From 7afcf200774987fcd349663733770d38c1d97292 Mon Sep 17 00:00:00 2001
From: Kareem <kareem@wolfssl.com>
Date: Fri, 19 Sep 2025 11:39:46 -0700
Subject: [PATCH] Fix non constant compare of TLS 1.3 binder, check for
 negative dst_len in wc_XChaCha20Poly1305_crypt_oneshot.

---
 src/tls13.c                       | 3 ++-
 wolfcrypt/src/chacha20_poly1305.c | 2 +-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/tls13.c b/src/tls13.c
index 271701f67..149ed574f 100644
--- a/src/tls13.c
+++ b/src/tls13.c
@@ -6201,7 +6201,8 @@ static int DoPreSharedKeys(WOLFSSL* ssl, const byte* input, word32 inputSz,
         if (ret != 0)
             return ret;
         if (binderLen != current->binderLen ||
-                             XMEMCMP(binder, current->binder, binderLen) != 0) {
+                             ConstantCompare(binder, current->binder,
+                                binderLen) != 0) {
             WOLFSSL_ERROR_VERBOSE(BAD_BINDER);
             return BAD_BINDER;
         }
diff --git a/wolfcrypt/src/chacha20_poly1305.c b/wolfcrypt/src/chacha20_poly1305.c
index d87325de4..7e665b75c 100644
--- a/wolfcrypt/src/chacha20_poly1305.c
+++ b/wolfcrypt/src/chacha20_poly1305.c
@@ -401,7 +401,7 @@ static WC_INLINE int wc_XChaCha20Poly1305_crypt_oneshot(
         goto out;
     }
 
-    if ((long int)dst_space < dst_len) {
+    if (dst_len <= 0 || (long int)dst_space < dst_len) {
         ret = BUFFER_E;
         goto out;
     }