From a08b2db6924c40f4903dddd5afdb7e726bf56ade Mon Sep 17 00:00:00 2001
From: David Garske <david@wolfssl.com>
Date: Tue, 26 Oct 2021 11:37:01 -0700
Subject: [PATCH] Fix for session ticket handling with error cases. Session
 ticket callback return code failures were still trying to do resumption.
 Behavior broken in PR #3827.

---
 src/sniffer.c |  2 +-
 src/tls13.c   | 10 +++++-----
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/src/sniffer.c b/src/sniffer.c
index 6cfb52548..4aa5ac60c 100644
--- a/src/sniffer.c
+++ b/src/sniffer.c
@@ -3589,7 +3589,7 @@ static int ProcessClientHello(const byte* input, int* sslBytes,
                 inputHelloSz - bindersLen + HANDSHAKE_HEADER_SZ);
 
             /* call to decrypt session ticket */
-            if (DoClientTicket(ssl, identity, idLen) != 0) {
+            if (DoClientTicket(ssl, identity, idLen) != WOLFSSL_TICKET_RET_OK) {
                 /* we aren't decrypting the resumption, since we know the master secret */
                 /* ignore errors */
             }
diff --git a/src/tls13.c b/src/tls13.c
index 1559fcfb3..d3e58f733 100644
--- a/src/tls13.c
+++ b/src/tls13.c
@@ -4202,12 +4202,12 @@ static int CheckPreSharedKeys(WOLFSSL* ssl, const byte* input, word32 helloSz,
     RefineSuites(ssl, clSuites);
 
 #ifndef WOLFSSL_PSK_ONE_ID
-    if (!usingPSK)
+    if (usingPSK == NULL)
         return BAD_FUNC_ARG;
 
     if (!ssl->options.useClientOrder) {
         /* Server order - server list has only common suites from refining. */
-        for (i = 0; !*usingPSK && i < ssl->suites->suiteSz; i += 2) {
+        for (i = 0; !(*usingPSK) && i < ssl->suites->suiteSz; i += 2) {
             ret = DoPreSharedKeys(ssl, ssl->suites->suites + i, usingPSK,
                                                                         &first);
             if (ret != 0) {
@@ -4217,8 +4217,8 @@ static int CheckPreSharedKeys(WOLFSSL* ssl, const byte* input, word32 helloSz,
     }
     else {
         /* Client order */
-        for (j = 0; !*usingPSK && j < clSuites->suiteSz; j += 2) {
-            for (i = 0; !*usingPSK && i < ssl->suites->suiteSz; i += 2) {
+        for (j = 0; !(*usingPSK) && j < clSuites->suiteSz; j += 2) {
+            for (i = 0; !(*usingPSK) && i < ssl->suites->suiteSz; i += 2) {
             ret = DoPreSharedKeys(ssl, ssl->suites->suites + i, usingPSK,
                                                                         &first);
                 if (ret != 0)
@@ -4237,7 +4237,7 @@ static int CheckPreSharedKeys(WOLFSSL* ssl, const byte* input, word32 helloSz,
     if (ret != 0)
         return ret;
 
-    if (usingPSK) {
+    if (*usingPSK != 0) {
         word16 modes;
     #ifdef WOLFSSL_EARLY_DATA
         TLSX*  extEarlyData;