Merge pull request #6998 from SparkiDev/tls_pad_no_hash_raw_fix

JacobBarthelmeh · web-flow · commit 36015e913154 · 2023-11-27T09:37:57.000-07:00
TLS_hmac: when no raw hash, make sure maxSz is not neg
diff --git a/src/tls.c b/src/tls.c
@@ -1139,6 +1139,8 @@ static int Hmac_UpdateFinal(Hmac* hmac, byte* digest, const byte* in,
     msgSz &= ~(0 - (msgSz >> 31));
     realSz = WOLFSSL_TLS_HMAC_INNER_SZ + msgSz;
     maxSz = WOLFSSL_TLS_HMAC_INNER_SZ + (sz - 1) - macSz;
+    /* Make negative result 0 */
+    maxSz &= ~(0 - (maxSz >> 31));
 
     /* Calculate #blocks processed in HMAC for max and real data. */
     blocks      = maxSz >> blockBits;
