Tweak the client side PSK callback

Ensure that we properly distinguish between successful return (PSK provided), successful return (no PSK provided) and failure. Reviewed-by: N Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3670)

Tweak the client side PSK callback
Ensure that we properly distinguish between successful return (PSK provided), successful return (no PSK provided) and failure. Reviewed-by: N Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3670)
dc87d5a9 · Matt Caswell · 801d9fbd · dc87d5a9
隐藏空白更改
内联并排

Showing with 14 addition and 7 deletion

apps/s_client.c apps/s_client.c +14 -7

未找到文件。
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -203,6 +203,9 @@ static int psk_use_session_cb(SSL *s, const EVP_MD *md,
        if (cipher == NULL) {
            /* Doesn't look like a suitable TLSv1.3 key. Ignore it */
            OPENSSL_free(key);
+            *id = NULL;
+            *idlen = 0;
+            *sess = NULL;
            return 0;
        }
        usesess = SSL_SESSION_new();
@@ -221,13 +224,17 @@ static int psk_use_session_cb(SSL *s, const EVP_MD *md,
    if (cipher == NULL)
        goto err;

-    if (md != NULL && SSL_CIPHER_get_handshake_digest(cipher) != md)
-        goto err;
-
-    *sess = usesess;
-
-    *id = (unsigned char *)psk_identity;
-    *idlen = strlen(psk_identity);
+    if (md != NULL && SSL_CIPHER_get_handshake_digest(cipher) != md) {
+        /* PSK not usable, ignore it */
+        *id = NULL;
+        *idlen = 0;
+        *sess = NULL;
+        SSL_SESSION_free(usesess);
+    } else {
+        *sess = usesess;
+        *id = (unsigned char *)psk_identity;
+        *idlen = strlen(psk_identity);
+    }

    return 1;