wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-30 10:47:28 +02:00
Code Issues Packages Projects Releases Wiki Activity

stop ech from using a recursive function call

Browse Source 
update bad return value for when retry_configs is returned, add locks around hkdf functions for private key use
This commit is contained in:
John Bland
2023-01-20 18:37:19 -05:00
parent 8d89d4a168
commit d14d29e32a
3 changed files with 48 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/tls.c
View File

@ -10519,7 +10519,9 @@ static int TLSX_ECH_Write(WOLFSSL_ECH* ech, byte* writeBuf, word16* offset)
if (ret != WOLFSSL_SUCCESS) if (ret != WOLFSSL_SUCCESS)
return ret; return ret;
return configsLen; *offset += configsLen;
return 0;
} }
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK

56
src/tls13.c
View File

@ -4633,12 +4633,16 @@ static int EchWriteAcceptance(WOLFSSL* ssl, byte* output,
} }
/* extract clientRandom with a key of all zeros */ /* extract clientRandom with a key of all zeros */
if (ret == 0) if (ret == 0) {
PRIVATE_KEY_UNLOCK();
ret = wc_HKDF_Extract(digestType, zeros, digestSize, ret = wc_HKDF_Extract(digestType, zeros, digestSize,
ssl->arrays->clientRandom, RAN_LEN, expandLabelPrk); ssl->arrays->clientRandom, RAN_LEN, expandLabelPrk);
PRIVATE_KEY_LOCK();
}
/* tls expand with the confirmation label */ /* tls expand with the confirmation label */
if (ret == 0) if (ret == 0) {
PRIVATE_KEY_UNLOCK();
ret = wc_Tls13_HKDF_Expand_Label( ret = wc_Tls13_HKDF_Expand_Label(
output + serverRandomOffset + RAN_LEN - ECH_ACCEPT_CONFIRMATION_SZ, output + serverRandomOffset + RAN_LEN - ECH_ACCEPT_CONFIRMATION_SZ,
ECH_ACCEPT_CONFIRMATION_SZ, ECH_ACCEPT_CONFIRMATION_SZ,
@ -4646,6 +4650,8 @@ static int EchWriteAcceptance(WOLFSSL* ssl, byte* output,
TLS13_PROTOCOL_LABEL_SZ, echAcceptConfirmationLabel, TLS13_PROTOCOL_LABEL_SZ, echAcceptConfirmationLabel,
ECH_ACCEPT_CONFIRMATION_LABEL_SZ, transcriptEchConf, digestSize, ECH_ACCEPT_CONFIRMATION_LABEL_SZ, transcriptEchConf, digestSize,
digestType); digestType);
PRIVATE_KEY_LOCK();
}
if (ret == 0) if (ret == 0)
XMEMCPY(ssl->arrays->serverRandom, output + serverRandomOffset, XMEMCPY(ssl->arrays->serverRandom, output + serverRandomOffset,
@ -6270,7 +6276,6 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
Dch13Args args[1]; Dch13Args args[1];
#endif #endif
#if defined(HAVE_ECH) #if defined(HAVE_ECH)
word32 echInOutIdx;
TLSX* echX = NULL; TLSX* echX = NULL;
#endif #endif
@ -6746,23 +6751,13 @@ exit_dch:
} }
#if defined(HAVE_ECH) #if defined(HAVE_ECH)
/* do the hello again with the inner */ if (ret == 0 && echX != NULL &&
if (echX != NULL && ((WOLFSSL_ECH*)echX->data)->state == ECH_WRITE_NONE) { ((WOLFSSL_ECH*)echX->data)->state == ECH_WRITE_NONE) {
/* reset the idx */
echInOutIdx = args->begin;
/* add the header to the inner hello */ /* add the header to the inner hello */
AddTls13HandShakeHeader(((WOLFSSL_ECH*)echX->data)->innerClientHello, AddTls13HandShakeHeader(((WOLFSSL_ECH*)echX->data)->innerClientHello,
((WOLFSSL_ECH*)echX->data)->innerClientHelloLen, 0, 0, ((WOLFSSL_ECH*)echX->data)->innerClientHelloLen, 0, 0,
client_hello, ssl); client_hello, ssl);
ret = DoTls13ClientHello(ssl,
((WOLFSSL_ECH*)echX->data)->innerClientHello,
&echInOutIdx, ((WOLFSSL_ECH*)echX->data)->innerClientHelloLen);
/* inner hello succeeded, consider this handshake message processed */
if (ret == 0)
*inOutIdx = args->begin + helloSz;
} }
#endif #endif
@ -10830,6 +10825,10 @@ int DoTls13HandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx,
{ {
int ret = 0; int ret = 0;
word32 inIdx = *inOutIdx; word32 inIdx = *inOutIdx;
#if defined(HAVE_ECH)
TLSX* echX = NULL;
word32 echInOutIdx;
#endif
(void)totalSz; (void)totalSz;
@ -10935,7 +10934,34 @@ int DoTls13HandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx,
/* Messages only received by server. */ /* Messages only received by server. */
case client_hello: case client_hello:
WOLFSSL_MSG("processing client hello"); WOLFSSL_MSG("processing client hello");
#if defined(HAVE_ECH)
/* keep the start idx so we can restore it for the inner call */
echInOutIdx = *inOutIdx;
#endif
ret = DoTls13ClientHello(ssl, input, inOutIdx, size); ret = DoTls13ClientHello(ssl, input, inOutIdx, size);
#if defined(HAVE_ECH)
if (ret == 0) {
echX = TLSX_Find(ssl->extensions, TLSX_ECH);
if (echX != NULL &&
((WOLFSSL_ECH*)echX->data)->state == ECH_WRITE_NONE) {
/* reset the inOutIdx to the outer start */
*inOutIdx = echInOutIdx;
/* call again with the inner hello */
ret = DoTls13ClientHello(ssl,
((WOLFSSL_ECH*)echX->data)->innerClientHello,
&echInOutIdx,
((WOLFSSL_ECH*)echX->data)->innerClientHelloLen);
/* if the inner ech parsed successfully we have sucessfully
* handled the hello and can skip the whole message */
if (ret == 0)
*inOutIdx += size;
}
}
#endif /* HAVE_ECH */
break; break;
#ifdef WOLFSSL_EARLY_DATA #ifdef WOLFSSL_EARLY_DATA

4
wolfcrypt/src/hpke.c
View File

@ -501,8 +501,10 @@ static int wc_HpkeLabeledExtract(Hpke* hpke, byte* suite_id,
} }
/* call extract */ /* call extract */
PRIVATE_KEY_UNLOCK();
ret = wc_HKDF_Extract(hpke->kdf_digest, salt, salt_len, labeled_ikm, ret = wc_HKDF_Extract(hpke->kdf_digest, salt, salt_len, labeled_ikm,
(word32)(size_t)(labeled_ikm_p - labeled_ikm), out); (word32)(size_t)(labeled_ikm_p - labeled_ikm), out);
PRIVATE_KEY_LOCK();
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
XFREE(labeled_ikm, hpke->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(labeled_ikm, hpke->heap, DYNAMIC_TYPE_TMP_BUFFER);
@ -559,10 +561,12 @@ static int wc_HpkeLabeledExpand(Hpke* hpke, byte* suite_id, word32 suite_id_len,
labeled_info_p += infoSz; labeled_info_p += infoSz;
/* call expand */ /* call expand */
PRIVATE_KEY_UNLOCK();
ret = wc_HKDF_Expand(hpke->kdf_digest, ret = wc_HKDF_Expand(hpke->kdf_digest,
prk, prk_len, prk, prk_len,
labeled_info, (word32)(size_t)(labeled_info_p - labeled_info), labeled_info, (word32)(size_t)(labeled_info_p - labeled_info),
out, L); out, L);
PRIVATE_KEY_LOCK();
} }
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK