Found while developing the PSK tests
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3670)
goto err;
}
- if (s->hello_retry_request && mdres != handmd) {
+ if (s->hello_retry_request && mdpsk != handmd) {
/*
* Selected ciphersuite hash does not match the hash for the PSK
* session. This is an application bug.
if (dores)
s->session->ext.tick_identity = 0;
+ SSL_SESSION_free(s->psksession);
s->psksession = psksess;
if (psksess != NULL)
s->psksession->ext.tick_identity = (dores ? 1 : 0);
+ psksess = NULL;
ret = EXT_RETURN_SENT;
err:
+ SSL_SESSION_free(psksess);
return ret;
#else
return 1;
}
if (s->psk_find_session_cb != NULL
- && s->psk_find_session_cb(s, PACKET_data(&identity),
- PACKET_remaining(&identity), &sess)) {
+ && !s->psk_find_session_cb(s, PACKET_data(&identity),
+ PACKET_remaining(&identity),
+ &sess)) {
+ *al = SSL_AD_INTERNAL_ERROR;
+ return 0;
+ }
+
+ if (sess != NULL) {
+ /* We found a PSK */
SSL_SESSION *sesstmp = ssl_session_dup(sess, 0);
if (sesstmp == NULL) {