From 721d935013700f3ab76be062dc5b592304395db6 Mon Sep 17 00:00:00 2001 From: Paul Adelsbach Date: Mon, 11 May 2026 12:45:54 -0700 Subject: [PATCH 1/2] Add size check in wh_Client_Curve25519SharedSecret --- src/wh_client_crypto.c | 31 +++++++++++++++++++++++++------ 1 file changed, 25 insertions(+), 6 deletions(-) diff --git a/src/wh_client_crypto.c b/src/wh_client_crypto.c index 89b5a3649..b5cc2f4d9 100644 --- a/src/wh_client_crypto.c +++ b/src/wh_client_crypto.c @@ -2826,14 +2826,33 @@ int wh_Client_Curve25519SharedSecret(whClientContext* ctx, /* wolfCrypt allows positive error codes on success in some * scenarios */ if (ret >= 0) { - if (out_size != NULL) { + uint8_t* res_out = (uint8_t*)(res + 1); + const size_t hdr_sz = + sizeof(whMessageCrypto_GenericResponseHeader) + + sizeof(*res); + /* Defensive bound: res->sz must fit within the actual + * received frame */ + if (res_len < hdr_sz || + res->sz > (res_len - hdr_sz)) { + ret = WH_ERROR_ABORTED; + } + else if ((out != NULL) && (out_size != NULL) && + (res->sz > *out_size)) { + /* Output buffer too small. Report required size and + * fail rather than silently truncating X25519 key + * material. */ *out_size = res->sz; + ret = WH_ERROR_BUFFER_SIZE; } - if (out != NULL) { - uint8_t* res_out = (uint8_t*)(res + 1); - memcpy(out, res_out, res->sz); - WH_DEBUG_VERBOSE_HEXDUMP("[client] X25519:", res_out, - res->sz); + else { + if (out_size != NULL) { + *out_size = res->sz; + } + if ((out != NULL) && (res->sz > 0)) { + memcpy(out, res_out, res->sz); + WH_DEBUG_VERBOSE_HEXDUMP("[client] X25519:", + res_out, res->sz); + } } } } From 4e292e36e61da6f9c48464c7c8400742c14937dc Mon Sep 17 00:00:00 2001 From: Paul Adelsbach Date: Mon, 11 May 2026 17:27:21 -0700 Subject: [PATCH 2/2] Adjust to look more like ECDH --- src/wh_client_crypto.c | 25 +++++++++++-------------- 1 file changed, 11 insertions(+), 14 deletions(-) diff --git a/src/wh_client_crypto.c b/src/wh_client_crypto.c index b5cc2f4d9..02c031cdc 100644 --- a/src/wh_client_crypto.c +++ b/src/wh_client_crypto.c @@ -2832,23 +2832,20 @@ int wh_Client_Curve25519SharedSecret(whClientContext* ctx, sizeof(*res); /* Defensive bound: res->sz must fit within the actual * received frame */ - if (res_len < hdr_sz || - res->sz > (res_len - hdr_sz)) { + if (res_len < hdr_sz || res->sz > (res_len - hdr_sz)) { ret = WH_ERROR_ABORTED; } - else if ((out != NULL) && (out_size != NULL) && - (res->sz > *out_size)) { - /* Output buffer too small. Report required size and - * fail rather than silently truncating X25519 key - * material. */ - *out_size = res->sz; - ret = WH_ERROR_BUFFER_SIZE; - } - else { - if (out_size != NULL) { - *out_size = res->sz; + if (out_size != NULL) { + if ((ret >= 0) && + (out != NULL) && (res->sz > *out_size)) { + /* Output buffer too small. Report required size + * and fail rather than silently truncating + * X25519 key material. */ + ret = WH_ERROR_BUFFER_SIZE; } - if ((out != NULL) && (res->sz > 0)) { + /* Give caller the required size, even on failure */ + *out_size = res->sz; + if ((ret >= 0) && (out != NULL) && (res->sz > 0)) { memcpy(out, res_out, res->sz); WH_DEBUG_VERBOSE_HEXDUMP("[client] X25519:", res_out, res->sz);