From b8d9969fa71b630c913aec6dbdaeaff2dee4e975 Mon Sep 17 00:00:00 2001
From: Loup Vaillant <loup@loup-vaillant.fr>
Date: Fri, 3 Nov 2017 12:10:23 +0100
Subject: [PATCH] Forgot to wipe a temporary buffer

---
 src/monocypher.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/monocypher.c b/src/monocypher.c
index 744ac1a..e0389d0 100644
--- a/src/monocypher.c
+++ b/src/monocypher.c
@@ -1695,7 +1695,9 @@ int crypto_unlock_final(crypto_lock_ctx *ctx, const u8 mac[16])
 {
     u8 real_mac[16];
     crypto_lock_final(ctx, real_mac);
-    return crypto_verify16(real_mac, mac);
+    int mismatch = crypto_verify16(real_mac, mac);
+    crypto_wipe(real_mac, 16);
+    return mismatch;
 }
 
 void crypto_aead_lock(u8        mac[16],
-- 
2.47.3