From 00bdc69284b04a87818ef08da4abd7cc799f0c9a Mon Sep 17 00:00:00 2001
From: David Garske <david@wolfssl.com>
Date: Tue, 19 Oct 2021 16:22:39 -0700
Subject: [PATCH] Fix for `wolfSSL_set_secret` with DTLS where TLS v1.3 is not
 defined. Function assumed `ssl->arrays->preMasterSecret` was allocated.

---
 src/keys.c |  4 ++++
 src/ssl.c  | 10 ++++++++++
 2 files changed, 14 insertions(+)

diff --git a/src/keys.c b/src/keys.c
index cd8b3c008..19ae349ed 100644
--- a/src/keys.c
+++ b/src/keys.c
@@ -3504,6 +3504,10 @@ static int MakeSslMasterSecret(WOLFSSL* ssl)
     wc_Sha sha[1];
 #endif
 
+    if (ssl->arrays->preMasterSecret == NULL) {
+        return BAD_FUNC_ARG;
+    }
+
 #ifdef SHOW_SECRETS
     {
         word32 j;
diff --git a/src/ssl.c b/src/ssl.c
index 2c4a6706c..31ed491a5 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -1360,8 +1360,18 @@ int wolfSSL_set_secret(WOLFSSL* ssl, word16 epoch,
         ret = BAD_FUNC_ARG;
     }
 
+    if (ret == 0 && ssl->arrays->preMasterSecret == NULL) {
+        ssl->arrays->preMasterSz = ENCRYPT_LEN;
+        ssl->arrays->preMasterSecret = (byte*)XMALLOC(ENCRYPT_LEN, ssl->heap,
+            DYNAMIC_TYPE_SECRET);
+        if (ssl->arrays->preMasterSecret == NULL) {
+            ret = MEMORY_E;
+        }
+    }
+
     if (ret == 0) {
         XMEMCPY(ssl->arrays->preMasterSecret, preMasterSecret, preMasterSz);
+        XMEMSET(ssl->arrays->preMasterSecret + preMasterSz, 0, ENCRYPT_LEN - preMasterSz);
         ssl->arrays->preMasterSz = preMasterSz;
         XMEMCPY(ssl->arrays->clientRandom, clientRandom, RAN_LEN);
         XMEMCPY(ssl->arrays->serverRandom, serverRandom, RAN_LEN);