mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-06 15:50:55 +02:00
Fix TLS 1.3 PQC key share over heap read (ZD 21413)
Validate that the received key share data length (keLen) is at least as large as the expected ciphertext size (ctSz) before passing it to wc_KyberKey_Decapsulate. A malicious TLS 1.3 server could send a short ML-KEM key share.
This commit is contained in:
committed by
JacobBarthelmeh
parent
7aac9e5766
commit
e0421828ff
@@ -9950,6 +9950,10 @@ static int TLSX_KeyShare_ProcessPqcClient_ex(WOLFSSL* ssl,
|
||||
}
|
||||
#endif
|
||||
|
||||
if (ret == 0 && keyShareEntry->keLen < ctSz) {
|
||||
WOLFSSL_MSG("PQC key share data too short for ciphertext.");
|
||||
ret = BUFFER_E;
|
||||
}
|
||||
if (ret == 0) {
|
||||
ret = wc_KyberKey_Decapsulate(kem, ssOutput,
|
||||
keyShareEntry->ke, ctSz);
|
||||
|
||||
Reference in New Issue
Block a user