From 9acba6ee2d4a5f6148d063801ee8a5077c30e53a Mon Sep 17 00:00:00 2001
From: Sean Parkinson <sean@wolfssl.com>
Date: Tue, 26 Sep 2023 12:50:26 +1000
Subject: [PATCH] Static RSA length check

Better length check on decrypted pre-master secret length.
---
 src/internal.c | 5 ++++-
 src/ssl.c      | 2 +-
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/src/internal.c b/src/internal.c
index e249a95a7..6c8cbbe16 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -38222,6 +38222,7 @@ static int DefTicketEncCb(WOLFSSL* ssl, byte key_name[WOLFSSL_TICKET_NAME_SZ],
                     case rsa_kea:
                     {
                         RsaKey* key = (RsaKey*)ssl->hsKey;
+                        int lenErrMask;
 
                         ret = RsaDec(ssl,
                             input + args->idx,
@@ -38247,7 +38248,9 @@ static int DefTicketEncCb(WOLFSSL* ssl, byte key_name[WOLFSSL_TICKET_NAME_SZ],
                         if (ret == BAD_FUNC_ARG)
                             goto exit_dcke;
 
-                        args->lastErr = ret - (SECRET_LEN - args->sigSz);
+                        lenErrMask = 0 - (SECRET_LEN != args->sigSz);
+                        args->lastErr = (ret & (~lenErrMask)) |
+                            (RSA_PAD_E & lenErrMask);
                         ret = 0;
                         break;
                     } /* rsa_kea */
diff --git a/src/ssl.c b/src/ssl.c
index 499e704b4..bce8058cf 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -32840,7 +32840,7 @@ int wolfSSL_set_alpn_protos(WOLFSSL* ssl,
         const unsigned char* p, unsigned int p_len)
 {
     WOLFSSL_BIO* bio;
-    char* pt;
+    char* pt = NULL;
 
     unsigned int sz;
     unsigned int idx = 0;