wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-01 03:34:39 +02:00
Code Issues Packages Projects Releases Wiki Activity

sessionSecretCb should only be called when a ticket is present

Browse Source
This commit is contained in:
Juliusz Sosinowicz
2022-07-06 15:06:28 +02:00
parent 63b4c475d4
commit 9b085a44be
2 changed files with 16 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
src/internal.c
View File

@@ -24636,8 +24636,12 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType,
#ifdef HAVE_SECRET_CALLBACK
/* If a session secret callback exists, we are using that
* key instead of the saved session key. */
ret = ret || (ssl->sessionSecretCb != NULL);
* key instead of the saved session key. Requires a ticket. */
ret = ret || (ssl->sessionSecretCb != NULL
#ifdef HAVE_SESSION_TICKET
&& ssl->session->ticketLen > 0
#endif
);
#endif
#ifdef HAVE_SESSION_TICKET
@@ -24984,7 +24988,11 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType,
}
#ifdef HAVE_SECRET_CALLBACK
if (ssl->sessionSecretCb != NULL) {
if (ssl->sessionSecretCb != NULL
#ifdef HAVE_SESSION_TICKET
&& ssl->session->ticketLen > 0
#endif
) {
int secretSz = SECRET_LEN;
ret = ssl->sessionSecretCb(ssl, ssl->session->masterSecret,
&secretSz, ssl->sessionSecretCtx);

6
src/tls13.c
View File

@@ -3921,7 +3921,11 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
ssl->options.serverState = SERVER_HELLO_COMPLETE;
#ifdef HAVE_SECRET_CALLBACK
if (ssl->sessionSecretCb != NULL) {
if (ssl->sessionSecretCb != NULL
#ifdef HAVE_SESSION_TICKET
&& ssl->session->ticketLen > 0
#endif
) {
int secretSz = SECRET_LEN;
ret = ssl->sessionSecretCb(ssl, ssl->session->masterSecret,
&secretSz, ssl->sessionSecretCtx);