Add comments explaining ct.len() and ss.len() checks

holtrop-wolfssl · holtrop-wolfssl · commit 4235fa59b63b · 2026-02-26T15:09:12.000-05:00
diff --git a/wrapper/rust/wolfssl-wolfcrypt/src/mlkem.rs b/wrapper/rust/wolfssl-wolfcrypt/src/mlkem.rs
@@ -470,10 +470,13 @@ impl MlKem {
         ss: &mut [u8],
         rng: &mut RNG,
     ) -> Result<(), i32> {
+        // Verify the cipher text length is as expected based on the parameter
+        // set (key type) in use.
         let expected_ct_size = self.cipher_text_size()?;
         if ct.len() != expected_ct_size {
             return Err(sys::wolfCrypt_ErrorCodes_BUFFER_E);
         }
+        // Verify the shared secret length is as expected.
         if ss.len() != Self::SHARED_SECRET_SIZE {
             return Err(sys::wolfCrypt_ErrorCodes_BUFFER_E);
         }
@@ -535,10 +538,13 @@ impl MlKem {
         if rand.len() != Self::ENC_RAND_SIZE {
             return Err(sys::wolfCrypt_ErrorCodes_BUFFER_E);
         }
+        // Verify the cipher text length is as expected based on the parameter
+        // set (key type) in use.
         let expected_ct_size = self.cipher_text_size()?;
         if ct.len() != expected_ct_size {
             return Err(sys::wolfCrypt_ErrorCodes_BUFFER_E);
         }
+        // Verify the shared secret length is as expected.
         if ss.len() != Self::SHARED_SECRET_SIZE {
             return Err(sys::wolfCrypt_ErrorCodes_BUFFER_E);
         }
@@ -598,6 +604,7 @@ impl MlKem {
     /// }
     /// ```
     pub fn decapsulate(&mut self, ss: &mut [u8], ct: &[u8]) -> Result<(), i32> {
+        // Verify the shared secret length is as expected.
         if ss.len() != Self::SHARED_SECRET_SIZE {
             return Err(sys::wolfCrypt_ErrorCodes_BUFFER_E);
         }

Original file line number	Diff line number	Diff line change
`@@ -470,10 +470,13 @@ impl MlKem {`
`470`	`470`	`ss: &mut [u8],`
`471`	`471`	`rng: &mut RNG,`
`472`	`472`	`) -> Result<(), i32> {`
	`473`	`+ // Verify the cipher text length is as expected based on the parameter`
	`474`	`+ // set (key type) in use.`
`473`	`475`	`let expected_ct_size = self.cipher_text_size()?;`
`474`	`476`	`if ct.len() != expected_ct_size {`
`475`	`477`	`return Err(sys::wolfCrypt_ErrorCodes_BUFFER_E);`
`476`	`478`	`}`
	`479`	`+ // Verify the shared secret length is as expected.`
`477`	`480`	`if ss.len() != Self::SHARED_SECRET_SIZE {`
`478`	`481`	`return Err(sys::wolfCrypt_ErrorCodes_BUFFER_E);`
`479`	`482`	`}`
`@@ -535,10 +538,13 @@ impl MlKem {`
`535`	`538`	`if rand.len() != Self::ENC_RAND_SIZE {`
`536`	`539`	`return Err(sys::wolfCrypt_ErrorCodes_BUFFER_E);`
`537`	`540`	`}`
	`541`	`+ // Verify the cipher text length is as expected based on the parameter`
	`542`	`+ // set (key type) in use.`
`538`	`543`	`let expected_ct_size = self.cipher_text_size()?;`
`539`	`544`	`if ct.len() != expected_ct_size {`
`540`	`545`	`return Err(sys::wolfCrypt_ErrorCodes_BUFFER_E);`
`541`	`546`	`}`
	`547`	`+ // Verify the shared secret length is as expected.`
`542`	`548`	`if ss.len() != Self::SHARED_SECRET_SIZE {`
`543`	`549`	`return Err(sys::wolfCrypt_ErrorCodes_BUFFER_E);`
`544`	`550`	`}`
`@@ -598,6 +604,7 @@ impl MlKem {`
`598`	`604`	`/// }`
`599`	`605`	/// ```
`600`	`606`	`pub fn decapsulate(&mut self, ss: &mut [u8], ct: &[u8]) -> Result<(), i32> {`
	`607`	`+ // Verify the shared secret length is as expected.`
`601`	`608`	`if ss.len() != Self::SHARED_SECRET_SIZE {`
`602`	`609`	`return Err(sys::wolfCrypt_ErrorCodes_BUFFER_E);`
`603`	`610`	`}`