Hardening in TLSX_KeyShare_ProcessPqcHybridClient

[embhorn]

Description

Set pointer to NULL to prevent double free with a malformed ECDH key.

Fixes zd21704

Testing

Added test_tls13_pqc_hybrid_malformed_ecdh

Checklist

• added tests
• updated/added doxygen
• updated appropriate READMEs
• Updated manual and documentation

[Copilot]

Pull request overview

Hardens TLS 1.3 PQC-hybrid KeyShare client processing to avoid a double-free / UAF when the ECDH portion of a hybrid key share is malformed, and adds a regression test to cover the failure mode described in zd21704.

Changes:

• Clear keyShareEntry->key after non-async/non-pending hybrid ECDH processing to prevent cleanup code from freeing an already-freed key pointer.
• Add test_tls13_pqc_hybrid_malformed_ecdh to exercise the malformed-ECDH-but-correctly-sized hybrid key_share path.
• Register the new test in the TLS 1.3 API test list.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated no comments.

File	Description
src/tls.c	Clears keyShareEntry->key on non-pending return from inner ECDH processing to prevent double-free/UAF during later cleanup.
tests/api/test_tls13.c	Adds a crafted ServerHello test case with a malformed X9.63 ECC point inside a correctly-sized PQC-hybrid key_share.
tests/api/test_tls13.h	Declares and registers the new TLS 1.3 PQC-hybrid malformed-ECDH test.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[github-actions]

MemBrowse Memory Report

No memory changes detected for:

• gcc-arm-cortex-m4
• gcc-arm-cortex-m4-baremetal
• gcc-arm-cortex-m4-min-ecc
• gcc-arm-cortex-m4-tls12

[wolfSSL-Fenrir-bot]

Fenrir Automated Review — PR #10327

Scan targets checked: wolfssl-bugs, wolfssl-src

Findings: 1
1 finding(s) posted as inline comments (see file-level comments below)

This review was generated automatically by Fenrir. Findings are non-blocking.