Merge pull request wolfSSL#5757 from SparkiDev/enc_err_forcezero_fix

ForceZero fix: encryption fail and not EtM
criteo-forks · Oct 31, 2022 · 502a395 · 502a395
2 parents 0ea0b88 + 4efba8f
commit 502a395
Showing 1 changed file with 10 additions and 2 deletions.
diff --git a/src/internal.c b/src/internal.c
@@ -20813,8 +20813,16 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
             #endif
                 {
                     /* Zeroize plaintext. */
-                    ForceZero(output + args->headerSz,
-                        (word16)(args->size - args->digestSz));
+            #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
+                    if (ssl->options.startedETMWrite) {
+                        ForceZero(output + args->headerSz,
+                            (word16)(args->size - args->digestSz));
+                    }
+                    else
+            #endif
+                    {
+                        ForceZero(output + args->headerSz, (word16)args->size);
+                    }
                 }
                 goto exit_buildmsg;
             }