[openssl/openssl] 137e5f: SLH-DSA: Fix Integer overflow in msg_encode leadin...
0 views
Skip to first unread message
Shane
Mar 21, 2026, 8:25:42 PM (3 days ago) Mar 21
to openssl...@openssl.org
Branch: refs/heads/openssl-3.6
Home: https://github.com/openssl/openssl
Commit: 137e5fefb2b87c737e9d9224e1bf8ccdd43c5277
https://github.com/openssl/openssl/commit/137e5fefb2b87c737e9d9224e1bf8ccdd43c5277
Author: slontis <shane....@oracle.com>
Date: 2026-03-22 (Sun, 22 Mar 2026)
Changed paths:
M crypto/slh_dsa/slh_dsa.c
Log Message:
-----------
SLH-DSA: Fix Integer overflow in msg_encode leading to buffer overflow
Reported by Zehua Qiao and m...@snkth.com
An encode message buffer M = 00 || CXT_LEN || CTX || MSG was being
allocated followed by memcpy's into the buffer for CTX and MSG.
If len(MSG) was close to size_t the allocated buffer would be
overwritten.
The fix uses WPACKET to perform the message encoding M = 00 || CXT_LEN || CTX || MSG
Although ML_DSA does a similiar operation, SLH-DSA has to buffer the
encoding because the encoded message is processed multiple times for
PRF_MSG and H_MSG. FOr ML_DSA the encoded message can just be hashed.
Fixes: 2f9e152d86a7 "Add SLH_DSA signature verification."
Reviewed-by: Tomas Mraz <to...@openssl.foundation>
Reviewed-by: Matt Caswell <ma...@openssl.foundation>
Reviewed-by: Eugene Syromiatnikov <es...@openssl.org>
MergeDate: Sun Mar 22 00:22:24 2026
(Merged from https://github.com/openssl/openssl/pull/30477)
To unsubscribe from these emails, change your notification settings at https://github.com/openssl/openssl/settings/notifications
Home: https://github.com/openssl/openssl
Commit: 137e5fefb2b87c737e9d9224e1bf8ccdd43c5277
https://github.com/openssl/openssl/commit/137e5fefb2b87c737e9d9224e1bf8ccdd43c5277
Author: slontis <shane....@oracle.com>
Date: 2026-03-22 (Sun, 22 Mar 2026)
Changed paths:
M crypto/slh_dsa/slh_dsa.c
Log Message:
-----------
SLH-DSA: Fix Integer overflow in msg_encode leading to buffer overflow
Reported by Zehua Qiao and m...@snkth.com
An encode message buffer M = 00 || CXT_LEN || CTX || MSG was being
allocated followed by memcpy's into the buffer for CTX and MSG.
If len(MSG) was close to size_t the allocated buffer would be
overwritten.
The fix uses WPACKET to perform the message encoding M = 00 || CXT_LEN || CTX || MSG
Although ML_DSA does a similiar operation, SLH-DSA has to buffer the
encoding because the encoded message is processed multiple times for
PRF_MSG and H_MSG. FOr ML_DSA the encoded message can just be hashed.
Fixes: 2f9e152d86a7 "Add SLH_DSA signature verification."
Reviewed-by: Tomas Mraz <to...@openssl.foundation>
Reviewed-by: Matt Caswell <ma...@openssl.foundation>
Reviewed-by: Eugene Syromiatnikov <es...@openssl.org>
MergeDate: Sun Mar 22 00:22:24 2026
(Merged from https://github.com/openssl/openssl/pull/30477)
To unsubscribe from these emails, change your notification settings at https://github.com/openssl/openssl/settings/notifications
Reply all
Reply to author
Forward
0 new messages