commit aafd1e0924aa21c1d105328bb2a988b61e6294fc
author Dave Rodgman <dave.rodgman@arm.com> Mon Sep 11 12:59:36 2023 +0100
committer Dave Rodgman <dave.rodgman@arm.com> Mon Sep 11 12:59:36 2023 +0100
tree 0a5829b5fadef7c5b0c7d166b3484a6fae9fd059
parent 33fbd373bea54711ce935a376e5e594f85f9d020

Ensure all md_<hash>_finish functions perform zeroization

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>

library/sha1.c

diff --git a/library/sha1.c b/library/sha1.c
index 4c9cbf5..28a57b6 100644
--- a/library/sha1.c
+++ b/library/sha1.c
@@ -322,7 +322,7 @@
         memset(ctx->buffer + used, 0, 64 - used);
 
         if ((ret = mbedtls_internal_sha1_process(ctx, ctx->buffer)) != 0) {
-            return ret;
+            goto exit;
         }
 
         memset(ctx->buffer, 0, 56);
@@ -339,7 +339,7 @@
     MBEDTLS_PUT_UINT32_BE(low,  ctx->buffer, 60);
 
     if ((ret = mbedtls_internal_sha1_process(ctx, ctx->buffer)) != 0) {
-        return ret;
+        goto exit;
     }
 
     /*
@@ -351,7 +351,11 @@
     MBEDTLS_PUT_UINT32_BE(ctx->state[3], output, 12);
     MBEDTLS_PUT_UINT32_BE(ctx->state[4], output, 16);
 
-    return 0;
+    ret = 0;
+
+exit:
+    mbedtls_sha1_free(ctx);
+    return ret;
 }
 
 #endif /* !MBEDTLS_SHA1_ALT */
@@ -382,7 +386,6 @@
 
 exit:
     mbedtls_sha1_free(&ctx);
-
     return ret;
 }