wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-05 13:44:41 +02:00
Code Issues Packages Projects Releases Wiki Activity

fix writing empty string when sending enc in response

Browse Source 
to an hrr, fix bad getSize for hrr ech, fix using the wrong transcript hash for hrr ech, add new hrr test for ech to api.c
This commit is contained in:
John Bland
2023-09-26 13:24:27 -04:00
parent 167c702b6f
commit bc77f9f466
3 changed files with 45 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
src/tls.c
View File

@@ -11551,8 +11551,8 @@ static int TLSX_ECH_Write(WOLFSSL_ECH* ech, byte msgType, byte* writeBuf,
#endif #endif
} }
else { else {
/* set to emptry string on hrr */ /* write empty string for enc if this isn't our first ech */
if (msgType == hello_retry_request) { if (ech->hpkeContext != NULL) {
XMEMSET(writeBuf_p, 0, ech->encLen); XMEMSET(writeBuf_p, 0, ech->encLen);
} }
else { else {
@@ -11577,7 +11577,7 @@ static int TLSX_ECH_Write(WOLFSSL_ECH* ech, byte msgType, byte* writeBuf,
} }
/* return the size needed for the ech extension */ /* return the size needed for the ech extension */
static int TLSX_ECH_GetSize(WOLFSSL_ECH* ech) static int TLSX_ECH_GetSize(WOLFSSL_ECH* ech, byte msgType)
{ {
int ret; int ret;
word32 size; word32 size;
@@ -11589,6 +11589,9 @@ static int TLSX_ECH_GetSize(WOLFSSL_ECH* ech)
size += GREASE_ECH_SIZE + (size % 32); size += GREASE_ECH_SIZE + (size % 32);
} }
else if (msgType == hello_retry_request) {
size = ECH_ACCEPT_CONFIRMATION_SZ;
}
else if (ech->state == ECH_WRITE_NONE || else if (ech->state == ECH_WRITE_NONE ||
ech->state == ECH_PARSED_INTERNAL) { ech->state == ECH_PARSED_INTERNAL) {
size = 0; size = 0;
@@ -12308,7 +12311,7 @@ static int TLSX_GetSize(TLSX* list, byte* semaphore, byte msgType,
#endif /* WOLFSSL_DTLS_CID */ #endif /* WOLFSSL_DTLS_CID */
#if defined(WOLFSSL_TLS13) && defined(HAVE_ECH) #if defined(WOLFSSL_TLS13) && defined(HAVE_ECH)
case TLSX_ECH: case TLSX_ECH:
length += ECH_GET_SIZE((WOLFSSL_ECH*)extension->data); length += ECH_GET_SIZE((WOLFSSL_ECH*)extension->data, msgType);
break; break;
#endif #endif
default: default:
@@ -13766,6 +13769,10 @@ int TLSX_GetResponseSize(WOLFSSL* ssl, byte msgType, word16* pLength)
#endif #endif
#ifdef WOLFSSL_SEND_HRR_COOKIE #ifdef WOLFSSL_SEND_HRR_COOKIE
TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_COOKIE)); TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_COOKIE));
#endif
#ifdef HAVE_ECH
/* send the special confirmation */
TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_ECH));
#endif #endif
break; break;
#endif #endif
@@ -13907,6 +13914,10 @@ int TLSX_WriteResponse(WOLFSSL *ssl, byte* output, byte msgType, word16* pOffset
/* Write out KeyShare in HelloRetryRequest. */ /* Write out KeyShare in HelloRetryRequest. */
TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE)); TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE));
} }
#endif
#ifdef HAVE_ECH
/* send the special confirmation */
TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_ECH));
#endif #endif
/* Cookie is written below as last extension. */ /* Cookie is written below as last extension. */
break; break;

11
src/tls13.c
View File

@@ -4740,12 +4740,13 @@ static int EchCheckAcceptance(WOLFSSL* ssl, byte* label, word16 labelSz,
XMEMSET(acceptConfirmation, 0, sizeof(acceptConfirmation)); XMEMSET(acceptConfirmation, 0, sizeof(acceptConfirmation));
/* copy ech hashes to accept */ /* copy ech hashes to accept */
ret = InitHandshakeHashesAndCopy(ssl, ssl->hsHashesEch, &acceptHashes); ret = InitHandshakeHashesAndCopy(ssl, ssl->hsHashesEch, &acceptHashes);
if (ret == 0) {
/* swap hsHashes to acceptHashes */ /* swap hsHashes to acceptHashes */
tmpHashes = ssl->hsHashes; tmpHashes = ssl->hsHashes;
ssl->hsHashes = acceptHashes; ssl->hsHashes = acceptHashes;
/* hash up to the last 8 bytes */ /* hash up to the last 8 bytes */
if (ret == 0)
ret = HashRaw(ssl, input, acceptOffset); ret = HashRaw(ssl, input, acceptOffset);
}
/* hash 8 zeros */ /* hash 8 zeros */
if (ret == 0) if (ret == 0)
ret = HashRaw(ssl, zeros, ECH_ACCEPT_CONFIRMATION_SZ); ret = HashRaw(ssl, zeros, ECH_ACCEPT_CONFIRMATION_SZ);
@@ -4866,7 +4867,7 @@ static int EchWriteAcceptance(WOLFSSL* ssl, byte* label, word16 labelSz,
XMEMSET(transcriptEchConf, 0, sizeof(transcriptEchConf)); XMEMSET(transcriptEchConf, 0, sizeof(transcriptEchConf));
XMEMSET(expandLabelPrk, 0, sizeof(expandLabelPrk)); XMEMSET(expandLabelPrk, 0, sizeof(expandLabelPrk));
/* copy ech hashes to accept */ /* copy ech hashes to accept */
ret = InitHandshakeHashesAndCopy(ssl, ssl->hsHashes, &acceptHashes); ret = InitHandshakeHashesAndCopy(ssl, ssl->hsHashesEch, &acceptHashes);
if (ret == 0) { if (ret == 0) {
/* swap hsHashes to acceptHashes */ /* swap hsHashes to acceptHashes */
tmpHashes = ssl->hsHashes; tmpHashes = ssl->hsHashes;
@@ -7253,6 +7254,12 @@ int SendTls13ServerHello(WOLFSSL* ssl, byte extMsgType)
WOLFSSL_START(WC_FUNC_SERVER_HELLO_SEND); WOLFSSL_START(WC_FUNC_SERVER_HELLO_SEND);
WOLFSSL_ENTER("SendTls13ServerHello"); WOLFSSL_ENTER("SendTls13ServerHello");
#ifdef HAVE_ECH
/* copy the hsHashes to hsHashesEch since they will get blown away by hrr */
if (ssl->hsHashesEch == NULL)
InitHandshakeHashesAndCopy(ssl, ssl->hsHashes, &ssl->hsHashesEch);
#endif
/* When ssl->options.dtlsStateful is not set then cookie is calculated in /* When ssl->options.dtlsStateful is not set then cookie is calculated in
* dtls.c */ * dtls.c */
if (extMsgType == hello_retry_request if (extMsgType == hello_retry_request

18
tests/api.c
View File

@@ -36759,7 +36759,7 @@ static int test_wolfSSL_Tls13_ECH_params(void)
return EXPECT_RESULT(); return EXPECT_RESULT();
} }
static int test_wolfSSL_Tls13_ECH(void) static int test_wolfSSL_Tls13_ECH_ex(int hrr)
{ {
EXPECT_DECLS; EXPECT_DECLS;
tcp_ready ready; tcp_ready ready;
@@ -36830,6 +36830,11 @@ static int test_wolfSSL_Tls13_ECH(void)
ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseSNI(ssl, WOLFSSL_SNI_HOST_NAME, ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseSNI(ssl, WOLFSSL_SNI_HOST_NAME,
privateName, privateNameLen)); privateName, privateNameLen));
/* force hello retry request */
if (hrr)
ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_NoKeyShares(ssl));
/* connect like normal */
ExpectIntEQ(wolfSSL_set_fd(ssl, sockfd), WOLFSSL_SUCCESS); ExpectIntEQ(wolfSSL_set_fd(ssl, sockfd), WOLFSSL_SUCCESS);
ExpectIntEQ(wolfSSL_connect(ssl), WOLFSSL_SUCCESS); ExpectIntEQ(wolfSSL_connect(ssl), WOLFSSL_SUCCESS);
ExpectIntEQ(wolfSSL_write(ssl, privateName, privateNameLen), ExpectIntEQ(wolfSSL_write(ssl, privateName, privateNameLen),
@@ -36850,6 +36855,16 @@ static int test_wolfSSL_Tls13_ECH(void)
return EXPECT_RESULT(); return EXPECT_RESULT();
} }
static int test_wolfSSL_Tls13_ECH(void)
{
return test_wolfSSL_Tls13_ECH_ex(0);
}
static int test_wolfSSL_Tls13_ECH_HRR(void)
{
return test_wolfSSL_Tls13_ECH_ex(1);
}
#endif /* HAVE_ECH && WOLFSSL_TLS13 */ #endif /* HAVE_ECH && WOLFSSL_TLS13 */
#if defined(HAVE_IO_TESTS_DEPENDENCIES) && \ #if defined(HAVE_IO_TESTS_DEPENDENCIES) && \
@@ -70072,6 +70087,7 @@ TEST_CASE testCases[] = {
TEST_DECL(test_wolfSSL_Tls13_ECH_params), TEST_DECL(test_wolfSSL_Tls13_ECH_params),
/* Uses Assert in handshake callback. */ /* Uses Assert in handshake callback. */
TEST_DECL(test_wolfSSL_Tls13_ECH), TEST_DECL(test_wolfSSL_Tls13_ECH),
TEST_DECL(test_wolfSSL_Tls13_ECH_HRR),
#endif #endif
TEST_DECL(test_wolfSSL_X509_TLS_version_test_1), TEST_DECL(test_wolfSSL_X509_TLS_version_test_1),