Split out the PSK preamble from tls_process_key_exchange()

    return ret;

}

static int tls_process_ske_psk_preamble(SSL *s, int *al)

static int tls_process_ske_psk_preamble(SSL *s, PACKET *pkt, int *al)

{

#ifndef OPENSSL_NO_PSK

    PACKET psk_identity_hint;

#else

    /* PSK ciphersuites are preceded by an identity hint */

    if (!PACKET_get_length_prefixed_2(pkt, &psk_identity_hint)) {

        *al = SSL_AD_DECODE_ERROR;

        SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, SSL_R_LENGTH_MISMATCH);

        return 0;

    }

    /*

     * Store PSK identity hint for later use, hint is used in

     * tls_construct_client_key_exchange.  Assume that the maximum length of

     * a PSK identity hint can be as long as the maximum length of a PSK

     * identity.

     */

    if (PACKET_remaining(&psk_identity_hint) > PSK_MAX_IDENTITY_LEN) {

        *al = SSL_AD_HANDSHAKE_FAILURE;

        SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, SSL_R_DATA_LENGTH_TOO_LONG);

        return 0;

    }

    if (PACKET_remaining(&psk_identity_hint) == 0) {

        OPENSSL_free(s->session->psk_identity_hint);

        s->session->psk_identity_hint = NULL;

    } else if (!PACKET_strndup(&psk_identity_hint,

                        &s->session->psk_identity_hint)) {

        *al = SSL_AD_INTERNAL_ERROR;

        return 0;

    }

    return 1;

#else

    SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);

    *al = SSL_AD_INTERNAL_ERROR;

    return 0;

#endif

}

MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt)

{

    EVP_MD_CTX *md_ctx;

    int al;

    int al = -1;

    long alg_k, alg_a;

    EVP_PKEY *pkey = NULL;

    PACKET save_param_start, signature;

    alg_a = s->s3->tmp.new_cipher->algorithm_auth;

    al = SSL_AD_DECODE_ERROR;

#ifndef OPENSSL_NO_PSK

    /* PSK ciphersuites are preceded by an identity hint */

    if (alg_k & SSL_PSK) {

        PACKET psk_identity_hint;

        if (!PACKET_get_length_prefixed_2(pkt, &psk_identity_hint)) {

            SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, SSL_R_LENGTH_MISMATCH);

            goto f_err;

        }

        /*

         * Store PSK identity hint for later use, hint is used in

         * ssl3_send_client_key_exchange.  Assume that the maximum length of

         * a PSK identity hint can be as long as the maximum length of a PSK

         * identity.

         */

        if (PACKET_remaining(&psk_identity_hint) > PSK_MAX_IDENTITY_LEN) {

            al = SSL_AD_HANDSHAKE_FAILURE;

            SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, SSL_R_DATA_LENGTH_TOO_LONG);

            goto f_err;

        }

        if (PACKET_remaining(&psk_identity_hint) == 0) {

            OPENSSL_free(s->session->psk_identity_hint);

            s->session->psk_identity_hint = NULL;

        } else if (!PACKET_strndup(&psk_identity_hint,

                            &s->session->psk_identity_hint)) {

            al = SSL_AD_INTERNAL_ERROR;

            goto f_err;

        }

        if (!tls_process_ske_psk_preamble(s, pkt, &al))

            goto err;

    }

    /* Nothing else to do for plain PSK or RSAPSK */

    if (alg_k & (SSL_kPSK | SSL_kRSAPSK)) {

    } else

#endif                          /* !OPENSSL_NO_PSK */

    /*

     * Dummy "if" to ensure sane C code in the event of various OPENSSL_NO_*

     * options

     */

    if (0) {

    }

#ifndef OPENSSL_NO_SRP

    else if (alg_k & SSL_kSRP) {

    EVP_MD_CTX_free(md_ctx);

    return MSG_PROCESS_CONTINUE_READING;

 f_err:

    ssl3_send_alert(s, SSL3_AL_FATAL, al);

    if (al == -1)

        al = SSL_AD_DECODE_ERROR;

 err:

    if (al != -1)

        ssl3_send_alert(s, SSL3_AL_FATAL, al);

    EVP_MD_CTX_free(md_ctx);

    ossl_statem_set_error(s);

    return MSG_PROCESS_ERROR;