From 67de2349da968f915c72c929b61a5d1bb76195e4 Mon Sep 17 00:00:00 2001
From: Eric Blankenhorn <eric@wolfssl.com>
Date: Tue, 24 Feb 2026 07:39:17 -0600
Subject: [PATCH 1/4] Add sanity checks in key export

---
 src/ssl.c   | 7 +++++++
 src/tls13.c | 5 +++++
 2 files changed, 12 insertions(+)

diff --git a/src/ssl.c b/src/ssl.c
index 10fd73ca60..ba03ed4418 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -5726,6 +5726,13 @@ int wolfSSL_export_keying_material(WOLFSSL *ssl,
         return WOLFSSL_FAILURE;
     }
 
+    /* Sanity check contextLen to prevent integer overflow when cast to word32
+     * and to ensure it fits in the 2-byte length encoding (max 65535). */
+    if (use_context && contextLen > UINT16_MAX) {
+        WOLFSSL_MSG("contextLen too large");
+        return WOLFSSL_FAILURE;
+    }
+
     /* clientRandom + serverRandom
      * OR
      * clientRandom + serverRandom + ctx len encoding + ctx */
diff --git a/src/tls13.c b/src/tls13.c
index 101b31541a..c1d31c8187 100644
--- a/src/tls13.c
+++ b/src/tls13.c
@@ -1023,6 +1023,11 @@ int Tls13_Exporter(WOLFSSL* ssl, unsigned char *out, size_t outLen,
     if (ret != 0)
         return ret;
 
+    /* Sanity check contextLen to prevent truncation when cast to word32. */
+    if (contextLen > UINT32_MAX) {
+        return BAD_FUNC_ARG;
+    }
+
     /* Hash(context_value) */
     ret = wc_Hash(hashType, context, (word32)contextLen, hashOut, WC_MAX_DIGEST_SIZE);
     if (ret != 0)

From 4f8f11bcba81ceee92ae400c82862ca9a91744aa Mon Sep 17 00:00:00 2001
From: Eric Blankenhorn <eric@wolfssl.com>
Date: Tue, 24 Feb 2026 07:50:44 -0600
Subject: [PATCH 2/4] Add test case

---
 tests/api.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/tests/api.c b/tests/api.c
index 2cdd81c79b..4511b8d37d 100644
--- a/tests/api.c
+++ b/tests/api.c
@@ -24070,6 +24070,11 @@ static int test_export_keying_material_cb(WOLFSSL_CTX *ctx, WOLFSSL *ssl)
             NULL, 0, 0), 0);
     ExpectIntEQ(wolfSSL_export_keying_material(ssl, ekm, sizeof(ekm),
             "key expansion", XSTR_SIZEOF("key expansion"), NULL, 0, 0), 0);
+    /* contextLen overflow: values exceeding UINT16_MAX must be rejected to
+     * prevent integer overflow in seedLen calculation (ZD #21242). */
+    ExpectIntEQ(wolfSSL_export_keying_material(ssl, ekm, sizeof(ekm),
+            "Test label", XSTR_SIZEOF("Test label"), ekm,
+            (size_t)UINT16_MAX + 1, 1), 0);
 
     return EXPECT_RESULT();
 }

From 41ebc92fa5f58aaadd745c2c6cd76eadba610f4e Mon Sep 17 00:00:00 2001
From: Eric Blankenhorn <eric@wolfssl.com>
Date: Tue, 24 Feb 2026 08:02:26 -0600
Subject: [PATCH 3/4] Replace macros from stdint.h with literals to make code
 more generic

---
 src/ssl.c   | 2 +-
 src/tls13.c | 2 +-
 tests/api.c | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/ssl.c b/src/ssl.c
index ba03ed4418..92789e7b3a 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -5728,7 +5728,7 @@ int wolfSSL_export_keying_material(WOLFSSL *ssl,
 
     /* Sanity check contextLen to prevent integer overflow when cast to word32
      * and to ensure it fits in the 2-byte length encoding (max 65535). */
-    if (use_context && contextLen > UINT16_MAX) {
+    if (use_context && contextLen > 0xFFFF) {
         WOLFSSL_MSG("contextLen too large");
         return WOLFSSL_FAILURE;
     }
diff --git a/src/tls13.c b/src/tls13.c
index c1d31c8187..d9e5aebca8 100644
--- a/src/tls13.c
+++ b/src/tls13.c
@@ -1024,7 +1024,7 @@ int Tls13_Exporter(WOLFSSL* ssl, unsigned char *out, size_t outLen,
         return ret;
 
     /* Sanity check contextLen to prevent truncation when cast to word32. */
-    if (contextLen > UINT32_MAX) {
+    if (contextLen > 0xFFFFFFFFU) {
         return BAD_FUNC_ARG;
     }
 
diff --git a/tests/api.c b/tests/api.c
index 4511b8d37d..d8b0677007 100644
--- a/tests/api.c
+++ b/tests/api.c
@@ -24074,7 +24074,7 @@ static int test_export_keying_material_cb(WOLFSSL_CTX *ctx, WOLFSSL *ssl)
      * prevent integer overflow in seedLen calculation (ZD #21242). */
     ExpectIntEQ(wolfSSL_export_keying_material(ssl, ekm, sizeof(ekm),
             "Test label", XSTR_SIZEOF("Test label"), ekm,
-            (size_t)UINT16_MAX + 1, 1), 0);
+            (size_t)0xFFFF + 1, 1), 0);
 
     return EXPECT_RESULT();
 }

From 75b0808fe5886585756cd336e7f873f0130a3073 Mon Sep 17 00:00:00 2001
From: Eric Blankenhorn <eric@wolfssl.com>
Date: Wed, 25 Feb 2026 09:02:55 -0600
Subject: [PATCH 4/4] Update from review

---
 src/ssl.c   | 2 +-
 src/tls13.c | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/ssl.c b/src/ssl.c
index 92789e7b3a..869af20011 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -5728,7 +5728,7 @@ int wolfSSL_export_keying_material(WOLFSSL *ssl,
 
     /* Sanity check contextLen to prevent integer overflow when cast to word32
      * and to ensure it fits in the 2-byte length encoding (max 65535). */
-    if (use_context && contextLen > 0xFFFF) {
+    if (use_context && contextLen > WOLFSSL_MAX_16BIT) {
         WOLFSSL_MSG("contextLen too large");
         return WOLFSSL_FAILURE;
     }
diff --git a/src/tls13.c b/src/tls13.c
index d9e5aebca8..025819bd9f 100644
--- a/src/tls13.c
+++ b/src/tls13.c
@@ -1024,7 +1024,7 @@ int Tls13_Exporter(WOLFSSL* ssl, unsigned char *out, size_t outLen,
         return ret;
 
     /* Sanity check contextLen to prevent truncation when cast to word32. */
-    if (contextLen > 0xFFFFFFFFU) {
+    if (contextLen > WOLFSSL_MAX_32BIT) {
         return BAD_FUNC_ARG;
     }