From 768525c20fd9efaf89b856d2513e877c9f737ab9 Mon Sep 17 00:00:00 2001 From: Kareem Date: Wed, 22 Apr 2026 14:51:00 -0700 Subject: [PATCH] Code review feedback. --- src/internal.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/src/internal.c b/src/internal.c index 3117cac054..19bd6b6e03 100644 --- a/src/internal.c +++ b/src/internal.c @@ -33932,7 +33932,7 @@ int SendClientKeyExchange(WOLFSSL* ssl) if (esSz > MAX_PSK_ID_LEN) { ERROR_OUT(CLIENT_ID_ERROR, exit_scke); } - if (esSz > MAX_ENCRYPT_SZ - OPAQUE16_LEN) { + if (esSz > MAX_ENCRYPT_SZ - (2 * OPAQUE16_LEN)) { ERROR_OUT(CLIENT_ID_ERROR, exit_scke); } /* CLIENT: Pre-shared Key for peer authentication. */ @@ -33949,7 +33949,7 @@ int SendClientKeyExchange(WOLFSSL* ssl) args->output += OPAQUE16_LEN; XMEMCPY(args->output, ssl->arrays->client_identity, esSz); args->output += esSz; - args->length = args->encSz - esSz - OPAQUE16_LEN; + args->length = args->encSz - esSz - (2 * OPAQUE16_LEN); args->encSz = esSz + OPAQUE16_LEN; CHECK_RET(ret, AllocKey(ssl, DYNAMIC_TYPE_DH, @@ -33986,7 +33986,7 @@ int SendClientKeyExchange(WOLFSSL* ssl) if (esSz > MAX_PSK_ID_LEN) { ERROR_OUT(CLIENT_ID_ERROR, exit_scke); } - if (esSz > MAX_ENCRYPT_SZ - OPAQUE16_LEN) { + if (esSz > MAX_ENCRYPT_SZ - OPAQUE16_LEN - OPAQUE8_LEN) { ERROR_OUT(CLIENT_ID_ERROR, exit_scke); } /* CLIENT: Pre-shared Key for peer authentication. */ @@ -33998,7 +33998,8 @@ int SendClientKeyExchange(WOLFSSL* ssl) XMEMCPY(args->output, ssl->arrays->client_identity, esSz); args->output += esSz; - args->length = args->encSz - esSz - OPAQUE16_LEN; + args->length = + args->encSz - esSz - OPAQUE16_LEN - OPAQUE8_LEN; args->encSz = esSz + OPAQUE16_LEN; /* Create shared ECC key leaving room at the beginning