Merge pull request #10125 from kareem-wolfssl/zd21521

Add sz check to ChachaAEADDecrypt to prevent potential underflow.
This commit is contained in:
Daniel Pouzzner
2026-04-06 18:23:25 -05:00
committed by GitHub
+6 -1
View File
@@ -20014,10 +20014,15 @@ int ChachaAEADDecrypt(WOLFSSL* ssl, byte* plain, const byte* input,
byte tag[POLY1305_AUTH_SZ];
byte poly[CHACHA20_256_KEY_SIZE]; /* generated key for mac */
int ret = 0;
int msgLen = (sz - ssl->specs.aead_mac_size);
int msgLen = 0;
Keys* keys = &ssl->keys;
byte* seq = NULL;
if (sz < ssl->specs.aead_mac_size) {
return BAD_FUNC_ARG;
}
msgLen = (sz - ssl->specs.aead_mac_size);
#ifdef CHACHA_AEAD_TEST
int i;
printf("input before decrypt :\n");