From f8e674e45d209c01d2cad5f03715997dab74b29a Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Mon, 14 Dec 2020 16:53:54 -0800
Subject: [PATCH 1/2] PSK Alert When the server cannot match the client's
 identity, the server sends a unknown_psk_identity alert to the client.

---
 src/internal.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/src/internal.c b/src/internal.c
index 9db500b13..5a529ba5b 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -29405,6 +29405,10 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
 
                         if (ssl->arrays->psk_keySz == 0 ||
                                 ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN) {
+                            #ifdef WOLFSSL_EXTRA_ALERTS
+                                SendAlert(ssl, alert_fatal,
+                                        unknown_psk_identity);
+                            #endif
                             ERROR_OUT(PSK_KEY_ERROR, exit_dcke);
                         }
 
@@ -30285,6 +30289,10 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
 
                         if (ssl->arrays->psk_keySz == 0 ||
                                 ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN) {
+                            #ifdef WOLFSSL_EXTRA_ALERTS
+                                SendAlert(ssl, alert_fatal,
+                                        unknown_psk_identity);
+                            #endif
                             ERROR_OUT(PSK_KEY_ERROR, exit_dcke);
                         }
 

From 123c71365858c6bac2cd7272ee2785823847a129 Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Mon, 14 Dec 2020 18:13:26 -0800
Subject: [PATCH 2/2] Key Change Move the setting of the key in the handshake
 from right before sending the finished message to between building change
 cipher spec and sending it. This way there won't be any opportunity to send a
 message after the change cipher spec that won't be encrypted.

---
 src/internal.c | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/src/internal.c b/src/internal.c
index 5a529ba5b..749e2b7ba 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -15960,6 +15960,14 @@ int SendChangeCipher(WOLFSSL* ssl)
     #endif
     ssl->buffers.outputBuffer.length += sendSz;
 
+    /* setup encrypt keys */
+    if ((ret = SetKeysSide(ssl, ENCRYPT_SIDE_ONLY)) != 0)
+        return ret;
+
+    #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
+        ssl->options.startedETMWrite = ssl->options.encThenMac;
+    #endif
+
     if (ssl->options.groupMessages)
         return 0;
     #if defined(WOLFSSL_DTLS) && !defined(WOLFSSL_DEBUG_DTLS)
@@ -16707,14 +16715,6 @@ int SendFinished(WOLFSSL* ssl)
     WOLFSSL_START(WC_FUNC_FINISHED_SEND);
     WOLFSSL_ENTER("SendFinished");
 
-    /* setup encrypt keys */
-    if ((ret = SetKeysSide(ssl, ENCRYPT_SIDE_ONLY)) != 0)
-        return ret;
-
-    #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
-        ssl->options.startedETMWrite = ssl->options.encThenMac;
-    #endif
-
     /* check for available size */
     outputSz = sizeof(input) + MAX_MSG_EXTRA;
     if ((ret = CheckAvailableSize(ssl, outputSz)) != 0)