From 5c00951f09f7fdae4607537ce853ea5bd81a674d Mon Sep 17 00:00:00 2001
From: David Garske <david@wolfssl.com>
Date: Mon, 16 Aug 2021 14:00:44 -0700
Subject: [PATCH] Do not add DH padding on failure.

---
 src/sniffer.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/sniffer.c b/src/sniffer.c
index 57c8db84e..240f9f527 100644
--- a/src/sniffer.c
+++ b/src/sniffer.c
@@ -2344,14 +2344,14 @@ static int SetupKeys(const byte* input, int* sslBytes, SnifferSession* session,
             } while (ret == WC_PENDING_E);
 
             wc_FreeDhKey(&dhKey);
-        
 
         #ifdef WOLFSSL_SNIFFER_STATS
             if (ret != 0)
                 INC_STAT(SnifferStats.sslKeyFails);
         #endif
+
             /* left-padded with zeros up to the size of the prime */
-            if (params->p_len > session->sslServer->arrays->preMasterSz) {
+            if (ret == 0 && params->p_len > session->sslServer->arrays->preMasterSz) {
                 word32 diff = params->p_len - session->sslServer->arrays->preMasterSz;
                 XMEMMOVE(session->sslServer->arrays->preMasterSecret + diff,
                         session->sslServer->arrays->preMasterSecret,