From 98789dc000eed2e4128c4f3e44929cef4bf711ca Mon Sep 17 00:00:00 2001
From: res0nance <raihaanhimself@gmail.com>
Date: Sat, 18 Nov 2023 15:41:47 +0800
Subject: [PATCH] tls: return immediately if kyber_id2type() fails

This prevents a crash as ecc_key is not initialized but the
free function is still called.
---
 src/tls.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/tls.c b/src/tls.c
index 9a42a3912..eaa06a18b 100644
--- a/src/tls.c
+++ b/src/tls.c
@@ -8396,7 +8396,7 @@ static int TLSX_KeyShare_ProcessPqc(WOLFSSL* ssl, KeyShareEntry* keyShareEntry)
     ret = kyber_id2type(oqs_group, &type);
     if (ret != 0) {
         WOLFSSL_MSG("Invalid OQS algorithm specified.");
-        ret = BAD_FUNC_ARG;
+        return BAD_FUNC_ARG;
     }
     if (ret == 0) {
         ret = wc_KyberKey_Init(type, kem, ssl->heap, INVALID_DEVID);
@@ -8887,7 +8887,7 @@ static int server_generate_pqc_ciphertext(WOLFSSL* ssl,
     ret = kyber_id2type(oqs_group, &type);
     if (ret != 0) {
         WOLFSSL_MSG("Invalid Kyber algorithm specified.");
-        ret = BAD_FUNC_ARG;
+        return BAD_FUNC_ARG;
     }
 
     if (ret == 0) {