wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-30 18:57:27 +02:00
Code Issues Packages Projects Releases Wiki Activity

clean up some post-rebase issues

Browse Source
This commit is contained in:
John Bland
2024-01-02 20:12:13 -05:00
parent b62f582fcc
commit 36c89cc5ad
1 changed files with 19 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
src/tls13.c
View File

@ -4743,7 +4743,7 @@ static int EchCheckAcceptance(WOLFSSL* ssl, byte* label, word16 labelSz,
int digestType; int digestType;
int digestSize; int digestSize;
HS_Hashes* tmpHashes; HS_Hashes* tmpHashes;
HS_Hashes* acceptHashes; HS_Hashes* acceptHashes = NULL;
byte zeros[WC_MAX_DIGEST_SIZE]; byte zeros[WC_MAX_DIGEST_SIZE];
byte transcriptEchConf[WC_MAX_DIGEST_SIZE]; byte transcriptEchConf[WC_MAX_DIGEST_SIZE];
byte expandLabelPrk[WC_MAX_DIGEST_SIZE]; byte expandLabelPrk[WC_MAX_DIGEST_SIZE];
@ -4752,11 +4752,12 @@ static int EchCheckAcceptance(WOLFSSL* ssl, byte* label, word16 labelSz,
XMEMSET(transcriptEchConf, 0, sizeof(transcriptEchConf)); XMEMSET(transcriptEchConf, 0, sizeof(transcriptEchConf));
XMEMSET(expandLabelPrk, 0, sizeof(expandLabelPrk)); XMEMSET(expandLabelPrk, 0, sizeof(expandLabelPrk));
XMEMSET(acceptConfirmation, 0, sizeof(acceptConfirmation)); XMEMSET(acceptConfirmation, 0, sizeof(acceptConfirmation));
/* store so we can restore regardless of the outcome */
tmpHashes = ssl->hsHashes;
/* copy ech hashes to accept */ /* copy ech hashes to accept */
ret = InitHandshakeHashesAndCopy(ssl, ssl->hsHashesEch, &acceptHashes); ret = InitHandshakeHashesAndCopy(ssl, ssl->hsHashesEch, &acceptHashes);
if (ret == 0) { if (ret == 0) {
/* swap hsHashes to acceptHashes */ /* swap hsHashes to acceptHashes */
tmpHashes = ssl->hsHashes;
ssl->hsHashes = acceptHashes; ssl->hsHashes = acceptHashes;
/* hash up to the last 8 bytes */ /* hash up to the last 8 bytes */
ret = HashRaw(ssl, input, acceptOffset); ret = HashRaw(ssl, input, acceptOffset);
@ -4824,11 +4825,9 @@ static int EchCheckAcceptance(WOLFSSL* ssl, byte* label, word16 labelSz,
/* tls expand with the confirmation label */ /* tls expand with the confirmation label */
if (ret == 0) { if (ret == 0) {
PRIVATE_KEY_UNLOCK(); PRIVATE_KEY_UNLOCK();
ret = Tls13HKDFExpandKeyLabel(ssl, ret = Tls13HKDFExpandKeyLabel(ssl, acceptConfirmation,
acceptConfirmation, ECH_ACCEPT_CONFIRMATION_SZ, ECH_ACCEPT_CONFIRMATION_SZ, expandLabelPrk, digestSize,
expandLabelPrk, digestSize, tls13ProtocolLabel, TLS13_PROTOCOL_LABEL_SZ, label, labelSz,
tls13ProtocolLabel, TLS13_PROTOCOL_LABEL_SZ,
echAcceptConfirmationLabel, ECH_ACCEPT_CONFIRMATION_LABEL_SZ,
transcriptEchConf, digestSize, digestType, WOLFSSL_SERVER_END); transcriptEchConf, digestSize, digestType, WOLFSSL_SERVER_END);
PRIVATE_KEY_LOCK(); PRIVATE_KEY_LOCK();
} }
@ -4876,18 +4875,19 @@ static int EchWriteAcceptance(WOLFSSL* ssl, byte* label, word16 labelSz,
int digestType; int digestType;
int digestSize; int digestSize;
HS_Hashes* tmpHashes; HS_Hashes* tmpHashes;
HS_Hashes* acceptHashes; HS_Hashes* acceptHashes = NULL;
byte zeros[WC_MAX_DIGEST_SIZE]; byte zeros[WC_MAX_DIGEST_SIZE];
byte transcriptEchConf[WC_MAX_DIGEST_SIZE]; byte transcriptEchConf[WC_MAX_DIGEST_SIZE];
byte expandLabelPrk[WC_MAX_DIGEST_SIZE]; byte expandLabelPrk[WC_MAX_DIGEST_SIZE];
XMEMSET(zeros, 0, sizeof(zeros)); XMEMSET(zeros, 0, sizeof(zeros));
XMEMSET(transcriptEchConf, 0, sizeof(transcriptEchConf)); XMEMSET(transcriptEchConf, 0, sizeof(transcriptEchConf));
XMEMSET(expandLabelPrk, 0, sizeof(expandLabelPrk)); XMEMSET(expandLabelPrk, 0, sizeof(expandLabelPrk));
/* store so we can restore regardless of the outcome */
tmpHashes = ssl->hsHashes;
/* copy ech hashes to accept */ /* copy ech hashes to accept */
ret = InitHandshakeHashesAndCopy(ssl, ssl->hsHashesEch, &acceptHashes); ret = InitHandshakeHashesAndCopy(ssl, ssl->hsHashesEch, &acceptHashes);
if (ret == 0) { if (ret == 0) {
/* swap hsHashes to acceptHashes */ /* swap hsHashes to acceptHashes */
tmpHashes = ssl->hsHashes;
ssl->hsHashes = acceptHashes; ssl->hsHashes = acceptHashes;
/* hash up to the acceptOffset */ /* hash up to the acceptOffset */
ret = HashRaw(ssl, output, acceptOffset); ret = HashRaw(ssl, output, acceptOffset);
@ -4954,20 +4954,19 @@ static int EchWriteAcceptance(WOLFSSL* ssl, byte* label, word16 labelSz,
/* tls expand with the confirmation label */ /* tls expand with the confirmation label */
if (ret == 0) { if (ret == 0) {
PRIVATE_KEY_UNLOCK(); PRIVATE_KEY_UNLOCK();
ret = Tls13HKDFExpandKeyLabel(ssl, ret = Tls13HKDFExpandKeyLabel(ssl, output + acceptOffset,
output + serverRandomOffset + RAN_LEN - ECH_ACCEPT_CONFIRMATION_SZ, ECH_ACCEPT_CONFIRMATION_SZ, expandLabelPrk, digestSize,
ECH_ACCEPT_CONFIRMATION_SZ, tls13ProtocolLabel, TLS13_PROTOCOL_LABEL_SZ, label, labelSz,
expandLabelPrk, digestSize,
tls13ProtocolLabel, TLS13_PROTOCOL_LABEL_SZ,
echAcceptConfirmationLabel, ECH_ACCEPT_CONFIRMATION_LABEL_SZ,
transcriptEchConf, digestSize, digestType, WOLFSSL_SERVER_END); transcriptEchConf, digestSize, digestType, WOLFSSL_SERVER_END);
PRIVATE_KEY_LOCK(); PRIVATE_KEY_LOCK();
} }
/* free hsHashesEch if this is the last ech involved message */ if (ret == 0) {
if (msgType != hello_retry_request) { /* free hsHashesEch if this is the last ech involved message */
FreeHandshakeHashes(ssl); if (msgType != hello_retry_request) {
ssl->hsHashesEch = NULL; FreeHandshakeHashes(ssl);
ssl->options.echAccepted = 1; ssl->hsHashesEch = NULL;
ssl->options.echAccepted = 1;
}
} }
ssl->hsHashes = tmpHashes; ssl->hsHashes = tmpHashes;
return ret; return ret;