From cd74298c83446e026b55acce557c7d4eca8a4fa1 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Mon, 13 Dec 2021 16:57:47 +0100
Subject: [PATCH] mbedtls_cipher_check_tag: jump on error for more robustness
 to refactoring

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 library/cipher.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/library/cipher.c b/library/cipher.c
index 70f2d006d6..03e84c6c85 100644
--- a/library/cipher.c
+++ b/library/cipher.c
@@ -1201,7 +1201,10 @@ int mbedtls_cipher_check_tag( mbedtls_cipher_context_t *ctx,
 
         /* Check the tag in "constant-time" */
         if( mbedtls_ct_memcmp( tag, check_tag, tag_len ) != 0 )
+        {
             ret = MBEDTLS_ERR_CIPHER_AUTH_FAILED;
+            goto exit;
+        }
     }
 #endif /* MBEDTLS_GCM_C */
 
@@ -1221,10 +1224,14 @@ int mbedtls_cipher_check_tag( mbedtls_cipher_context_t *ctx,
 
         /* Check the tag in "constant-time" */
         if( mbedtls_ct_memcmp( tag, check_tag, tag_len ) != 0 )
+        {
             ret = MBEDTLS_ERR_CIPHER_AUTH_FAILED;
+            goto exit;
+        }
     }
 #endif /* MBEDTLS_CHACHAPOLY_C */
 
+exit:
     mbedtls_platform_zeroize( check_tag, tag_len );
     return( ret );
 }