wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-27 03:12:21 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix non constant compare of TLS 1.3 binder, check for negative dst_len in wc_XChaCha20Poly1305_crypt_oneshot.

Browse Source
This commit is contained in:
Kareem
2025-09-19 11:39:46 -07:00
parent b90720c6be
commit 7afcf20077
2 changed files with 3 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/tls13.c
View File

@@ -6201,7 +6201,8 @@ static int DoPreSharedKeys(WOLFSSL* ssl, const byte* input, word32 inputSz,
if (ret != 0)
return ret;
if (binderLen != current->binderLen ||
XMEMCMP(binder, current->binder, binderLen) != 0) {
ConstantCompare(binder, current->binder,
binderLen) != 0) {
WOLFSSL_ERROR_VERBOSE(BAD_BINDER);
return BAD_BINDER;
}

2
wolfcrypt/src/chacha20_poly1305.c
View File

@@ -401,7 +401,7 @@ static WC_INLINE int wc_XChaCha20Poly1305_crypt_oneshot(
goto out;
}
if ((long int)dst_space < dst_len) {
if (dst_len <= 0 || (long int)dst_space < dst_len) {
ret = BUFFER_E;
goto out;
}