small changes:

- better ifdef's in hpke api.c tests
- updated ssl_ech.c to use wc_HpkeKemGetEncLen in both locations
- removed Ndh check in hpke.c, made it inline with the ecc cases

Author: sebastian-carpenter

src/ssl_ech.c

@@ -316,6 +316,7 @@ int GetEchConfig(WOLFSSL_EchConfig* config, byte* output, word32* outputLen)
 {
     int i;
     word16 totalLen = 0;
+    word16 kemEncLen;
     word16 publicNameLen;
 
     if (config == NULL || (output == NULL && outputLen == NULL))
@@ -338,7 +339,10 @@ int GetEchConfig(WOLFSSL_EchConfig* config, byte* output, word32* outputLen)
     totalLen += 2;
 
     /* hpke_pub_key */
-    totalLen += wc_HpkeKemGetEncLen(config->kemId);
+    kemEncLen = wc_HpkeKemGetEncLen(config->kemId);
+    if (kemEncLen == 0)
+        return BAD_FUNC_ARG;
+    totalLen += kemEncLen;
 
     /* cipherSuitesLen */
     totalLen += 2;
@@ -378,38 +382,10 @@ int GetEchConfig(WOLFSSL_EchConfig* config, byte* output, word32* outputLen)
     output += 2;
 
     /* length and key itself */
-    switch (config->kemId) {
-        case DHKEM_P256_HKDF_SHA256:
-            c16toa(DHKEM_P256_ENC_LEN, output);
-            output += 2;
-            XMEMCPY(output, config->receiverPubkey, DHKEM_P256_ENC_LEN);
-            output += DHKEM_P256_ENC_LEN;
-            break;
-        case DHKEM_P384_HKDF_SHA384:
-            c16toa(DHKEM_P384_ENC_LEN, output);
-            output += 2;
-            XMEMCPY(output, config->receiverPubkey, DHKEM_P384_ENC_LEN);
-            output += DHKEM_P384_ENC_LEN;
-            break;
-        case DHKEM_P521_HKDF_SHA512:
-            c16toa(DHKEM_P521_ENC_LEN, output);
-            output += 2;
-            XMEMCPY(output, config->receiverPubkey, DHKEM_P521_ENC_LEN);
-            output += DHKEM_P521_ENC_LEN;
-            break;
-        case DHKEM_X25519_HKDF_SHA256:
-            c16toa(DHKEM_X25519_ENC_LEN, output);
-            output += 2;
-            XMEMCPY(output, config->receiverPubkey, DHKEM_X25519_ENC_LEN);
-            output += DHKEM_X25519_ENC_LEN;
-            break;
-        case DHKEM_X448_HKDF_SHA512:
-            c16toa(DHKEM_X448_ENC_LEN, output);
-            output += 2;
-            XMEMCPY(output, config->receiverPubkey, DHKEM_X448_ENC_LEN);
-            output += DHKEM_X448_ENC_LEN;
-            break;
-    }
+    c16toa(kemEncLen, output);
+    output += 2;
+    XMEMCPY(output, config->receiverPubkey, kemEncLen);
+    output += kemEncLen;
 
     /* cipherSuites len */
     c16toa(config->numCipherSuites * 4, output);

tests/api.c

@@ -14572,22 +14572,24 @@ static int test_wolfSSL_Tls13_ECH_all_algos(void)
     int k;
     static const word16 kems[] = {
 #if defined(HAVE_ECC)
-#if (defined(WOLFSSL_SHA224) || !defined(NO_SHA256))
+#if (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && !defined(NO_SHA256)
         DHKEM_P256_HKDF_SHA256,
 #endif
-#if defined(WOLFSSL_SHA384)
+#if (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)) && \
+    defined(WOLFSSL_SHA384)
         DHKEM_P384_HKDF_SHA384,
 #endif
-#if (defined(WOLFSSL_SHA384) || defined(WOLFSSL_SHA512))
+#if (defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)) && \
+    defined(WOLFSSL_SHA512)
         DHKEM_P521_HKDF_SHA512,
 #endif
 #endif /* HAVE_ECC */
-#if defined(HAVE_CURVE25519) && (defined(WOLFSSL_SHA224) || !defined(NO_SHA256))
+#if defined(HAVE_CURVE25519) && !defined(NO_SHA256)
         DHKEM_X25519_HKDF_SHA256,
 #endif
     };
     static const word16 kdfs[] = {
-#if defined(WOLFSSL_SHA224) || !defined(NO_SHA256)
+#if !defined(NO_SHA256)
         HKDF_SHA256,
 #endif
 #ifdef WOLFSSL_SHA384

wolfcrypt/src/hpke.c

@@ -153,7 +153,12 @@ int wc_HpkeInit(Hpke* hpke, int kem, int kdf, int aead, void* heap)
             hpke->curveId = ECC_SECP256R1;
             hpke->Nsecret = WC_SHA256_DIGEST_SIZE;
             hpke->kemDigest = WC_SHA256;
-            hpke->Ndh = (word32)wc_ecc_get_curve_size_from_id(hpke->curveId);
+            ret = wc_ecc_get_curve_size_from_id(hpke->curveId);
+            if (ret < 0) {
+                break;
+            }
+            hpke->Ndh = (word32)ret;
+            ret = 0;
             hpke->Npk = 1 + hpke->Ndh * 2;
             break;
 #endif
@@ -164,7 +169,12 @@ int wc_HpkeInit(Hpke* hpke, int kem, int kdf, int aead, void* heap)
             hpke->curveId = ECC_SECP384R1;
             hpke->Nsecret = WC_SHA384_DIGEST_SIZE;
             hpke->kemDigest = WC_SHA384;
-            hpke->Ndh = (word32)wc_ecc_get_curve_size_from_id(hpke->curveId);
+            ret = wc_ecc_get_curve_size_from_id(hpke->curveId);
+            if (ret < 0) {
+                break;
+            }
+            hpke->Ndh = (word32)ret;
+            ret = 0;
             hpke->Npk = 1 + hpke->Ndh * 2;
             break;
 #endif
@@ -175,7 +185,12 @@ int wc_HpkeInit(Hpke* hpke, int kem, int kdf, int aead, void* heap)
             hpke->curveId = ECC_SECP521R1;
             hpke->Nsecret = WC_SHA512_DIGEST_SIZE;
             hpke->kemDigest = WC_SHA512;
-            hpke->Ndh = (word32)wc_ecc_get_curve_size_from_id(hpke->curveId);
+            ret = wc_ecc_get_curve_size_from_id(hpke->curveId);
+            if (ret < 0) {
+                break;
+            }
+            hpke->Ndh = (word32)ret;
+            ret = 0;
             hpke->Npk = 1 + hpke->Ndh * 2;
             break;
 #endif
@@ -260,10 +275,6 @@ int wc_HpkeInit(Hpke* hpke, int kem, int kdf, int aead, void* heap)
         }
     }
 
-    if ((int)hpke->Ndh < 0) {
-        return (int)hpke->Ndh;
-    }
-
     return ret;
 }