mac compare in chacha-poly AEAD and remove unneeded null check

src/internal.c

@@ -217,6 +217,7 @@ static INLINE void c16toa(word16 u16, byte* c)
     c[1] =  u16 & 0xff;
 }
 
+static int ConstantCompare(const byte* a, const byte* b, int length);
 
 #if !defined(NO_OLD_TLS) || defined(HAVE_CHACHA) || defined(HAVE_AESCCM) \
     || defined(HAVE_AESGCM)
@@ -5532,7 +5533,6 @@ static int ChachaAEADDecrypt(WOLFSSL* ssl, byte* plain, const byte* input,
 	byte nonce[AEAD_NONCE_SZ];
 	byte tag[POLY1305_AUTH_SZ];
 	byte cipher[CHACHA20_256_KEY_SIZE]; /* generated key for mac */
-    int i;
 	int ret = 0;
 
 	XMEMSET(tag, 0, sizeof(tag));
@@ -5541,6 +5541,7 @@ static int ChachaAEADDecrypt(WOLFSSL* ssl, byte* plain, const byte* input,
 	XMEMSET(additional, 0, CHACHA20_BLOCK_SIZE);
 
     #ifdef CHACHA_AEAD_TEST
+       int i;
 	   printf("input before decrypt :\n");
 	    for (i = 0; i < sz; i++) {
 	       printf("%02x", input[i]);
@@ -5597,13 +5598,8 @@ static int ChachaAEADDecrypt(WOLFSSL* ssl, byte* plain, const byte* input,
 	}
 
 	/* check mac sent along with packet */
-	ret = 0;
-	for (i = 0; i <  ssl->specs.aead_mac_size; i++) {
-	    if ((input + sz - ssl->specs.aead_mac_size)[i] != tag[i])
-	        ret = 1;
-	}
-	
-	if (ret == 1) {
+    if (ConstantCompare(input + sz - ssl->specs.aead_mac_size, tag,
+                ssl->specs.aead_mac_size) != 0) {
 	    WOLFSSL_MSG("Mac did not match");
 	    SendAlert(ssl, alert_fatal, bad_record_mac);
 	    ForceZero(nonce, AEAD_NONCE_SZ);

wolfcrypt/src/ecc25519.c

@@ -150,9 +150,6 @@ int wc_ecc25519_shared_secret(ecc25519_key* private_key, ecc25519_key* public_ke
             outlen == NULL)
         return BAD_FUNC_ARG;
 
-    if (private_key->k.point == NULL || public_key->p.point == NULL)
-        return BAD_FUNC_ARG;
-
     /* avoid implementation fingerprinting */
     if (public_key->p.point[0] > 0x7F)
         return ECC_BAD_ARG_E;