mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-06 19:30:55 +02:00
Merge pull request #10094 from sebastian-carpenter/GH-10068
Fixes: for GH #10068
This commit is contained in:
+3
-2
@@ -547,8 +547,9 @@ int SetEchConfigsEx(WOLFSSL_EchConfig** outputConfigs, void* heap,
|
||||
ato16(echConfig, &hpkePubkeyLen);
|
||||
echConfig += 2;
|
||||
|
||||
/* hpke public_key */
|
||||
if (hpkePubkeyLen > HPKE_Npk_MAX || hpkePubkeyLen == 0) {
|
||||
/* hpke public_key
|
||||
* KEM support will be checked along with the ciphersuites */
|
||||
if (hpkePubkeyLen != wc_HpkeKemGetEncLen(workingConfig->kemId)) {
|
||||
ret = BUFFER_E;
|
||||
break;
|
||||
}
|
||||
|
||||
@@ -13800,7 +13800,7 @@ static int TLSX_ECH_Write(WOLFSSL_ECH* ech, byte msgType, byte* writeBuf,
|
||||
writeBuf_p += ech->encLen;
|
||||
}
|
||||
/* innerClientHelloLen */
|
||||
c16toa(ech->innerClientHelloLen, writeBuf_p);
|
||||
c16toa((word16)ech->innerClientHelloLen, writeBuf_p);
|
||||
writeBuf_p += 2;
|
||||
/* set payload offset for when we finalize */
|
||||
ech->outerClientPayload = writeBuf_p;
|
||||
@@ -14195,6 +14195,9 @@ static int TLSX_ECH_ExpandOuterExtensions(WOLFSSL* ssl, WOLFSSL_ECH* ech,
|
||||
|
||||
newInnerChLen = innerChLen - echOuterExtLen + extraSize - sessionIdLen +
|
||||
ssl->session->sessionIDSz;
|
||||
if (newInnerChLen > 0xFFFF) {
|
||||
return BUFFER_E;
|
||||
}
|
||||
|
||||
if (!foundEchOuter && sessionIdLen == ssl->session->sessionIDSz) {
|
||||
/* no extensions + no sessionID to copy */
|
||||
@@ -14259,7 +14262,7 @@ static int TLSX_ECH_ExpandOuterExtensions(WOLFSSL* ssl, WOLFSSL_ECH* ech,
|
||||
if (ret == 0) {
|
||||
XFREE(ech->innerClientHello, heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
ech->innerClientHello = newInnerCh;
|
||||
ech->innerClientHelloLen = (word16)newInnerChLen;
|
||||
ech->innerClientHelloLen = newInnerChLen;
|
||||
newInnerCh = NULL;
|
||||
}
|
||||
|
||||
@@ -14373,6 +14376,7 @@ static int TLSX_ECH_Parse(WOLFSSL* ssl, const byte* readBuf, word16 size,
|
||||
word32 offset = 0;
|
||||
word16 len;
|
||||
word16 tmpVal16;
|
||||
word16 lenCh;
|
||||
|
||||
WOLFSSL_MSG("TLSX_ECH_Parse");
|
||||
if (ssl->options.disableECH) {
|
||||
@@ -14489,7 +14493,8 @@ static int TLSX_ECH_Parse(WOLFSSL* ssl, const byte* readBuf, word16 size,
|
||||
readBuf_p += len;
|
||||
offset += len;
|
||||
/* read payload (encrypted CH) len */
|
||||
ato16(readBuf_p, &ech->innerClientHelloLen);
|
||||
ato16(readBuf_p, &lenCh);
|
||||
ech->innerClientHelloLen = lenCh;
|
||||
readBuf_p += 2;
|
||||
offset += 2;
|
||||
/* Check payload is no bigger than remaining bytes. */
|
||||
|
||||
+31
-10
@@ -3805,6 +3805,7 @@ int EchConfigGetSupportedCipherSuite(WOLFSSL_EchConfig* config)
|
||||
int i = 0;
|
||||
|
||||
if (!wc_HpkeKemIsSupported(config->kemId)) {
|
||||
WOLFSSL_MSG("ECH config: KEM not supported");
|
||||
return WOLFSSL_FATAL_ERROR;
|
||||
}
|
||||
|
||||
@@ -3815,6 +3816,7 @@ int EchConfigGetSupportedCipherSuite(WOLFSSL_EchConfig* config)
|
||||
}
|
||||
}
|
||||
|
||||
WOLFSSL_MSG("ECH config: KDF or AEAD not supported");
|
||||
return WOLFSSL_FATAL_ERROR;
|
||||
}
|
||||
|
||||
@@ -3937,10 +3939,14 @@ static int EchCalcAcceptance(WOLFSSL* ssl, byte* label, word16 labelSz,
|
||||
|
||||
if (isHrr) {
|
||||
/* the transcript hash of ClientHelloInner1 */
|
||||
hashSz = GetMsgHash(ssl, clientHelloInnerHash);
|
||||
if (hashSz > 0) {
|
||||
ret = GetMsgHash(ssl, clientHelloInnerHash);
|
||||
if (ret > 0) {
|
||||
hashSz = ret;
|
||||
ret = 0;
|
||||
}
|
||||
else if (ret == 0) {
|
||||
ret = HASH_TYPE_E;
|
||||
}
|
||||
|
||||
/* restart ECH transcript hash, similar to RestartHandshakeHash but
|
||||
* don't add a cookie */
|
||||
@@ -3980,6 +3986,9 @@ static int EchCalcAcceptance(WOLFSSL* ssl, byte* label, word16 labelSz,
|
||||
if (ret > 0) {
|
||||
ret = 0;
|
||||
}
|
||||
else if (ret == 0) {
|
||||
ret = HASH_TYPE_E;
|
||||
}
|
||||
}
|
||||
|
||||
/* pick the right type and size based on mac_algorithm */
|
||||
@@ -4765,15 +4774,18 @@ int SendTls13ClientHello(WOLFSSL* ssl)
|
||||
|
||||
/* get size for inner */
|
||||
ret = TLSX_GetRequestSize(ssl, client_hello, &args->length);
|
||||
|
||||
/* set the type to outer */
|
||||
args->ech->type = ECH_TYPE_OUTER;
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
|
||||
/* set the type to outer */
|
||||
args->ech->type = 0;
|
||||
/* set innerClientHelloLen to ClientHelloInner + padding + tag */
|
||||
args->ech->paddingLen = 31 - ((args->length - 1) % 32);
|
||||
args->ech->innerClientHelloLen = (word16)(args->length +
|
||||
args->ech->paddingLen + args->ech->hpke->Nt);
|
||||
args->ech->innerClientHelloLen = args->length +
|
||||
args->ech->paddingLen + args->ech->hpke->Nt;
|
||||
if (args->ech->innerClientHelloLen > 0xFFFF)
|
||||
return BUFFER_E;
|
||||
/* set the length back to before we computed ClientHelloInner size */
|
||||
args->length = (word32)args->preXLength;
|
||||
}
|
||||
@@ -4915,8 +4927,10 @@ int SendTls13ClientHello(WOLFSSL* ssl)
|
||||
args->ech->innerClientHello =
|
||||
(byte*)XMALLOC(args->ech->innerClientHelloLen - args->ech->hpke->Nt,
|
||||
ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
if (args->ech->innerClientHello == NULL)
|
||||
if (args->ech->innerClientHello == NULL) {
|
||||
args->ech->type = ECH_TYPE_OUTER;
|
||||
return MEMORY_E;
|
||||
}
|
||||
/* set the padding bytes to 0 */
|
||||
XMEMSET(args->ech->innerClientHello + args->ech->innerClientHelloLen -
|
||||
args->ech->hpke->Nt - args->ech->paddingLen, 0,
|
||||
@@ -4939,8 +4953,10 @@ int SendTls13ClientHello(WOLFSSL* ssl)
|
||||
/* change the outer client random */
|
||||
ret = wc_RNG_GenerateBlock(ssl->rng, args->output +
|
||||
args->clientRandomOffset, RAN_LEN);
|
||||
if (ret != 0)
|
||||
if (ret != 0) {
|
||||
args->ech->type = ECH_TYPE_OUTER;
|
||||
return ret;
|
||||
}
|
||||
/* copy the new client random */
|
||||
XMEMCPY(ssl->arrays->clientRandom, args->output +
|
||||
args->clientRandomOffset, RAN_LEN);
|
||||
@@ -4949,10 +4965,10 @@ int SendTls13ClientHello(WOLFSSL* ssl)
|
||||
ret = TLSX_WriteRequest(ssl, args->ech->innerClientHello + args->idx -
|
||||
(RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ), client_hello,
|
||||
&args->length);
|
||||
/* set the type to outer */
|
||||
args->ech->type = ECH_TYPE_OUTER;
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
/* set the type to outer */
|
||||
args->ech->type = 0;
|
||||
}
|
||||
#endif
|
||||
|
||||
@@ -5707,6 +5723,9 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
|
||||
/* check for acceptConfirmation */
|
||||
if (ssl->echConfigs != NULL && !ssl->options.disableECH) {
|
||||
args->echX = TLSX_Find(ssl->extensions, TLSX_ECH);
|
||||
if (args->echX == NULL || args->echX->data == NULL)
|
||||
return WOLFSSL_FATAL_ERROR;
|
||||
|
||||
/* account for hrr extension instead of server random */
|
||||
if (args->extMsgType == hello_retry_request) {
|
||||
args->acceptOffset =
|
||||
@@ -8815,6 +8834,8 @@ int CreateSigData(WOLFSSL* ssl, byte* sigData, word16* sigDataSz,
|
||||
ret = GetMsgHash(ssl, &sigData[idx]);
|
||||
if (ret < 0)
|
||||
return ret;
|
||||
if (ret == 0)
|
||||
return HASH_TYPE_E;
|
||||
|
||||
*sigDataSz = (word16)(idx + ret);
|
||||
ret = 0;
|
||||
|
||||
Reference in New Issue
Block a user