From b72a2133fc86e55b46886a38dee5a8aef850e49f Mon Sep 17 00:00:00 2001 From: Juliusz Sosinowicz Date: Fri, 3 Apr 2026 09:57:59 +0200 Subject: [PATCH] ForceZero hmac buffer in Tls13IntegrityOnly_Decrypt before return F-1466 --- src/tls13.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/tls13.c b/src/tls13.c index 8bce848a50..2524658153 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -2968,6 +2968,7 @@ static int Tls13IntegrityOnly_Decrypt(WOLFSSL* ssl, byte* output, /* Copy the input to output if not the same buffer */ if (ret == 0 && output != input) XMEMCPY(output, input, sz); + ForceZero(hmac, sizeof(hmac)); return ret; } #endif