feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

set ssl->hsHashesEch to NULL regardless of acceptance

Browse Source 
to avoid double free, clean up style violations
This commit is contained in:
John Bland
2023-09-20 14:51:40 -04:00
parent f7ca923b4b
commit f71423d626
1 changed files with 11 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

43
src/tls13.c
View File

@ -4700,37 +4700,30 @@ static int EchCheckAcceptance(WOLFSSL* ssl, const byte* input,
byte transcriptEchConf[WC_MAX_DIGEST_SIZE]; byte transcriptEchConf[WC_MAX_DIGEST_SIZE];
byte expandLabelPrk[WC_MAX_DIGEST_SIZE]; byte expandLabelPrk[WC_MAX_DIGEST_SIZE];
byte acceptConfirmation[ECH_ACCEPT_CONFIRMATION_SZ]; byte acceptConfirmation[ECH_ACCEPT_CONFIRMATION_SZ];
/* copy ech hashes to accept */ /* copy ech hashes to accept */
ret = InitHandshakeHashesAndCopy(ssl, ssl->hsHashesEch, &acceptHashes); ret = InitHandshakeHashesAndCopy(ssl, ssl->hsHashesEch, &acceptHashes);
/* swap hsHashes to acceptHashes */ /* swap hsHashes to acceptHashes */
tmpHashes = ssl->hsHashes; tmpHashes = ssl->hsHashes;
ssl->hsHashes = acceptHashes; ssl->hsHashes = acceptHashes;
/* hash up to the last 8 bytes */ /* hash up to the last 8 bytes */
if (ret == 0) if (ret == 0)
ret = HashRaw(ssl, input, serverRandomOffset + RAN_LEN - ret = HashRaw(ssl, input, serverRandomOffset + RAN_LEN -
ECH_ACCEPT_CONFIRMATION_SZ); ECH_ACCEPT_CONFIRMATION_SZ);
/* hash 8 zeros */ /* hash 8 zeros */
if (ret == 0) if (ret == 0)
ret = HashRaw(ssl, zeros, ECH_ACCEPT_CONFIRMATION_SZ); ret = HashRaw(ssl, zeros, ECH_ACCEPT_CONFIRMATION_SZ);
/* hash the rest of the hello */ /* hash the rest of the hello */
if (ret == 0) if (ret == 0) {
ret = HashRaw(ssl, input + serverRandomOffset + RAN_LEN, ret = HashRaw(ssl, input + serverRandomOffset + RAN_LEN,
helloSz + HANDSHAKE_HEADER_SZ - (serverRandomOffset + RAN_LEN)); helloSz + HANDSHAKE_HEADER_SZ - (serverRandomOffset + RAN_LEN));
}
/* get the modified transcript hash */ /* get the modified transcript hash */
if (ret == 0) if (ret == 0)
ret = GetMsgHash(ssl, transcriptEchConf); ret = GetMsgHash(ssl, transcriptEchConf);
if (ret > 0) if (ret > 0)
ret = 0; ret = 0;
/* pick the right type and size based on mac_algorithm */ /* pick the right type and size based on mac_algorithm */
if (ret == 0) if (ret == 0) {
switch (ssl->specs.mac_algorithm) { switch (ssl->specs.mac_algorithm) {
#ifndef NO_SHA256 #ifndef NO_SHA256
case sha256_mac: case sha256_mac:
@ -4760,12 +4753,11 @@ static int EchCheckAcceptance(WOLFSSL* ssl, const byte* input,
ret = -1; ret = -1;
break; break;
} }
}
/* extract clientRandomInner with a key of all zeros */ /* extract clientRandomInner with a key of all zeros */
if (ret == 0) if (ret == 0)
ret = wc_HKDF_Extract(digestType, zeros, digestSize, ret = wc_HKDF_Extract(digestType, zeros, digestSize,
ssl->arrays->clientRandomInner, RAN_LEN, expandLabelPrk); ssl->arrays->clientRandomInner, RAN_LEN, expandLabelPrk);
/* tls expand with the confirmation label */ /* tls expand with the confirmation label */
if (ret == 0) if (ret == 0)
ret = wc_Tls13_HKDF_Expand_Label(acceptConfirmation, ret = wc_Tls13_HKDF_Expand_Label(acceptConfirmation,
@ -4774,52 +4766,39 @@ static int EchCheckAcceptance(WOLFSSL* ssl, const byte* input,
TLS13_PROTOCOL_LABEL_SZ, echAcceptConfirmationLabel, TLS13_PROTOCOL_LABEL_SZ, echAcceptConfirmationLabel,
ECH_ACCEPT_CONFIRMATION_LABEL_SZ, transcriptEchConf, digestSize, ECH_ACCEPT_CONFIRMATION_LABEL_SZ, transcriptEchConf, digestSize,
digestType); digestType);
if (ret == 0) { if (ret == 0) {
/* last 8 bytes should match our expand output */ /* last 8 bytes should match our expand output */
ret = XMEMCMP(acceptConfirmation, ret = XMEMCMP(acceptConfirmation,
ssl->arrays->serverRandom + RAN_LEN - ECH_ACCEPT_CONFIRMATION_SZ, ssl->arrays->serverRandom + RAN_LEN - ECH_ACCEPT_CONFIRMATION_SZ,
ECH_ACCEPT_CONFIRMATION_SZ); ECH_ACCEPT_CONFIRMATION_SZ);
/* ech accepted */ /* ech accepted */
if (ret == 0) { if (ret == 0) {
/* use the inner random for client random */ /* use the inner random for client random */
XMEMCPY(ssl->arrays->clientRandom, ssl->arrays->clientRandomInner, XMEMCPY(ssl->arrays->clientRandom, ssl->arrays->clientRandomInner,
RAN_LEN); RAN_LEN);
/* switch back to original hsHashes to free */
/* switch back to original hsHashes */
ssl->hsHashes = tmpHashes; ssl->hsHashes = tmpHashes;
/* free hsHashes */
FreeHandshakeHashes(ssl);
/* set the final hsHashes to the ech hashes */ /* set the final hsHashes to the ech hashes */
tmpHashes = ssl->hsHashesEch; tmpHashes = ssl->hsHashesEch;
/* set hsHashesEch to NULL to avoid double free */
ssl->hsHashesEch = NULL;
} }
/* ech rejected */ /* ech rejected */
else { else {
/* switch to hsHashesEch */ /* switch to hsHashesEch to free */
ssl->hsHashes = ssl->hsHashesEch; ssl->hsHashes = ssl->hsHashesEch;
/* free ech hashes */
FreeHandshakeHashes(ssl);
} }
/* free hsHashes */
FreeHandshakeHashes(ssl);
/* set hsHashesEch to NULL to avoid double free */
ssl->hsHashesEch = NULL;
/* continue with outer if we failed to verify ech was accepted */ /* continue with outer if we failed to verify ech was accepted */
ret = 0; ret = 0;
} }
/* switch to acceptHashes */ /* switch to acceptHashes */
ssl->hsHashes = acceptHashes; ssl->hsHashes = acceptHashes;
/* free acceptHashes */ /* free acceptHashes */
FreeHandshakeHashes(ssl); FreeHandshakeHashes(ssl);
/* swap to tmp, will ech if accepted, hsHashes if rejected */
ssl->hsHashes = tmpHashes; ssl->hsHashes = tmpHashes;
return ret; return ret;
} }