Ensure all md_<hash>_finish functions perform zeroization Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>

commit: aafd1e0924aa21c1d105328bb2a988b61e6294fc [log] [tgz]
author: Dave Rodgman <dave.rodgman@arm.com> Mon Sep 11 12:59:36 2023 +0100
committer: Dave Rodgman <dave.rodgman@arm.com> Mon Sep 11 12:59:36 2023 +0100
tree: 0a5829b5fadef7c5b0c7d166b3484a6fae9fd059
parent: 33fbd373bea54711ce935a376e5e594f85f9d020 [diff] [blame]
diff --git a/library/sha512.c b/library/sha512.c
index 5ed920b..a91d792 100644
--- a/library/sha512.c
+++ b/library/sha512.c

@@ -844,7 +844,7 @@
         memset(ctx->buffer + used, 0, SHA512_BLOCK_SIZE - used);
 
         if ((ret = mbedtls_internal_sha512_process(ctx, ctx->buffer)) != 0) {
-            return ret;
+            goto exit;
         }
 
         memset(ctx->buffer, 0, 112);
@@ -861,7 +861,7 @@
     sha512_put_uint64_be(low,  ctx->buffer, 120);
 
     if ((ret = mbedtls_internal_sha512_process(ctx, ctx->buffer)) != 0) {
-        return ret;
+        goto exit;
     }
 
     /*
@@ -883,7 +883,11 @@
         sha512_put_uint64_be(ctx->state[7], output, 56);
     }
 
-    return 0;
+    ret = 0;
+
+exit:
+    mbedtls_sha512_free(ctx);
+    return ret;
 }
 
 #endif /* !MBEDTLS_SHA512_ALT */
commit	aafd1e0924aa21c1d105328bb2a988b61e6294fc	[log] [tgz]
author	Dave Rodgman <dave.rodgman@arm.com>	Mon Sep 11 12:59:36 2023 +0100
committer	Dave Rodgman <dave.rodgman@arm.com>	Mon Sep 11 12:59:36 2023 +0100
tree	0a5829b5fadef7c5b0c7d166b3484a6fae9fd059
parent	33fbd373bea54711ce935a376e5e594f85f9d020 [diff] [blame]