better errors when setting ech configs

sebastian-carpenter · sebastian-carpenter · commit 10515904c087 · 2026-04-17T11:34:09.000-06:00
diff --git a/src/ssl_ech.c b/src/ssl_ech.c
@@ -513,6 +513,7 @@ int SetEchConfigsEx(WOLFSSL_EchConfig** outputConfigs, void* heap,
     const byte* echConfigs, word32 echConfigsLen)
 {
     int ret = 0;
+    int unsupportedAlgos = 0;
     word32 configIdx;
     word32 idx;
     int j;
@@ -704,6 +705,7 @@ int SetEchConfigsEx(WOLFSSL_EchConfig** outputConfigs, void* heap,
          * config and then try to parse another */
         if (ret > 0 || EchConfigGetSupportedCipherSuite(workingConfig) < 0) {
             ret = 0;
+            unsupportedAlgos = 1;
             XFREE(workingConfig->cipherSuites, heap, DYNAMIC_TYPE_TMP_BUFFER);
             XFREE(workingConfig->publicName, heap, DYNAMIC_TYPE_TMP_BUFFER);
             XFREE(workingConfig->raw, heap, DYNAMIC_TYPE_TMP_BUFFER);
@@ -739,8 +741,11 @@ int SetEchConfigsEx(WOLFSSL_EchConfig** outputConfigs, void* heap,
         XFREE(lastConfig, heap, DYNAMIC_TYPE_TMP_BUFFER);
     }
 
+    /* syntactically correct but configs are not supported */
+    if (ret == 0 && unsupportedAlgos)
+        return UNSUPPORTED_SUITE;
     if (ret == 0)
-        return WOLFSSL_FATAL_ERROR;
+        return UNSUPPORTED_PROTO_VERSION;
 
     return ret;
 }
diff --git a/src/tls.c b/src/tls.c
@@ -14364,6 +14364,10 @@ static int TLSX_ECH_Parse(WOLFSSL* ssl, const byte* readBuf, word16 size,
         }
 
         ret = SetRetryConfigs(ssl, readBuf, (word32)size);
+        if (ret == UNSUPPORTED_SUITE || ret == UNSUPPORTED_PROTO_VERSION) {
+            WOLFSSL_ERROR_VERBOSE(ret);
+            ret = 0;
+        }
 
         if (ssl->echConfigs == NULL) {
             /* on GREASE connection configs must be checked syntactically and
@@ -16301,8 +16305,7 @@ static int TLSX_GetSizeWithEch(WOLFSSL* ssl, byte* semaphore, byte msgType,
     WC_ALLOC_VAR_EX(serverName, char, WOLFSSL_HOST_NAME_MAX, NULL,
                     DYNAMIC_TYPE_TMP_BUFFER, return MEMORY_E);
     r = TLSX_EchChangeSNI(ssl, &echX, serverName, &serverNameX, &extensions);
-    /* If ECH won't be written (mirrors guard in TLSX_WriteWithEch), exclude it
-     * from the size calculation to avoid a size/write mismatch */
+    /* If ECH won't be written exclude it from the size calculation */
     if (r == 0 && echX != NULL &&
             !ssl->options.echAccepted &&
             ((WOLFSSL_ECH*)echX->data)->innerCount != 0) {
diff --git a/tests/api.c b/tests/api.c
@@ -14383,6 +14383,8 @@ static int test_wolfSSL_Tls13_ECH_params_b64(void)
 #if !defined(NO_WOLFSSL_CLIENT)
     /* base64 ech configs from cloudflare-ech.com (these are good configs) */
     const char* b64Valid = "AEX+DQBBFAAgACBuAoQI8+liEVYQbXKBDeVgTmF2rfXuKO2knhwrN7jgTgAEAAEAAQASY2xvdWRmbGFyZS1lY2guY29tAAA=";
+    /* ech configs with bad version */
+    const char* b64BadVers = "AEX+/gBBFAAgACBuAoQI8+liEVYQbXKBDeVgTmF2rfXuKO2knhwrN7jgTgAEAAEAAQASY2xvdWRmbGFyZS1lY2guY29tAAA=";
     /* ech configs with bad/unsupported algorithm */
     const char* b64BadAlgo = "AEX+DQBBFP7+ACBuAoQI8+liEVYQbXKBDeVgTmF2rfXuKO2knhwrN7jgTgAEAAEAAQASY2xvdWRmbGFyZS1lY2guY29tAAA=";
     /* ech configs with bad/unsupported ciphersuite */
@@ -14420,16 +14422,22 @@ static int test_wolfSSL_Tls13_ECH_params_b64(void)
     ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_SetEchConfigsBase64(ssl,
         b64Valid, 0));
 
+    /* bad version */
+    ExpectIntEQ(UNSUPPORTED_PROTO_VERSION, wolfSSL_CTX_SetEchConfigsBase64(ctx,
+        b64BadVers, (word32)XSTRLEN(b64BadVers)));
+    ExpectIntEQ(UNSUPPORTED_PROTO_VERSION, wolfSSL_SetEchConfigsBase64(ssl,
+        b64BadVers, (word32)XSTRLEN(b64BadVers)));
+
     /* bad algorithm */
-    ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetEchConfigsBase64(ctx,
+    ExpectIntEQ(UNSUPPORTED_SUITE, wolfSSL_CTX_SetEchConfigsBase64(ctx,
         b64BadAlgo, (word32)XSTRLEN(b64BadAlgo)));
-    ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_SetEchConfigsBase64(ssl,
+    ExpectIntEQ(UNSUPPORTED_SUITE, wolfSSL_SetEchConfigsBase64(ssl,
         b64BadAlgo, (word32)XSTRLEN(b64BadAlgo)));
 
     /* bad ciphersuite */
-    ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetEchConfigsBase64(ctx,
+    ExpectIntEQ(UNSUPPORTED_SUITE, wolfSSL_CTX_SetEchConfigsBase64(ctx,
         b64BadCiph, (word32)XSTRLEN(b64BadCiph)));
-    ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_SetEchConfigsBase64(ssl,
+    ExpectIntEQ(UNSUPPORTED_SUITE, wolfSSL_SetEchConfigsBase64(ssl,
         b64BadCiph, (word32)XSTRLEN(b64BadCiph)));
 
     /* unrecognized mandatory extension */
