Fix a bug in CKE construction for PSK

In plain PSK we don't need to do anymore construction after the preamble.
We weren't detecting this case and treating it as an unknown cipher.

Reviewed-by: Rich Salz <rsalz@openssl.org>

diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index 67f4ac43101596d219840bb2930f0db0d24c5bbc..e4b2219f06209663ec1a0d8ea21bf5ecc1907f7d 100644 (file)
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -2496,7 +2496,7 @@ int tls_construct_client_key_exchange(SSL *s)
     } else if (alg_k & SSL_kSRP) {
         if (!tls_construct_cke_srp(s, &pkt, &al))
             goto err;
-    } else {
+    } else if (!(alg_k & SSL_kPSK)) {
         ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
         SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
         goto err;