mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-05 19:20:49 +02:00
fixed seg fault when confirmation not present
This commit is contained in:
@@ -13584,8 +13584,6 @@ static int TLSX_ECH_Parse(WOLFSSL* ssl, const byte* readBuf, word16 size,
|
||||
}
|
||||
/* HRR with special confirmation */
|
||||
else if (msgType == hello_retry_request && ssl->options.useEch) {
|
||||
/* TODO: confirmation may not exist -> segfault? */
|
||||
printf("\n\ngot special confirmation\n\n\n");
|
||||
/* length must be 8 */
|
||||
if (size != ECH_ACCEPT_CONFIRMATION_SZ)
|
||||
return BAD_FUNC_ARG;
|
||||
@@ -14441,7 +14439,6 @@ static int TLSX_Write(TLSX* list, byte* output, byte* semaphore,
|
||||
WOLFSSL_MSG("ECH extension to write");
|
||||
ret = ECH_WRITE((WOLFSSL_ECH*)extension->data, msgType,
|
||||
output + offset, &offset);
|
||||
fprintf(stderr, "\t\thit this\n");
|
||||
break;
|
||||
#endif
|
||||
default:
|
||||
@@ -16975,6 +16972,18 @@ int TLSX_Parse(WOLFSSL* ssl, const byte* input, word16 length, byte msgType,
|
||||
if (ret == 0)
|
||||
ret = TCA_VERIFY_PARSE(ssl, isRequest);
|
||||
|
||||
#if defined(WOLFSSL_TLS13) && defined(HAVE_ECH)
|
||||
/* If client used ECH, server HRR must include ECH confirmation */
|
||||
if (ret == 0 && msgType == hello_retry_request && ssl->options.useEch == 1) {
|
||||
TLSX* echX = TLSX_Find(ssl->extensions, TLSX_ECH);
|
||||
if (echX == NULL || ((WOLFSSL_ECH*)echX->data)->confBuf == NULL) {
|
||||
WOLFSSL_MSG("ECH used but HRR missing ECH confirmation");
|
||||
WOLFSSL_ERROR_VERBOSE(EXT_MISSING);
|
||||
ret = EXT_MISSING;
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
WOLFSSL_LEAVE("Leaving TLSX_Parse", ret);
|
||||
return ret;
|
||||
}
|
||||
|
||||
-21
@@ -257,7 +257,6 @@ static int Tls13HKDFExpandKeyLabel(WOLFSSL* ssl, byte* okm, word32 okmLen,
|
||||
#endif
|
||||
|
||||
#if !defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(6,0))
|
||||
printf("Running this\n");
|
||||
ret = wc_Tls13_HKDF_Expand_Label_ex(okm, okmLen, prk, prkLen,
|
||||
protocol, protocolLen,
|
||||
label, labelLen,
|
||||
@@ -5681,10 +5680,8 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
|
||||
if (args->extMsgType == hello_retry_request) {
|
||||
args->acceptOffset =
|
||||
(word32)(((WOLFSSL_ECH*)args->echX->data)->confBuf - input);
|
||||
printf("\n\n\nCONFBUF %p\n", ((WOLFSSL_ECH*)args->echX->data)->confBuf);
|
||||
args->acceptLabel = (byte*)echHrrAcceptConfirmationLabel;
|
||||
args->acceptLabelSz = ECH_HRR_ACCEPT_CONFIRMATION_LABEL_SZ;
|
||||
printf("\n\nHELLO RETRY REQUEST\n\n\n");
|
||||
}
|
||||
else {
|
||||
args->acceptLabel = (byte*)echAcceptConfirmationLabel;
|
||||
@@ -5692,7 +5689,6 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
|
||||
}
|
||||
/* check acceptance */
|
||||
if (ret == 0) {
|
||||
printf("inOutIdx %d acceptOffset %d\n", *inOutIdx, args->acceptOffset);
|
||||
ret = EchCheckAcceptance(ssl, args->acceptLabel,
|
||||
args->acceptLabelSz, input, args->acceptOffset, helloSz);
|
||||
}
|
||||
@@ -5762,7 +5758,6 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
|
||||
ssl->options.tls1_3 = 1;
|
||||
ssl->options.serverState = SERVER_HELLO_RETRY_REQUEST_COMPLETE;
|
||||
|
||||
printf("\n\n\nRestarting HASH\n\n\n\n");
|
||||
ret = RestartHandshakeHash(ssl);
|
||||
}
|
||||
|
||||
@@ -13062,19 +13057,11 @@ int DoTls13HandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx,
|
||||
return OUT_OF_ORDER_E;
|
||||
}
|
||||
|
||||
if (ssl->options.echAccepted == 1) {
|
||||
printf("\n\n\nHIGH LEVEL - ECH ACCEPTED\n\n\n\n");
|
||||
}
|
||||
else {
|
||||
printf("\n\n\nHIGH LEVEL - ECH REJECTED\n\n\n\n");
|
||||
}
|
||||
|
||||
/* above checks handshake state */
|
||||
switch (type) {
|
||||
#ifndef NO_WOLFSSL_CLIENT
|
||||
/* Messages only received by client. */
|
||||
case server_hello:
|
||||
printf("\n\n\nProcessing SERVER HELLO\n\n\n\n");
|
||||
WOLFSSL_MSG("processing server hello");
|
||||
ret = DoTls13ServerHello(ssl, input, inOutIdx, size, &type);
|
||||
#if !defined(WOLFSSL_NO_CLIENT_AUTH) && \
|
||||
@@ -13225,14 +13212,6 @@ int DoTls13HandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx,
|
||||
break;
|
||||
}
|
||||
|
||||
if (ssl->options.echAccepted == 1) {
|
||||
printf("\n\n\nHIGH LEVEL 2 - ECH ACCEPTED\n\n\n\n");
|
||||
}
|
||||
else {
|
||||
printf("\n\n\nHIGH LEVEL 2 - ECH REJECTED\n\n\n\n");
|
||||
}
|
||||
|
||||
|
||||
#if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLFSSL_ASYNC_IO)
|
||||
/* if async, offset index so this msg will be processed again */
|
||||
/* NOTE: check this now before other calls can overwrite ret */
|
||||
|
||||
Reference in New Issue
Block a user