From 9b085a44beb322672f4a6ad2f8a1738443701a96 Mon Sep 17 00:00:00 2001
From: Juliusz Sosinowicz <juliusz@wolfssl.com>
Date: Wed, 6 Jul 2022 15:06:28 +0200
Subject: [PATCH] sessionSecretCb should only be called when a ticket is
 present

---
 src/internal.c | 14 +++++++++++---
 src/tls13.c    |  6 +++++-
 2 files changed, 16 insertions(+), 4 deletions(-)

diff --git a/src/internal.c b/src/internal.c
index 785c6db27..85991cff8 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -24636,8 +24636,12 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType,
 
 #ifdef HAVE_SECRET_CALLBACK
         /* If a session secret callback exists, we are using that
-         * key instead of the saved session key. */
-        ret = ret || (ssl->sessionSecretCb != NULL);
+         * key instead of the saved session key. Requires a ticket. */
+        ret = ret || (ssl->sessionSecretCb != NULL
+#ifdef HAVE_SESSION_TICKET
+                && ssl->session->ticketLen > 0
+#endif
+                );
 #endif
 
 #ifdef HAVE_SESSION_TICKET
@@ -24984,7 +24988,11 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType,
         }
 
 #ifdef HAVE_SECRET_CALLBACK
-        if (ssl->sessionSecretCb != NULL) {
+        if (ssl->sessionSecretCb != NULL
+#ifdef HAVE_SESSION_TICKET
+                && ssl->session->ticketLen > 0
+#endif
+                ) {
             int secretSz = SECRET_LEN;
             ret = ssl->sessionSecretCb(ssl, ssl->session->masterSecret,
                                               &secretSz, ssl->sessionSecretCtx);
diff --git a/src/tls13.c b/src/tls13.c
index 431c2e666..8606619c4 100644
--- a/src/tls13.c
+++ b/src/tls13.c
@@ -3921,7 +3921,11 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
     ssl->options.serverState = SERVER_HELLO_COMPLETE;
 
 #ifdef HAVE_SECRET_CALLBACK
-    if (ssl->sessionSecretCb != NULL) {
+    if (ssl->sessionSecretCb != NULL
+#ifdef HAVE_SESSION_TICKET
+            && ssl->session->ticketLen > 0
+#endif
+            ) {
         int secretSz = SECRET_LEN;
         ret = ssl->sessionSecretCb(ssl, ssl->session->masterSecret,
                                    &secretSz, ssl->sessionSecretCtx);