Added support for out-of-band Pre-shared keys under TLS1.3

That adds support for pre-shared keys with and without Diffie-Hellman
key exchange. That's a modified version of initial Ander's patch.

Resolves #414
Resolves #125

Signed-off-by: Ander Juaristi <a@juaristi.eus>
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.org>

1 files changed, 12 insertions, 2 deletions

diff --git a/lib/priority.c b/lib/priority.c
index 65b3dd3d93..25f7ebab37 100644
--- a/lib/priority.c
+++ b/lib/priority.c
@@ -1177,6 +1177,7 @@ static int set_ciphersuite_list(gnutls_priority_t priority_cache)
 	const version_entry_st *tlsmin = NULL;
 	const version_entry_st *dtlsmin = NULL;
 	unsigned have_tls13 = 0;
+	unsigned have_psk = 0;
 
 	priority_cache->cs.size = 0;
 	priority_cache->sigalg.size = 0;
@@ -1213,9 +1214,18 @@ static int set_ciphersuite_list(gnutls_priority_t priority_cache)
 	if ((!tlsmax || !tlsmin) && (!dtlsmax || !dtlsmin))
 		return gnutls_assert_val(GNUTLS_E_NO_PRIORITIES_WERE_SET);
 
+	for (i = 0; i < priority_cache->_kx.algorithms; i++) {
+		if (_gnutls_kx_is_psk(priority_cache->_kx.priority[i])) {
+			have_psk = 1;
+			break;
+		}
+	}
+
+	priority_cache->have_psk = have_psk;
+
 	/* if we are have TLS1.3+ do not enable any key exchange algorithms,
 	 * the protocol doesn't require any. */
-	if (tlsmin && tlsmin->tls13_sem) {
+	if (tlsmin && tlsmin->tls13_sem && !have_psk) {
 		if (!dtlsmin || (dtlsmin && dtlsmin->tls13_sem))
 			priority_cache->_kx.algorithms = 0;
 	}
@@ -1316,7 +1326,7 @@ static int set_ciphersuite_list(gnutls_priority_t priority_cache)
 		return gnutls_assert_val(GNUTLS_E_NO_PRIORITIES_WERE_SET);
 
 	/* when TLS 1.3 is available we must have groups set */
-	if (tlsmax && tlsmax->id >= GNUTLS_TLS1_3 && priority_cache->groups.size == 0)
+	if (!have_psk && tlsmax && tlsmax->id >= GNUTLS_TLS1_3 && priority_cache->groups.size == 0)
 		return gnutls_assert_val(GNUTLS_E_NO_PRIORITIES_WERE_SET);
 
 	return 0;