feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

add missing echConfigs check

Browse Source
This commit is contained in:
John Bland
2025-03-10 09:35:40 -04:00
parent 1fd952d6d0
commit a344ba1eb2
1 changed files with 7 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
src/tls13.c
View File

@ -5009,14 +5009,12 @@ static int EchWriteAcceptance(WOLFSSL* ssl, byte* label, word16 labelSz,
WOLFSSL_SERVER_END); WOLFSSL_SERVER_END);
PRIVATE_KEY_LOCK(); PRIVATE_KEY_LOCK();
} }
if (ret == 0) { /* mark that ech was accepted */
/* free hsHashesEch, if this is an HRR we will start at client hello 2*/ if (ret == 0 && msgType != hello_retry_request)
FreeHandshakeHashes(ssl); ssl->options.echAccepted = 1;
ssl->hsHashesEch = NULL; /* free hsHashesEch, if this is an HRR we will start at client hello 2*/
/* mark that ech was accepted */ FreeHandshakeHashes(ssl);
if (msgType != hello_retry_request) ssl->hsHashesEch = NULL;
ssl->options.echAccepted = 1;
}
ssl->hsHashes = tmpHashes; ssl->hsHashes = tmpHashes;
return ret; return ret;
} }
@ -7062,7 +7060,7 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
#if defined(HAVE_ECH) #if defined(HAVE_ECH)
/* hash clientHelloInner to hsHashesEch independently since it can't include /* hash clientHelloInner to hsHashesEch independently since it can't include
* the HRR */ * the HRR */
if (!ssl->options.disableECH) { if (ssl->ctx->echConfigs != NULL && !ssl->options.disableECH) {
tmpHashes = ssl->hsHashes; tmpHashes = ssl->hsHashes;
ssl->hsHashes = NULL; ssl->hsHashes = NULL;
ret = InitHandshakeHashes(ssl); ret = InitHandshakeHashes(ssl);