alg-gost3411-2012-hmac.c: Safely clear the context state.

1 files changed, 15 insertions, 0 deletions

diff --git a/lib/alg-gost3411-2012-hmac.c b/lib/alg-gost3411-2012-hmac.c
index 45001d2..beb2eb4 100644
--- a/lib/alg-gost3411-2012-hmac.c
+++ b/lib/alg-gost3411-2012-hmac.c
@@ -29,9 +29,15 @@ void
 gost_hash256 (const uint8_t *t, size_t n, uint8_t *out32,
               GOST34112012Context *ctx)
 {
+  /* Clear the context state. */
+  explicit_bzero (ctx, sizeof (GOST34112012Context));
+
   GOST34112012Init (ctx, GOSTR3411_2012_BITS);
   GOST34112012Update (ctx, t, n);
   GOST34112012Final (ctx, out32);
+
+  /* Clear the context state. */
+  explicit_bzero (ctx, sizeof (GOST34112012Context));
 }
 
 /* HMAC_GOSTR3411_2012_256 */
@@ -41,6 +47,9 @@ gost_hmac256 (const uint8_t *k, size_t n, const uint8_t *t, size_t len,
 {
   size_t i;
 
+  /* Clear the context state. */
+  explicit_bzero (gostbuf, sizeof (gost_hmac_256_t));
+
   /* R 50.1.113-2016 only allowed N to be in range 256..512 bits */
   assert (n >= GOSTR3411_2012_L && n <= GOSTR3411_2012_B);
 
@@ -57,6 +66,9 @@ gost_hmac256 (const uint8_t *k, size_t n, const uint8_t *t, size_t len,
   GOST34112012Update (&gostbuf->ctx, t, len);
   GOST34112012Final (&gostbuf->ctx, gostbuf->digest);
 
+  /* Clear the context state. */
+  explicit_bzero (&gostbuf->ctx, sizeof (GOST34112012Context));
+
   GOST34112012Init (&gostbuf->ctx, GOSTR3411_2012_BITS);
 
   for (i = 0; i < sizeof (gostbuf->pad); i++)
@@ -67,6 +79,9 @@ gost_hmac256 (const uint8_t *k, size_t n, const uint8_t *t, size_t len,
   GOST34112012Update (&gostbuf->ctx, gostbuf->digest,
                       sizeof (gostbuf->digest));
   GOST34112012Final (&gostbuf->ctx, out32);
+
+  /* Clear the context state. */
+  explicit_bzero (gostbuf, sizeof (gost_hmac_256_t));
 }
 
 #endif /* INCLUDE_gost_yescrypt */