git.ipfire.org Git - thirdparty/openssl.git/commit

author	slontis <shane.lontis@oracle.com>
	Tue, 17 Mar 2026 23:16:44 +0000 (10:16 +1100)
committer	Eugene Syromiatnikov <esyr@openssl.org>
	Sun, 22 Mar 2026 00:19:23 +0000 (01:19 +0100)
commit	8aab98d553b6fb67a473a700a1e7635ac8f2ee21
tree	25f3f260f28de3006f040397575deb4a5485c9a9	tree \| snapshot
parent	3d7d8ef21761d004d6b4313f11b9ea24273818fc	commit \| diff

SLH-DSA: Fix Integer overflow in msg_encode leading to buffer overflow

Reported by Zehua Qiao and me@snkth.com

An encode message buffer M = 00 || CXT_LEN || CTX || MSG was being
allocated followed by memcpy's into the buffer for CTX and MSG.
If len(MSG) was close to size_t the allocated buffer would be
overwritten.

The fix uses WPACKET to perform the message encoding M = 00 || CXT_LEN || CTX || MSG

Although ML_DSA does a similiar operation, SLH-DSA has to buffer the
encoding because the encoded message is processed multiple times for
PRF_MSG and H_MSG. FOr ML_DSA the encoded message can just be hashed.

Fixes: 2f9e152d86a7 "Add SLH_DSA signature verification."
Reviewed-by: Tomas Mraz <tomas@openssl.foundation>
Reviewed-by: Matt Caswell <matt@openssl.foundation>
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
MergeDate: Sun Mar 22 00:19:24 2026
(Merged from https://github.com/openssl/openssl/pull/30477)