Various review fixes for PSK early_data support

[openssl.git] / ssl / record / ssl3_record_tls13.c

diff --git a/ssl/record/ssl3_record_tls13.c b/ssl/record/ssl3_record_tls13.c
index 0c3fc6bf16073f5fbec9f27275d026522cf9901f..696cc37fd3d22b20a7cbba3973785e402c39fc01 100644 (file)
--- a/ssl/record/ssl3_record_tls13.c
+++ b/ssl/record/ssl3_record_tls13.c
@@ -58,10 +58,14 @@ int tls13_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending)
 
     if (s->early_data_state == SSL_EARLY_DATA_WRITING
             || s->early_data_state == SSL_EARLY_DATA_WRITE_RETRY) {
-        if (s->session != NULL && s->session->ext.max_early_data > 0)
+        if (s->session != NULL && s->session->ext.max_early_data > 0) {
             alg_enc = s->session->cipher->algorithm_enc;
-        else
+        } else {
+            if (!ossl_assert(s->psksession != NULL
+                             && s->psksession->ext.max_early_data > 0))
+                return -1;
             alg_enc = s->psksession->cipher->algorithm_enc;
+        }
     } else {
         /*
          * To get here we must have selected a ciphersuite - otherwise ctx would