external PSK can be obtained via tls->ctx

lib/picotls.c

@@ -4046,27 +4046,31 @@ static int vec_is_string(ptls_iovec_t x, const char *y)
  * external_psk is set, only tries handshake using those keys provided. Otherwise, tries resumption.
  */
 static int try_psk_handshake(ptls_t *tls, size_t *psk_index, int *accept_early_data, struct st_ptls_client_hello_t *ch,
-                             ptls_iovec_t ch_trunc, const struct st_ptls_external_psk_t *external_psk)
+                             ptls_iovec_t ch_trunc)
 {
     ptls_buffer_t decbuf;
     ptls_iovec_t secret, ticket_server_name, ticket_negotiated_protocol;
     uint64_t issue_at, now = tls->ctx->get_time->cb(tls->ctx->get_time);
     uint32_t age_add;
     uint16_t ticket_key_exchange_id, ticket_csid;
     uint8_t binder_key[PTLS_MAX_DIGEST_SIZE];
+    const char *binder_label = "res binder";
     int ret;
 
     ptls_buffer_init(&decbuf, "", 0);
 
     for (*psk_index = 0; *psk_index < ch->psk.identities.count; ++*psk_index) {
         struct st_ptls_client_hello_psk_t *identity = ch->psk.identities.list + *psk_index;
         /* negotiate using fixed pre-shared key */
-        if (external_psk != NULL) {
-            if (identity->identity.len == external_psk->identity.len &&
-                memcmp(identity->identity.base, external_psk->identity.base, identity->identity.len) == 0) {
+        if (tls->ctx->pre_shared_key.secret.base != NULL) {
+            assert(tls->ctx->pre_shared_key.secret.len != 0 && tls->ctx->pre_shared_key.identity.len != 0 &&
+                   tls->ctx->pre_shared_key.hash != NULL && "`ptls_context_t::pre_shared_key` in incosistent state");
+            if (identity->identity.len == tls->ctx->pre_shared_key.identity.len &&
+                memcmp(identity->identity.base, tls->ctx->pre_shared_key.identity.base, identity->identity.len) == 0) {
                 *accept_early_data = ch->psk.early_data_indication && *psk_index == 0;
                 tls->key_share = NULL;
-                secret = external_psk->secret;
+                secret = tls->ctx->pre_shared_key.secret;
+                binder_label = "ext binder";
                 goto Found;
             }
             continue;
@@ -4150,7 +4154,7 @@ static int try_psk_handshake(ptls_t *tls, size_t *psk_index, int *accept_early_d
 Found:
     if ((ret = key_schedule_extract(tls->key_schedule, secret)) != 0)
         goto Exit;
-    if ((ret = derive_secret(tls->key_schedule, binder_key, external_psk ? "ext binder" : "res binder")) != 0)
+    if ((ret = derive_secret(tls->key_schedule, binder_key, binder_label)) != 0)
         goto Exit;
     ptls__key_schedule_update_hash(tls->key_schedule, ch_trunc.base, ch_trunc.len, 0);
     if ((ret = calc_verify_data(binder_key /* to conserve space, reuse binder_key for storing verify_data */, tls->key_schedule,
@@ -4476,8 +4480,7 @@ static int server_handle_hello(ptls_t *tls, ptls_message_emitter_t *emitter, ptl
         tls->ctx->pre_shared_key.identity.base != NULL && tls->ctx->pre_shared_key.secret.base != NULL &&
         !tls->ctx->require_client_authentication) {
         if ((ret = try_psk_handshake(tls, &psk_index, &accept_early_data, ch,
-                                     ptls_iovec_init(message.base, ch->psk.hash_end - message.base), &tls->ctx->pre_shared_key)) !=
-            0)
+                                     ptls_iovec_init(message.base, ch->psk.hash_end - message.base))) != 0)
             goto Exit;
     }
 
@@ -4582,7 +4585,7 @@ static int server_handle_hello(ptls_t *tls, ptls_message_emitter_t *emitter, ptl
         (ch->psk.ke_modes & ((1u << PTLS_PSK_KE_MODE_PSK) | (1u << PTLS_PSK_KE_MODE_PSK_DHE))) != 0 &&
         tls->ctx->encrypt_ticket != NULL && !tls->ctx->require_client_authentication) {
         if ((ret = try_psk_handshake(tls, &psk_index, &accept_early_data, ch,
-                                     ptls_iovec_init(message.base, ch->psk.hash_end - message.base), NULL)) != 0) {
+                                     ptls_iovec_init(message.base, ch->psk.hash_end - message.base))) != 0) {
             goto Exit;
         }
     }