From 1606746d2dbabe45bd1e61618b77d0fd7ea673ea Mon Sep 17 00:00:00 2001
From: Hideki Miyazaki <hide@wolfssl.com>
Date: Fri, 4 Jun 2021 10:48:07 +0900
Subject: [PATCH] a return of zero from callback as no psk available

---
 src/tls.c | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/src/tls.c b/src/tls.c
index 3ffa417f7..9c0d905df 100644
--- a/src/tls.c
+++ b/src/tls.c
@@ -10411,10 +10411,20 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer)
                         ssl->arrays->server_hint, ssl->arrays->client_identity,
                         MAX_PSK_ID_LEN, ssl->arrays->psk_key, MAX_PSK_KEY_LEN);
                 }
+        #if defined(OPENSSL_EXTRA)
+                /* OpenSSL treats 0 as a PSK key length of 0
+                 * and meaning no PSK available.
+                 */
+                if (ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN) {
+                    return PSK_KEY_ERROR;
+                }
+                if (ssl->arrays->psk_keySz > 0) {
+        #else
                 if (ssl->arrays->psk_keySz == 0 ||
                                      ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN) {
                     return PSK_KEY_ERROR;
                 }
+        #endif
                 ssl->arrays->client_identity[MAX_PSK_ID_LEN] = '\0';
                 ssl->options.cipherSuite0 = cipherSuite0;
                 ssl->options.cipherSuite  = cipherSuite;
@@ -10433,6 +10443,9 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer)
                     return ret;
 
                 usingPSK = 1;
+        #if defined(OPENSSL_EXTRA)
+                }
+        #endif
             }
         #endif
         #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)