Merge pull request #9823 from embhorn/zd21242

Add sanity checks in key export
This commit is contained in:
JacobBarthelmeh
2026-02-25 14:38:46 -07:00
committed by GitHub
3 changed files with 17 additions and 0 deletions
+7
View File
@@ -5726,6 +5726,13 @@ int wolfSSL_export_keying_material(WOLFSSL *ssl,
return WOLFSSL_FAILURE;
}
/* Sanity check contextLen to prevent integer overflow when cast to word32
* and to ensure it fits in the 2-byte length encoding (max 65535). */
if (use_context && contextLen > WOLFSSL_MAX_16BIT) {
WOLFSSL_MSG("contextLen too large");
return WOLFSSL_FAILURE;
}
/* clientRandom + serverRandom
* OR
* clientRandom + serverRandom + ctx len encoding + ctx */
+5
View File
@@ -1023,6 +1023,11 @@ int Tls13_Exporter(WOLFSSL* ssl, unsigned char *out, size_t outLen,
if (ret != 0)
return ret;
/* Sanity check contextLen to prevent truncation when cast to word32. */
if (contextLen > WOLFSSL_MAX_32BIT) {
return BAD_FUNC_ARG;
}
/* Hash(context_value) */
ret = wc_Hash(hashType, context, (word32)contextLen, hashOut, WC_MAX_DIGEST_SIZE);
if (ret != 0)
+5
View File
@@ -24124,6 +24124,11 @@ static int test_export_keying_material_cb(WOLFSSL_CTX *ctx, WOLFSSL *ssl)
NULL, 0, 0), 0);
ExpectIntEQ(wolfSSL_export_keying_material(ssl, ekm, sizeof(ekm),
"key expansion", XSTR_SIZEOF("key expansion"), NULL, 0, 0), 0);
/* contextLen overflow: values exceeding UINT16_MAX must be rejected to
* prevent integer overflow in seedLen calculation (ZD #21242). */
ExpectIntEQ(wolfSSL_export_keying_material(ssl, ekm, sizeof(ekm),
"Test label", XSTR_SIZEOF("Test label"), ekm,
(size_t)0xFFFF + 1, 1), 0);
return EXPECT_RESULT();
}