add guard for integer underflow in DecryptTls13

This commit is contained in:
Ruby Martin
2026-03-25 10:22:10 -06:00
parent 7efc962d04
commit 50448ef7c6
+5 -1
View File
@@ -2966,11 +2966,15 @@ int DecryptTls13(WOLFSSL* ssl, byte* output, const byte* input, word16 sz,
const byte* aad, word16 aadSz)
{
int ret = 0;
word16 dataSz = sz - ssl->specs.aead_mac_size;
word16 dataSz;
word16 macSz = ssl->specs.aead_mac_size;
word32 nonceSz = 0;
WOLFSSL_ENTER("DecryptTls13");
if (sz < ssl->specs.aead_mac_size) {
return BAD_FUNC_ARG;
}
dataSz = sz - ssl->specs.aead_mac_size;
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
ret = tsip_Tls13AesDecrypt(ssl, output, input, sz);