From f9a0501683166e97a61070b76f819ba39be28a67 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Mon, 13 Dec 2021 16:57:47 +0100
Subject: [PATCH] mbedtls_cipher_check_tag: jump on error for more robustness
 to refactoring

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 library/cipher.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/library/cipher.c b/library/cipher.c
index 0c5bcda66..4ec40d2ca 100644
--- a/library/cipher.c
+++ b/library/cipher.c
@@ -1146,7 +1146,10 @@ int mbedtls_cipher_check_tag( mbedtls_cipher_context_t *ctx,
 
         /* Check the tag in "constant-time" */
         if( mbedtls_ct_memcmp( tag, check_tag, tag_len ) != 0 )
+        {
             ret = MBEDTLS_ERR_CIPHER_AUTH_FAILED;
+            goto exit;
+        }
     }
 #endif /* MBEDTLS_GCM_C */
 
@@ -1166,10 +1169,14 @@ int mbedtls_cipher_check_tag( mbedtls_cipher_context_t *ctx,
 
         /* Check the tag in "constant-time" */
         if( mbedtls_ct_memcmp( tag, check_tag, tag_len ) != 0 )
+        {
             ret = MBEDTLS_ERR_CIPHER_AUTH_FAILED;
+            goto exit;
+        }
     }
 #endif /* MBEDTLS_CHACHAPOLY_C */
 
+exit:
     mbedtls_platform_zeroize( check_tag, tag_len );
     return( ret );
 }