Add sz check to ChachaAEADDecrypt to prevent potential underflow.

Thanks to Zou Dikai for the report.

Author: kareem-wolfssl

src/internal.c

@@ -20000,10 +20000,15 @@ int ChachaAEADDecrypt(WOLFSSL* ssl, byte* plain, const byte* input,
     byte tag[POLY1305_AUTH_SZ];
     byte poly[CHACHA20_256_KEY_SIZE]; /* generated key for mac */
     int ret    = 0;
-    int msgLen = (sz - ssl->specs.aead_mac_size);
+    int msgLen = 0;
     Keys* keys = &ssl->keys;
     byte* seq = NULL;
 
+    if (sz < ssl->specs.aead_mac_size) {
+        return BAD_FUNC_ARG;
+    }
+    msgLen = (sz - ssl->specs.aead_mac_size);
+
     #ifdef CHACHA_AEAD_TEST
        int i;
        printf("input before decrypt :\n");