if (s->early_data_state == SSL_EARLY_DATA_WRITING
|| s->early_data_state == SSL_EARLY_DATA_WRITE_RETRY) {
- if (s->session != NULL && s->session->ext.max_early_data > 0)
+ if (s->session != NULL && s->session->ext.max_early_data > 0) {
alg_enc = s->session->cipher->algorithm_enc;
- else
+ } else {
+ if (!ossl_assert(s->psksession != NULL
+ && s->psksession->ext.max_early_data > 0))
+ return -1;
alg_enc = s->psksession->cipher->algorithm_enc;
+ }
} else {
/*
* To get here we must have selected a ciphersuite - otherwise ctx would