@@ -33900,7 +33900,8 @@ int SendClientKeyExchange(WOLFSSL* ssl)
3390033900 /* Ensure the buffer is null-terminated. */
3390133901 ssl->arrays->client_identity[MAX_PSK_ID_LEN] = '\0';
3390233902 args->encSz = (word32)XSTRLEN(ssl->arrays->client_identity);
33903- if (args->encSz > MAX_PSK_ID_LEN) {
33903+ if (args->encSz > MAX_PSK_ID_LEN ||
33904+ args->encSz > MAX_ENCRYPT_SZ) {
3390433905 ERROR_OUT(CLIENT_ID_ERROR, exit_scke);
3390533906 }
3390633907 XMEMCPY(args->encSecret, ssl->arrays->client_identity,
@@ -33931,6 +33932,9 @@ int SendClientKeyExchange(WOLFSSL* ssl)
3393133932 if (esSz > MAX_PSK_ID_LEN) {
3393233933 ERROR_OUT(CLIENT_ID_ERROR, exit_scke);
3393333934 }
33935+ if (esSz > MAX_ENCRYPT_SZ - OPAQUE16_LEN) {
33936+ ERROR_OUT(CLIENT_ID_ERROR, exit_scke);
33937+ }
3393433938 /* CLIENT: Pre-shared Key for peer authentication. */
3393533939 ssl->options.peerAuthGood = 1;
3393633940
@@ -33982,6 +33986,9 @@ int SendClientKeyExchange(WOLFSSL* ssl)
3398233986 if (esSz > MAX_PSK_ID_LEN) {
3398333987 ERROR_OUT(CLIENT_ID_ERROR, exit_scke);
3398433988 }
33989+ if (esSz > MAX_ENCRYPT_SZ - OPAQUE16_LEN) {
33990+ ERROR_OUT(CLIENT_ID_ERROR, exit_scke);
33991+ }
3398533992 /* CLIENT: Pre-shared Key for peer authentication. */
3398633993 ssl->options.peerAuthGood = 1;
3398733994
@@ -33990,10 +33997,9 @@ int SendClientKeyExchange(WOLFSSL* ssl)
3399033997 args->output += OPAQUE16_LEN;
3399133998 XMEMCPY(args->output, ssl->arrays->client_identity, esSz);
3399233999 args->output += esSz;
33993- args->encSz = esSz + OPAQUE16_LEN;
3399434000
33995- /* length is used for public key size */
33996- args->length = MAX_ENCRYPT_SZ ;
34001+ args-> length = args->encSz - esSz - OPAQUE16_LEN;
34002+ args->encSz = esSz + OPAQUE16_LEN ;
3399734003
3399834004 /* Create shared ECC key leaving room at the beginning
3399934005 * of buffer for size of shared key. */
0 commit comments