wolfssl icon indicating copy to clipboard operation
wolfssl copied to clipboard

Published 20 hours ago verified publisher icon wolfSSL

Fix PQC and hybrid certificate regressions

Open Frauschi opened this issue 1 year ago • 3 comments

Hi all,

Due to recent changes in the logic to decode private keys and to parse the TLS1.3 CertificateVerify message, some regressions regarding PQC private keys and hybrid certificates have been introduced:

  • Decoding PQC private keys failed, as the PKCS8 header of a decoded DER file is now already removed before parsing the key.
  • The key size wasn't properly stored in the context for PQC keys after decoding a certificate (always the maximum size)
  • The two 16-bit size values in case of a hybrid signature in the CertificateVerify message have been incorrectly decoded as 32-bit values instead of 16-bit values. This resulted in wrong values, leading to segmentation faults.

All three regressions are fixed with the changes in this commit.

Frauschi avatar May 23 '24 14:05 Frauschi

Can one of the admins verify this patch?

wolfSSL-Bot avatar May 23 '24 14:05 wolfSSL-Bot

Thanks @Frauschi. Okay to test. Contributor agreement on file.

dgarske avatar May 23 '24 14:05 dgarske

@anhu please regression test this PR #7576 and #7577 ?

dgarske avatar May 23 '24 17:05 dgarske

Tested. Works as expected.

anhu avatar May 23 '24 18:05 anhu