Merge pull request #10267 from holtrop-wolfssl/rust-chacha20_poly1305-oneshot-buffer-length-check

JacobBarthelmeh · web-flow · commit c6f8e845ee7d · 2026-04-21T16:19:29.000-06:00
Rust wrapper: add buffer size checks in Rust wrapper for ChaCha20_Poly1305 one-shot encrypt/decrypt wrappers
diff --git a/wrapper/rust/wolfssl-wolfcrypt/src/chacha20_poly1305.rs b/wrapper/rust/wolfssl-wolfcrypt/src/chacha20_poly1305.rs
@@ -74,6 +74,9 @@ impl ChaCha20Poly1305 {
         if auth_tag.len() != Self::AUTH_TAG_SIZE {
             return Err(sys::wolfCrypt_ErrorCodes_BUFFER_E);
         }
+        if plaintext.len() < ciphertext.len() {
+            return Err(sys::wolfCrypt_ErrorCodes_BUFFER_E);
+        }
         let aad_size = crate::buffer_len_to_u32(aad.len())?;
         let ciphertext_size = crate::buffer_len_to_u32(ciphertext.len())?;
         let rc = unsafe {
@@ -116,6 +119,9 @@ impl ChaCha20Poly1305 {
         if auth_tag.len() != Self::AUTH_TAG_SIZE {
             return Err(sys::wolfCrypt_ErrorCodes_BUFFER_E);
         }
+        if ciphertext.len() < plaintext.len() {
+            return Err(sys::wolfCrypt_ErrorCodes_BUFFER_E);
+        }
         let aad_size = crate::buffer_len_to_u32(aad.len())?;
         let plaintext_size = crate::buffer_len_to_u32(plaintext.len())?;
         let rc = unsafe {
diff --git a/wrapper/rust/wolfssl-wolfcrypt/tests/test_chacha20_poly1305.rs b/wrapper/rust/wolfssl-wolfcrypt/tests/test_chacha20_poly1305.rs
@@ -1,6 +1,7 @@
 #![cfg(chacha20_poly1305)]
 
 use wolfssl_wolfcrypt::chacha20_poly1305::*;
+use wolfssl_wolfcrypt::sys;
 
 #[test]
 fn test_chacha20_poly1305_1() {
@@ -274,6 +275,34 @@ fn test_xchacha20_poly1305() {
     assert_eq!(plaintext_buffer, PLAINTEXT);
 }
 
+#[test]
+fn test_chacha20_poly1305_encrypt_short_ciphertext_buffer() {
+    let key = [0x55u8; ChaCha20Poly1305::KEYSIZE];
+    let iv = [0x66u8; ChaCha20Poly1305::IV_SIZE];
+    let aad = [];
+    let plaintext = [0u8; 32];
+    let mut ciphertext = [0u8; 16]; /* shorter than plaintext */
+    let mut auth_tag = [0u8; ChaCha20Poly1305::AUTH_TAG_SIZE];
+    let rc = ChaCha20Poly1305::encrypt(&key, &iv, &aad, &plaintext,
+        &mut ciphertext, &mut auth_tag)
+        .expect_err("encrypt() should fail with short ciphertext buffer");
+    assert_eq!(rc, sys::wolfCrypt_ErrorCodes_BUFFER_E);
+}
+
+#[test]
+fn test_chacha20_poly1305_decrypt_short_plaintext_buffer() {
+    let key = [0x55u8; ChaCha20Poly1305::KEYSIZE];
+    let iv = [0x66u8; ChaCha20Poly1305::IV_SIZE];
+    let aad = [];
+    let ciphertext = [0u8; 32];
+    let mut plaintext = [0u8; 16]; /* shorter than ciphertext */
+    let auth_tag = [0u8; ChaCha20Poly1305::AUTH_TAG_SIZE];
+    let rc = ChaCha20Poly1305::decrypt(&key, &iv, &aad, &ciphertext,
+        &auth_tag, &mut plaintext)
+        .expect_err("decrypt() should fail with short plaintext buffer");
+    assert_eq!(rc, sys::wolfCrypt_ErrorCodes_BUFFER_E);
+}
+
 // ---------------------------------------------------------------------------
 // ChaCha20-Poly1305 aead trait implementations
 // ---------------------------------------------------------------------------
