From a23edb84d409fc2783406ba2ba84ce80adea95cf Mon Sep 17 00:00:00 2001
From: John Bland <john.bland@wolfssl.com>
Date: Tue, 26 Sep 2023 15:16:52 -0400
Subject: [PATCH] only copy the hsHashes if the server is actually using ech

---
 src/tls13.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/tls13.c b/src/tls13.c
index fee31b88b..480959b27 100644
--- a/src/tls13.c
+++ b/src/tls13.c
@@ -7256,7 +7256,7 @@ int SendTls13ServerHello(WOLFSSL* ssl, byte extMsgType)
 
 #ifdef HAVE_ECH
     /* copy the hsHashes to hsHashesEch since they will get blown away by hrr */
-    if (ssl->hsHashesEch == NULL)
+    if (ssl->ctx->echConfigs != NULL && ssl->hsHashesEch == NULL)
         InitHandshakeHashesAndCopy(ssl, ssl->hsHashes, &ssl->hsHashesEch);
 #endif