summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDennis Jackson <djackson@mozilla.com>2022-03-22 14:11:12 +0000
committerDennis Jackson <djackson@mozilla.com>2022-03-22 14:11:12 +0000
commit2f49143ece2fb815d0b3a043b4b1c0035f4f519a (patch)
tree894d705823052062966050c6525b84746514ba1d
parent7b3e935df8f1fe1a4966f5abd06c0cfb76f540d7 (diff)
downloadnss-hg-2f49143ece2fb815d0b3a043b4b1c0035f4f519a.tar.gz
Bug 1755904 - Fix calculation of ECH HRR Transcript. r=mt
Differential Revision: https://phabricator.services.mozilla.com/D140963
-rw-r--r--lib/ssl/tls13ech.c7
1 files changed, 6 insertions, 1 deletions
diff --git a/lib/ssl/tls13ech.c b/lib/ssl/tls13ech.c
index f3f1546ec..76c041a93 100644
--- a/lib/ssl/tls13ech.c
+++ b/lib/ssl/tls13ech.c
@@ -1845,6 +1845,7 @@ tls13_ComputeEchHelloRetryTranscript(sslSocket *ss, const PRUint8 *sh, unsigned
* This segment calculates the hash of the Client Hello
* TODO(djackson@mozilla.com) - Replace with existing function?
* e.g. tls13_ReinjectHandshakeTranscript
+ * TODO(djackson@mozilla.com) - Replace with streaming version
*/
if (!ss->ssl3.hs.helloRetry || !ss->sec.isServer) {
/*
@@ -1912,7 +1913,7 @@ tls13_ComputeEchHelloRetryTranscript(sslSocket *ss, const PRUint8 *sh, unsigned
}
PR_ASSERT(tls13_Debug_CheckXtnBegins(sh + absEchOffset - 4, ssl_tls13_encrypted_client_hello_xtn));
/* The HRR up to the ECH Xtn signal */
- rv = sslBuffer_Append(out, sh, shLen - absEchOffset);
+ rv = sslBuffer_Append(out, sh, absEchOffset);
if (rv != SECSuccess) {
goto loser;
}
@@ -1926,6 +1927,7 @@ tls13_ComputeEchHelloRetryTranscript(sslSocket *ss, const PRUint8 *sh, unsigned
if (rv != SECSuccess) {
goto loser;
}
+ PR_ASSERT(out->len == tls13_GetHashSize(ss) + 4 + shLen + 4);
return SECSuccess;
loser:
sslBuffer_Clear(out);
@@ -1941,6 +1943,9 @@ tls13_ComputeEchServerHelloTranscript(sslSocket *ss, const PRUint8 *sh, unsigned
SSL3_RANDOM_LENGTH - TLS13_ECH_SIGNAL_LEN;
PORT_Assert(sh && shLen > offset);
PORT_Assert(TLS13_ECH_SIGNAL_LEN <= SSL3_RANDOM_LENGTH);
+
+ /* TODO(djackson@mozilla.com) - Replace with streaming version */
+
rv = sslBuffer_AppendBuffer(out, chSource);
if (rv != SECSuccess) {
goto loser;