From 0da8694ff3bfee440c0acbab3d597461e1dc14c5 Mon Sep 17 00:00:00 2001
From: Sean Parkinson <sean@wolfssl.com>
Date: Fri, 9 Feb 2018 11:12:04 +1000
Subject: [PATCH] Fix Hello Retry Request parsing of new KeyShare choice

---
 src/tls.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/tls.c b/src/tls.c
index 7ef746460..e889d97a7 100644
--- a/src/tls.c
+++ b/src/tls.c
@@ -5988,6 +5988,11 @@ static int TLSX_KeyShare_Parse(WOLFSSL* ssl, byte* input, word16 length,
         if (TLSX_KeyShare_Find(ssl, group))
             return BAD_KEY_SHARE_DATA;
 
+        /* Clear out unusable key shares. */
+        ret = TLSX_KeyShare_Empty(ssl);
+        if (ret != 0)
+            return ret;
+
         /* Try to use the server's group. */
         ret = TLSX_KeyShare_Use(ssl, group, 0, NULL, NULL);
     }