Commit dc87d5a9 authored by Matt Caswell's avatar Matt Caswell
Browse files

Tweak the client side PSK callback 



Ensure that we properly distinguish between successful return (PSK
provided), successful return (no PSK provided) and failure.

Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3670)
parent 801d9fbd

apps/s_client.c

+14 −7
Original line number Diff line number Diff line
@@ -203,6 +203,9 @@ static int psk_use_session_cb(SSL *s, const EVP_MD *md, 
        if (cipher == NULL) {

            /* Doesn't look like a suitable TLSv1.3 key. Ignore it */

            OPENSSL_free(key);

            *id = NULL;

            *idlen = 0;

            *sess = NULL;

            return 0;

        }

        usesess = SSL_SESSION_new();
@@ -221,13 +224,17 @@ static int psk_use_session_cb(SSL *s, const EVP_MD *md, 
    if (cipher == NULL)

        goto err;



    if (md != NULL && SSL_CIPHER_get_handshake_digest(cipher) != md)

        goto err;



    if (md != NULL && SSL_CIPHER_get_handshake_digest(cipher) != md) {

        /* PSK not usable, ignore it */

        *id = NULL;

        *idlen = 0;

        *sess = NULL;

        SSL_SESSION_free(usesess);

    } else {

        *sess = usesess;



        *id = (unsigned char *)psk_identity;

        *idlen = strlen(psk_identity);

    }



    return 1;