From f37c25f9c0ce41e503eb09ba2949652fb32005db Mon Sep 17 00:00:00 2001
From: Daniel Pouzzner <douzzer@wolfssl.com>
Date: Fri, 23 Oct 2020 00:33:48 -0500
Subject: [PATCH] wc_XChaCha20Poly1305_crypt_oneshot(): use ForceZero, not
 XMEMSET(), to safely clear the AEAD state before return.

---
 wolfcrypt/src/chacha20_poly1305.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/wolfcrypt/src/chacha20_poly1305.c b/wolfcrypt/src/chacha20_poly1305.c
index 20827e041..5d55b9208 100644
--- a/wolfcrypt/src/chacha20_poly1305.c
+++ b/wolfcrypt/src/chacha20_poly1305.c
@@ -435,7 +435,8 @@ static WC_INLINE int wc_XChaCha20Poly1305_crypt_oneshot(
 
   out:
 
-    XMEMSET(aead, 0, sizeof *aead);
+    ForceZero(aead, sizeof *aead);
+
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
     XFREE(aead, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif