diff --git a/src/libsodium/crypto_aead/aegis128l/aegis128l_common.h b/src/libsodium/crypto_aead/aegis128l/aegis128l_common.h
index 7a130b0c..1683d76f 100644
--- a/src/libsodium/crypto_aead/aegis128l/aegis128l_common.h
+++ b/src/libsodium/crypto_aead/aegis128l/aegis128l_common.h
@@ -32,7 +32,7 @@ aegis128l_init(const uint8_t *key, const uint8_t *nonce, aes_block_t *const stat
     }
 }
 
-static void
+static int
 aegis128l_mac(uint8_t *mac, size_t maclen, size_t adlen, size_t mlen, aes_block_t *const state)
 {
     aes_block_t tmp;
@@ -59,7 +59,9 @@ aegis128l_mac(uint8_t *mac, size_t maclen, size_t adlen, size_t mlen, aes_block_
         AES_BLOCK_STORE(mac + 16, tmp);
     } else {
         memset(mac, 0, maclen);
+        return -1;
     }
+    return 0;
 }
 
 static inline void
@@ -170,9 +172,7 @@ encrypt_detached(uint8_t *c, uint8_t *mac, size_t maclen, const uint8_t *m, size
         memcpy(c + i, dst, mlen % RATE);
     }
 
-    aegis128l_mac(mac, maclen, adlen, mlen, state);
-
-    return 0;
+    return aegis128l_mac(mac, maclen, adlen, mlen, state);
 }
 
 static int
@@ -215,12 +215,13 @@ decrypt_detached(uint8_t *m, const uint8_t *c, size_t clen, const uint8_t *mac,
     }
 
     COMPILER_ASSERT(sizeof computed_mac >= 32);
-    aegis128l_mac(computed_mac, maclen, adlen, mlen, state);
     ret = -1;
-    if (maclen == 16) {
-        ret = crypto_verify_16(computed_mac, mac);
-    } else if (maclen == 32) {
-        ret = crypto_verify_32(computed_mac, mac);
+    if (aegis128l_mac(computed_mac, maclen, adlen, mlen, state) == 0) {
+        if (maclen == 16) {
+            ret = crypto_verify_16(computed_mac, mac);
+        } else if (maclen == 32) {
+            ret = crypto_verify_32(computed_mac, mac);
+        }
     }
     if (ret != 0 && m != NULL) {
         memset(m, 0, mlen);
diff --git a/src/libsodium/crypto_aead/aegis256/aegis256_common.h b/src/libsodium/crypto_aead/aegis256/aegis256_common.h
index 5a486f2c..17c2c415 100644
--- a/src/libsodium/crypto_aead/aegis256/aegis256_common.h
+++ b/src/libsodium/crypto_aead/aegis256/aegis256_common.h
@@ -34,7 +34,7 @@ aegis256_init(const uint8_t *key, const uint8_t *nonce, aes_block_t *const state
     }
 }
 
-static void
+static int
 aegis256_mac(uint8_t *mac, size_t maclen, size_t adlen, size_t mlen, aes_block_t *const state)
 {
     aes_block_t tmp;
@@ -59,7 +59,9 @@ aegis256_mac(uint8_t *mac, size_t maclen, size_t adlen, size_t mlen, aes_block_t
         AES_BLOCK_STORE(mac + 16, tmp);
     } else {
         memset(mac, 0, maclen);
+        return -1;
     }
+    return 0;
 }
 
 static inline void
@@ -155,9 +157,7 @@ encrypt_detached(uint8_t *c, uint8_t *mac, size_t maclen, const uint8_t *m, size
         memcpy(c + i, dst, mlen % RATE);
     }
 
-    aegis256_mac(mac, maclen, adlen, mlen, state);
-
-    return 0;
+    return aegis256_mac(mac, maclen, adlen, mlen, state);
 }
 
 static int
@@ -200,12 +200,13 @@ decrypt_detached(uint8_t *m, const uint8_t *c, size_t clen, const uint8_t *mac,
     }
 
     COMPILER_ASSERT(sizeof computed_mac >= 32);
-    aegis256_mac(computed_mac, maclen, adlen, mlen, state);
     ret = -1;
-    if (maclen == 16) {
-        ret = crypto_verify_16(computed_mac, mac);
-    } else if (maclen == 32) {
-        ret = crypto_verify_32(computed_mac, mac);
+    if (aegis256_mac(computed_mac, maclen, adlen, mlen, state) == 0) {
+        if (maclen == 16) {
+            ret = crypto_verify_16(computed_mac, mac);
+        } else if (maclen == 32) {
+            ret = crypto_verify_32(computed_mac, mac);
+        }
     }
     if (ret != 0 && m != NULL) {
         memset(m, 0, mlen);