From f2032e8744b6515665feed6b34cc2d15df17fcf9 Mon Sep 17 00:00:00 2001
From: Juliusz Sosinowicz <juliusz@wolfssl.com>
Date: Tue, 21 Feb 2023 13:23:00 +0100
Subject: [PATCH] Clear decrypted ticket that failed checks in
 DoClientTicket_ex

---
 src/internal.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/internal.c b/src/internal.c
index c0e98e45c..ee6d4c3c7 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -34821,6 +34821,10 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
         ret = DoClientTicketCheckVersion(ssl, psk->it);
         if (ret != 0) {
             psk->decryptRet = PSK_DECRYPT_FAIL;
+            ForceZero(psk->identity, psk->identityLen);
+#ifdef WOLFSSL_CHECK_MEM_ZERO
+            wc_MemZero_Check(psk->it, sizeof(InternalTicket));
+#endif
             return ret;
         }
         return decryptRet;