Merge pull request #6805 from jpbland1/ech-hello-retry

Ech hello retry request

Author: SparkiDev

src/internal.c

@@ -7298,7 +7298,7 @@ int InitHandshakeHashesAndCopy(WOLFSSL* ssl, HS_Hashes* source,
 
     /* save the original so we can put it back afterward */
     tmpHashes = ssl->hsHashes;
-    ssl->hsHashes = NULL;
+    ssl->hsHashes = *destination;
 
     ret = InitHandshakeHashes(ssl);
     if (ret != 0) {
@@ -8435,6 +8435,13 @@ void wolfSSL_ResourceFree(WOLFSSL* ssl)
     }
     FreeSuites(ssl);
     FreeHandshakeHashes(ssl);
+#ifdef HAVE_ECH
+    /* try to free the ech hashes in case we errored out */
+    ssl->hsHashes = ssl->hsHashesEch;
+    FreeHandshakeHashes(ssl);
+    ssl->hsHashes = ssl->hsHashesEchInner;
+    FreeHandshakeHashes(ssl);
+#endif
     XFREE(ssl->buffers.domainName.buffer, ssl->heap, DYNAMIC_TYPE_DOMAIN);
 
     /* clear keys struct after session */
@@ -8448,9 +8455,6 @@ void wolfSSL_ResourceFree(WOLFSSL* ssl)
     if (ssl->options.useEch == 1) {
         FreeEchConfigs(ssl->echConfigs, ssl->heap);
         ssl->echConfigs = NULL;
-        /* free the ech specific hashes */
-        ssl->hsHashes = ssl->hsHashesEch;
-        FreeHandshakeHashes(ssl);
         ssl->options.useEch = 0;
     }
 #endif /* HAVE_ECH */

src/ssl.c

@@ -556,7 +556,7 @@ int wolfSSL_SetEchConfigsBase64(WOLFSSL* ssl, char* echConfigs64,
 /* set the ech config from a raw buffer, this is the format ech configs are
  * sent using retry_configs from the ech server */
 int wolfSSL_SetEchConfigs(WOLFSSL* ssl, const byte* echConfigs,
-  word32 echConfigsLen)
+    word32 echConfigsLen)
 {
     int ret = 0;
     int i;
@@ -683,16 +683,17 @@ int wolfSSL_SetEchConfigs(WOLFSSL* ssl, const byte* echConfigs,
                 &workingConfig->cipherSuites[j].aeadId);
         }
         echConfig += cipherSuitesLen;
+        /* ignore the maximum name length */
+        echConfig++;
         /* publicNameLen */
-        ato16(echConfig, &publicNameLen);
+        publicNameLen = *(echConfig);
         workingConfig->publicName = (char*)XMALLOC(publicNameLen + 1,
             ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
         if (workingConfig->publicName == NULL) {
             ret = MEMORY_E;
             break;
         }
-
-        echConfig += 2;
+        echConfig++;
         /* publicName */
         XMEMCPY(workingConfig->publicName, echConfig, publicNameLen);
         /* null terminated */
@@ -869,9 +870,13 @@ int GetEchConfig(WOLFSSL_EchConfig* config, byte* output, word32* outputLen)
         output += 2;
     }
 
+    /* set maximum name length to 0 */
+    *output = 0;
+    output++;
+
     /* publicName len */
-    c16toa(XSTRLEN(config->publicName), output);
-    output += 2;
+    *output = XSTRLEN(config->publicName);
+    output++;
 
     /* publicName */
     XMEMCPY(output, config->publicName,