From 3c1c4792da7232fc75198bddfe795a8d32674fa1 Mon Sep 17 00:00:00 2001 From: JeremiahM37 Date: Fri, 30 May 2025 12:07:32 -0600 Subject: [PATCH] tls fix for set_groups --- src/tls.c | 47 +++++++++++++++++++++++++++++++++-------------- 1 file changed, 33 insertions(+), 14 deletions(-) diff --git a/src/tls.c b/src/tls.c index b96eb38f4..74cac6ab4 100644 --- a/src/tls.c +++ b/src/tls.c @@ -5042,13 +5042,15 @@ static word16 TLSX_PointFormat_Write(PointFormat* list, byte* output) #if !defined(NO_WOLFSSL_SERVER) || (defined(WOLFSSL_TLS13) && \ !defined(WOLFSSL_NO_SERVER_GROUPS_EXT)) - int TLSX_SupportedCurve_Parse(const WOLFSSL* ssl, const byte* input, word16 length, byte isRequest, TLSX** extensions) { word16 offset; word16 name; int ret; + TLSX* existingExt; + TLSX* newExt = NULL; + SupportedCurve* intersectionCurve; if(!isRequest && !IsAtLeastTLSv1_3(ssl->version)) { #ifdef WOLFSSL_ALLOW_SERVER_SC_EXT @@ -5057,16 +5059,12 @@ int TLSX_SupportedCurve_Parse(const WOLFSSL* ssl, const byte* input, return BUFFER_ERROR; /* servers doesn't send this extension. */ #endif } - if (OPAQUE16_LEN > length || length % OPAQUE16_LEN) return BUFFER_ERROR; - ato16(input, &offset); - /* validating curve list length */ if (length != OPAQUE16_LEN + offset) return BUFFER_ERROR; - offset = OPAQUE16_LEN; if (offset == length) return 0; @@ -5075,17 +5073,14 @@ int TLSX_SupportedCurve_Parse(const WOLFSSL* ssl, const byte* input, if (!isRequest) { TLSX* extension; SupportedCurve* curve; - extension = TLSX_Find(*extensions, TLSX_SUPPORTED_GROUPS); if (extension != NULL) { /* Replace client list with server list of supported groups. */ curve = (SupportedCurve*)extension->data; extension->data = NULL; TLSX_SupportedCurve_FreeAll(curve, ssl->heap); - ato16(input + offset, &name); offset += OPAQUE16_LEN; - ret = TLSX_SupportedCurve_New(&curve, name, ssl->heap); if (ret != 0) return ret; /* throw error */ @@ -5094,20 +5089,44 @@ int TLSX_SupportedCurve_Parse(const WOLFSSL* ssl, const byte* input, } #endif + existingExt = TLSX_Find(*extensions, TLSX_SUPPORTED_GROUPS); + for (; offset < length; offset += OPAQUE16_LEN) { ato16(input + offset, &name); - - ret = TLSX_UseSupportedCurve(extensions, name, ssl->heap); + if (existingExt != NULL) { + /* Check if this curve exists in our current list */ + intersectionCurve = (SupportedCurve*)existingExt->data; + while (intersectionCurve != NULL) { + if (intersectionCurve->name == name) { + ret = TLSX_UseSupportedCurve(&newExt, name, ssl->heap); + if (ret != WOLFSSL_SUCCESS && ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return ret; + break; + } + intersectionCurve = intersectionCurve->next; + } + } + else { + ret = TLSX_UseSupportedCurve(extensions, name, ssl->heap); + if (ret != WOLFSSL_SUCCESS && ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return ret; + } /* If it is BAD_FUNC_ARG then it is a group we do not support, but * that is fine. */ - if (ret != WOLFSSL_SUCCESS && ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) { - return ret; - } } + if (existingExt != NULL) { + if (newExt == NULL){ + printf("No commong group found\n"); + return ECC_CURVE_ERROR; + } + /* Replace existing extension data with intersection */ + intersectionCurve = (SupportedCurve*)existingExt->data; + TLSX_SupportedCurve_FreeAll(intersectionCurve, ssl->heap); + existingExt->data = newExt->data; + } return 0; } - #endif #if !defined(NO_WOLFSSL_SERVER)