diff --git a/src/ssl_ech.c b/src/ssl_ech.c index 86f6fe40ee..eb9b9a6a5a 100644 --- a/src/ssl_ech.c +++ b/src/ssl_ech.c @@ -316,6 +316,7 @@ int GetEchConfig(WOLFSSL_EchConfig* config, byte* output, word32* outputLen) { int i; word16 totalLen = 0; + word16 kemEncLen; word16 publicNameLen; if (config == NULL || (output == NULL && outputLen == NULL)) @@ -338,7 +339,10 @@ int GetEchConfig(WOLFSSL_EchConfig* config, byte* output, word32* outputLen) totalLen += 2; /* hpke_pub_key */ - totalLen += wc_HpkeKemGetEncLen(config->kemId); + kemEncLen = wc_HpkeKemGetEncLen(config->kemId); + if (kemEncLen == 0) + return BAD_FUNC_ARG; + totalLen += kemEncLen; /* cipherSuitesLen */ totalLen += 2; @@ -378,38 +382,10 @@ int GetEchConfig(WOLFSSL_EchConfig* config, byte* output, word32* outputLen) output += 2; /* length and key itself */ - switch (config->kemId) { - case DHKEM_P256_HKDF_SHA256: - c16toa(DHKEM_P256_ENC_LEN, output); - output += 2; - XMEMCPY(output, config->receiverPubkey, DHKEM_P256_ENC_LEN); - output += DHKEM_P256_ENC_LEN; - break; - case DHKEM_P384_HKDF_SHA384: - c16toa(DHKEM_P384_ENC_LEN, output); - output += 2; - XMEMCPY(output, config->receiverPubkey, DHKEM_P384_ENC_LEN); - output += DHKEM_P384_ENC_LEN; - break; - case DHKEM_P521_HKDF_SHA512: - c16toa(DHKEM_P521_ENC_LEN, output); - output += 2; - XMEMCPY(output, config->receiverPubkey, DHKEM_P521_ENC_LEN); - output += DHKEM_P521_ENC_LEN; - break; - case DHKEM_X25519_HKDF_SHA256: - c16toa(DHKEM_X25519_ENC_LEN, output); - output += 2; - XMEMCPY(output, config->receiverPubkey, DHKEM_X25519_ENC_LEN); - output += DHKEM_X25519_ENC_LEN; - break; - case DHKEM_X448_HKDF_SHA512: - c16toa(DHKEM_X448_ENC_LEN, output); - output += 2; - XMEMCPY(output, config->receiverPubkey, DHKEM_X448_ENC_LEN); - output += DHKEM_X448_ENC_LEN; - break; - } + c16toa(kemEncLen, output); + output += 2; + XMEMCPY(output, config->receiverPubkey, kemEncLen); + output += kemEncLen; /* cipherSuites len */ c16toa(config->numCipherSuites * 4, output); diff --git a/tests/api.c b/tests/api.c index 59a04dacf9..a2fe2baa6b 100644 --- a/tests/api.c +++ b/tests/api.c @@ -14572,22 +14572,24 @@ static int test_wolfSSL_Tls13_ECH_all_algos(void) int k; static const word16 kems[] = { #if defined(HAVE_ECC) -#if (defined(WOLFSSL_SHA224) || !defined(NO_SHA256)) +#if (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && !defined(NO_SHA256) DHKEM_P256_HKDF_SHA256, #endif -#if defined(WOLFSSL_SHA384) +#if (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)) && \ + defined(WOLFSSL_SHA384) DHKEM_P384_HKDF_SHA384, #endif -#if (defined(WOLFSSL_SHA384) || defined(WOLFSSL_SHA512)) +#if (defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)) && \ + defined(WOLFSSL_SHA512) DHKEM_P521_HKDF_SHA512, #endif #endif /* HAVE_ECC */ -#if defined(HAVE_CURVE25519) && (defined(WOLFSSL_SHA224) || !defined(NO_SHA256)) +#if defined(HAVE_CURVE25519) && !defined(NO_SHA256) DHKEM_X25519_HKDF_SHA256, #endif }; static const word16 kdfs[] = { -#if defined(WOLFSSL_SHA224) || !defined(NO_SHA256) +#if !defined(NO_SHA256) HKDF_SHA256, #endif #ifdef WOLFSSL_SHA384 diff --git a/wolfcrypt/src/hpke.c b/wolfcrypt/src/hpke.c index fd5f76a266..a67da93ca9 100644 --- a/wolfcrypt/src/hpke.c +++ b/wolfcrypt/src/hpke.c @@ -153,7 +153,12 @@ int wc_HpkeInit(Hpke* hpke, int kem, int kdf, int aead, void* heap) hpke->curveId = ECC_SECP256R1; hpke->Nsecret = WC_SHA256_DIGEST_SIZE; hpke->kemDigest = WC_SHA256; - hpke->Ndh = (word32)wc_ecc_get_curve_size_from_id(hpke->curveId); + ret = wc_ecc_get_curve_size_from_id(hpke->curveId); + if (ret < 0) { + break; + } + hpke->Ndh = (word32)ret; + ret = 0; hpke->Npk = 1 + hpke->Ndh * 2; break; #endif @@ -164,7 +169,12 @@ int wc_HpkeInit(Hpke* hpke, int kem, int kdf, int aead, void* heap) hpke->curveId = ECC_SECP384R1; hpke->Nsecret = WC_SHA384_DIGEST_SIZE; hpke->kemDigest = WC_SHA384; - hpke->Ndh = (word32)wc_ecc_get_curve_size_from_id(hpke->curveId); + ret = wc_ecc_get_curve_size_from_id(hpke->curveId); + if (ret < 0) { + break; + } + hpke->Ndh = (word32)ret; + ret = 0; hpke->Npk = 1 + hpke->Ndh * 2; break; #endif @@ -175,7 +185,12 @@ int wc_HpkeInit(Hpke* hpke, int kem, int kdf, int aead, void* heap) hpke->curveId = ECC_SECP521R1; hpke->Nsecret = WC_SHA512_DIGEST_SIZE; hpke->kemDigest = WC_SHA512; - hpke->Ndh = (word32)wc_ecc_get_curve_size_from_id(hpke->curveId); + ret = wc_ecc_get_curve_size_from_id(hpke->curveId); + if (ret < 0) { + break; + } + hpke->Ndh = (word32)ret; + ret = 0; hpke->Npk = 1 + hpke->Ndh * 2; break; #endif @@ -260,10 +275,6 @@ int wc_HpkeInit(Hpke* hpke, int kem, int kdf, int aead, void* heap) } } - if ((int)hpke->Ndh < 0) { - return (int)hpke->Ndh; - } - return ret; }