Merge pull request wolfSSL#9142 from SparkiDev/mlkem_dec5_oor_fix

dgarske · web-flow · commit dac80aad5851 · 2025-08-27T07:05:29.000-07:00
ML-KEM/Kyber: fix out of bouds read
diff --git a/.wolfssl_known_macro_extras b/.wolfssl_known_macro_extras
@@ -206,6 +206,7 @@ ENABLE_SECURE_SOCKETS_LOGS
 ESP32
 ESP8266
 ESP_ENABLE_WOLFSSH
+ESP_IDF_VERSION
 ESP_IDF_VERSION_MAJOR
 ESP_IDF_VERSION_MINOR
 ESP_PLATFORM
diff --git a/wolfcrypt/src/wc_mlkem_asm.S b/wolfcrypt/src/wc_mlkem_asm.S
@@ -15779,7 +15779,10 @@ _mlkem_decompress_5_avx2:
         vpmullw	%ymm4, %ymm0, %ymm0
         vpmulhrsw	%ymm1, %ymm0, %ymm0
         vmovdqu	%ymm0, 448(%rdi)
-        vbroadcasti128	150(%rsi), %ymm0
+        vmovq	150(%rsi), %xmm0
+        movzxw	158(%rsi), %rdx
+        vpinsrq	$0x01, %rdx, %xmm0, %xmm0
+        vinserti128	$0x01, %xmm0, %ymm0, %ymm0
         vpshufb	%ymm2, %ymm0, %ymm0
         vpand	%ymm3, %ymm0, %ymm0
         vpmullw	%ymm4, %ymm0, %ymm0
