From 02186dbd239aeaebca5996a99b241e3780992210 Mon Sep 17 00:00:00 2001
From: David Garske <david@wolfssl.com>
Date: Wed, 22 Dec 2021 14:30:00 -0800
Subject: [PATCH] Fix for TLS v1.3 client session ticket resumption where the
 server opts to do a new handshake. Fix to make sure `preMasterSz` is valid.

---
 src/ssl.c   | 1 +
 src/tls.c   | 4 ++++
 src/tls13.c | 4 +++-
 3 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/src/ssl.c b/src/ssl.c
index 4e25ce023..215ff1d8f 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -31417,6 +31417,7 @@ void wolfSSL_sk_pop_free(WOLF_STACK_OF(WOLFSSL_ASN1_OBJECT)* sk,
     WOLFSSL_ENTER("wolfSSL_sk_pop_free");
 
     if (sk == NULL) {
+        /* pop_free can be called with NULL, do not print bad argument */
         return;
     }
     #if defined(WOLFSSL_QT)
diff --git a/src/tls.c b/src/tls.c
index e27393b75..ac7c094f6 100644
--- a/src/tls.c
+++ b/src/tls.c
@@ -7492,6 +7492,10 @@ static int TLSX_KeyShare_Process(WOLFSSL* ssl, KeyShareEntry* keyShareEntry)
 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
     ssl->session.namedGroup = (byte)keyShareEntry->group;
 #endif
+    /* reset the pre master secret size */
+    if (ssl->arrays->preMasterSz == 0)
+        ssl->arrays->preMasterSz = ENCRYPT_LEN;
+
     /* Use Key Share Data from server. */
     if (keyShareEntry->group >= MIN_FFHDE_GROUP &&
         keyShareEntry->group <= MAX_FFHDE_GROUP)
diff --git a/src/tls13.c b/src/tls13.c
index b70df4ad8..7bd68905c 100644
--- a/src/tls13.c
+++ b/src/tls13.c
@@ -4265,8 +4265,10 @@ static int CheckPreSharedKeys(WOLFSSL* ssl, const byte* input, word32 helloSz,
         else
     #endif
         {
-            if ((modes & (1 << PSK_KE)) == 0)
+            if ((modes & (1 << PSK_KE)) == 0) {
+                WOLFSSL_MSG("psk_ke mode does not allow key share");
                 return PSK_KEY_ERROR;
+            }
             ssl->options.noPskDheKe = 1;
             ssl->arrays->preMasterSz = 0;