- * ServerKeyExchanges. PSK and RSA_PSK only use the ServerKeyExchange to
- * communicate a psk_identity_hint, so it is optional. */
+ * Unlike |ssl_cipher_has_server_public_key|, this function may return zero
+ * while still allowing |cipher| an optional ServerKeyExchange. This is the
+ * case for plain PSK ciphers. */
int ssl_cipher_requires_server_key_exchange(const SSL_CIPHER *cipher);
/* ssl_cipher_get_record_split_len, for TLS 1.0 CBC mode ciphers, returns the
diff --git a/ssl/ssl_cipher.c b/ssl/ssl_cipher.c
index 632db30..0754da0 100644
--- a/ssl/ssl_cipher.c
+++ b/ssl/ssl_cipher.c
@@ -1698,10 +1698,9 @@
}
int ssl_cipher_has_server_public_key(const SSL_CIPHER *cipher) {
- /* PSK-authenticated ciphers do not use a public key, except for
- * RSA_PSK. */
- if ((cipher->algorithm_auth & SSL_aPSK) &&
- !(cipher->algorithm_mkey & SSL_kRSA)) {
+ /* PSK-authenticated ciphers do not use a certificate. (RSA_PSK is not
+ * supported.) */
+ if (cipher->algorithm_auth & SSL_aPSK) {
return 0;
}
