Various review fixes for PSK early_data support

Reviewed-by: N Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/3926)

Various review fixes for PSK early_data support
Reviewed-by: N Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/3926)
0ef28021 · Matt Caswell · 57dee9bb · 0ef28021 · 0ef28021 · 0ef28021
5 changed file
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -1889,8 +1889,7 @@ int s_client_main(int argc, char **argv)
            goto end;
        }
        /* By default the SNI should be the same as was set in the session */
-        if (!noservername && servername == NULL)
+        if (!noservername && servername == NULL) {
-        {
            const char *sni = SSL_SESSION_get0_hostname(sess);
            if (sni != NULL) {

--- a/doc/man3/SSL_SESSION_get0_hostname.pod
+++ b/doc/man3/SSL_SESSION_get0_hostname.pod
@@ -37,8 +37,9 @@ session and its associated length in bytes. The returned value of B<*alpn> is a
 pointer to memory maintained within B<s> and should not be free'd.
 SSL_SESSION_set1_alpn_selected() sets the ALPN protocol for this session to the
-value in B<*alpn> which should be of length B<len> bytes. A copy of this value
+value in B<alpn> which should be of length B<len> bytes. A copy of the input
-is taken.
+value is made, and the caller retains ownership of the memory pointed to by
+B<alpn>.
 =head1 SEE ALSO

--- a/doc/man3/SSL_read_early_data.pod
+++ b/doc/man3/SSL_read_early_data.pod
@@ -63,7 +63,9 @@ will return the maximum number of early data bytes that can be sent.
 The function SSL_SESSION_set_max_early_data() sets the maximum number of early
 data bytes that can be sent for a session. This would typically be used when
-creating a PSK session file (see L<SSL_CTX_set_psk_use_session_callback(3)>).
+creating a PSK session file (see L<SSL_CTX_set_psk_use_session_callback(3)>). If
+using a ticket based PSK then this is set automatically to the value provided by
+the server.
 A client uses the function SSL_write_early_data() to send early data. This
 function is similar to the L<SSL_write_ex(3)> function, but with the following

--- a/ssl/record/ssl3_record_tls13.c
+++ b/ssl/record/ssl3_record_tls13.c
@@ -58,10 +58,14 @@ int tls13_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending)
    if (s->early_data_state == SSL_EARLY_DATA_WRITING
            || s->early_data_state == SSL_EARLY_DATA_WRITE_RETRY) {
-        if (s->session != NULL && s->session->ext.max_early_data > 0)
+        if (s->session != NULL && s->session->ext.max_early_data > 0) {
            alg_enc = s->session->cipher->algorithm_enc;
-        else
+        } else {
+            if (!ossl_assert(s->psksession != NULL
+                             && s->psksession->ext.max_early_data > 0))
+                return -1;
            alg_enc = s->psksession->cipher->algorithm_enc;
+        }
    } else {
        /*
         * To get here we must have selected a ciphersuite - otherwise ctx would

--- a/ssl/statem/extensions_clnt.c
+++ b/ssl/statem/extensions_clnt.c
@@ -1401,10 +1401,10 @@ int tls_parse_stoc_alpn(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
    }
    s->s3->alpn_selected_len = len;
-    if (s->session->ext.alpn_selected != NULL
+    if (s->session->ext.alpn_selected == NULL
-            && (s->session->ext.alpn_selected_len != len
+            || s->session->ext.alpn_selected_len != len
-                || memcmp(s->session->ext.alpn_selected, s->s3->alpn_selected,
+            || memcmp(s->session->ext.alpn_selected, s->s3->alpn_selected, len)
-                          len) != 0)) {
+               != 0) {
        /* ALPN not consistent with the old session so cannot use early_data */
        s->ext.early_data_ok = 0;
    }