From 47a24d7b90bdac9493320731d801ad221be24c49 Mon Sep 17 00:00:00 2001 From: sebastian-carpenter Date: Thu, 12 Mar 2026 14:20:30 -0600 Subject: [PATCH] minor coverity fixes for tls ech --- src/tls13.c | 40 ++++++++++++++++++++++------------------ tests/api.c | 3 ++- wolfcrypt/src/hpke.c | 13 ++++--------- 3 files changed, 28 insertions(+), 28 deletions(-) diff --git a/src/tls13.c b/src/tls13.c index 0401b83e036..27d1ec0c3fa 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -5094,10 +5094,10 @@ static int EchCheckAcceptance(WOLFSSL* ssl, byte* label, word16 labelSz, ret = EchCalcAcceptance(ssl, label, labelSz, input, acceptOffset, helloSz, msgType == hello_retry_request, acceptConfirmation); - tmpHashes = ssl->hsHashes; - ssl->hsHashes = ssl->hsHashesEch; - if (ret == 0) { + tmpHashes = ssl->hsHashes; + ssl->hsHashes = ssl->hsHashesEch; + /* last 8 bytes must match the expand output */ ret = ConstantCompare(acceptConfirmation, input + acceptOffset, ECH_ACCEPT_CONFIRMATION_SZ); @@ -5126,9 +5126,10 @@ static int EchCheckAcceptance(WOLFSSL* ssl, byte* label, word16 labelSz, FreeHandshakeHashes(ssl); ssl->hsHashesEch = NULL; } + + ssl->hsHashes = tmpHashes; } - ssl->hsHashes = tmpHashes; return ret; } #endif /* HAVE_ECH */ @@ -6806,25 +6807,28 @@ static int EchWriteAcceptance(WOLFSSL* ssl, byte* label, word16 labelSz, helloSz - headerSz, msgType == hello_retry_request, output + acceptOffset); - tmpHashes = ssl->hsHashes; - ssl->hsHashes = ssl->hsHashesEch; + if (ret == 0) { + tmpHashes = ssl->hsHashes; + ssl->hsHashes = ssl->hsHashesEch; - /* after HRR, hsHashesEch must contain: - * message_hash(ClientHelloInner1) || HRR (actual, not zeros) */ - if (ret == 0 && msgType == hello_retry_request) { - ret = HashRaw(ssl, output, helloSz); - } - /* normal TLS code will calculate transcript of ServerHello */ - else if (ret == 0) { - ssl->options.echAccepted = 1; + /* after HRR, hsHashesEch must contain: + * message_hash(ClientHelloInner1) || HRR (actual, not zeros) */ + if (msgType == hello_retry_request) { + ret = HashRaw(ssl, output, helloSz); + } + /* normal TLS code will calculate transcript of ServerHello */ + else { + ssl->options.echAccepted = 1; + + ssl->hsHashes = tmpHashes; + FreeHandshakeHashes(ssl); + tmpHashes = ssl->hsHashesEch; + ssl->hsHashesEch = NULL; + } ssl->hsHashes = tmpHashes; - FreeHandshakeHashes(ssl); - tmpHashes = ssl->hsHashesEch; - ssl->hsHashesEch = NULL; } - ssl->hsHashes = tmpHashes; return ret; } #endif diff --git a/tests/api.c b/tests/api.c index b6037309da1..bf1437fbb44 100644 --- a/tests/api.c +++ b/tests/api.c @@ -13818,7 +13818,8 @@ static THREAD_RETURN WOLFSSL_THREAD server_task_ech(void* args) if (callbacks->ctx_ready) callbacks->ctx_ready(ctx); - AssertNotNull(ssl = wolfSSL_new(ctx)); + ssl = wolfSSL_new(ctx); + AssertNotNull(ssl); /* set the sni for the server */ AssertIntEQ(WOLFSSL_SUCCESS, diff --git a/wolfcrypt/src/hpke.c b/wolfcrypt/src/hpke.c index 86b740c9d02..056796c8783 100644 --- a/wolfcrypt/src/hpke.c +++ b/wolfcrypt/src/hpke.c @@ -472,7 +472,7 @@ static int wc_HpkeLabeledExtract(Hpke* hpke, byte* suite_id, } /* check that sum of len's will not overflow */ - remaining = MAX_HPKE_LABEL_SZ; + remaining = (word32)MAX_HPKE_LABEL_SZ; if ((word32)HPKE_VERSION_STR_LEN > remaining) { return BUFFER_E; } @@ -541,16 +541,11 @@ static int wc_HpkeLabeledExpand(Hpke* hpke, byte* suite_id, word32 suite_id_len, } /* check that sum of len's will not overflow */ - remaining = MAX_HPKE_LABEL_SZ; - if (2U > remaining){ + remaining = (word32)MAX_HPKE_LABEL_SZ; + if (2U + (word32)HPKE_VERSION_STR_LEN > remaining) { return BUFFER_E; } - remaining -= 2U; - - if ((word32)HPKE_VERSION_STR_LEN > remaining) { - return BUFFER_E; - } - remaining -= (word32)HPKE_VERSION_STR_LEN; + remaining -= 2U + (word32)HPKE_VERSION_STR_LEN; if (suite_id_len > remaining) { return BUFFER_E;