Merge pull request #10543 from anhu/zeroOnAuthFail

For chachapoly, force zero of output on auth fail
This commit is contained in:
Daniel Pouzzner
2026-06-05 10:55:05 -05:00
committed by GitHub
+3 -1
View File
@@ -465,7 +465,9 @@ static WC_INLINE int wc_XChaCha20Poly1305_crypt_oneshot(
if ((ret = wc_Poly1305Final(&aead->poly, outAuthTag)) < 0)
goto out;
if (ConstantCompare(outAuthTag, src + dst_len, POLY1305_DIGEST_SIZE) != 0) {
if (ConstantCompare(outAuthTag, src + dst_len, POLY1305_DIGEST_SIZE)
!= 0) {
ForceZero(dst, dst_space);
ret = MAC_CMP_FAILED_E;
goto out;
}