From 8d1714a307648cf1294f04bd45e8453a5e252b91 Mon Sep 17 00:00:00 2001
From: David Garske <david@wolfssl.com>
Date: Fri, 15 Mar 2024 08:09:59 -0700
Subject: [PATCH] Fix for PSK callback with OPENSSL_EXTRA to correctly handle
 the 0 length case. Thank you @miyazakh. Broken in #7302

---
 src/tls.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/tls.c b/src/tls.c
index 9bcdd0b5b3..a28568c69e 100644
--- a/src/tls.c
+++ b/src/tls.c
@@ -13364,7 +13364,7 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer)
                         MAX_PSK_ID_LEN, ssl->arrays->psk_key, MAX_PSK_KEY_LEN);
                 }
                 if (
-                #ifndef OPENSSL_EXTRA
+                #ifdef OPENSSL_EXTRA
                     /* OpenSSL treats a PSK key length of 0
                      * to indicate no PSK available.
                      */
@@ -13372,7 +13372,9 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer)
                 #endif
                          (ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN &&
                      (int)ssl->arrays->psk_keySz != USE_HW_PSK)) {
+                #ifndef OPENSSL_EXTRA
                     ret = PSK_KEY_ERROR;
+                #endif
                 }
                 else {
                     ssl->arrays->client_identity[MAX_PSK_ID_LEN] = '\0';