wc: ForceZero only sensitive fields in HMAC and SHA-2

Author: rizlik

wolfcrypt/src/hmac.c

@@ -1406,7 +1406,9 @@ void wc_HmacFree(Hmac* hmac)
     HmacFreeHash(hmac->macType, &hmac->o_hash);
 #endif
 
-    ForceZero(hmac, sizeof(*hmac));
+    ForceZero(hmac->ipad, sizeof(hmac->ipad));
+    ForceZero(hmac->opad, sizeof(hmac->opad));
+    ForceZero(hmac->innerHash, sizeof(hmac->innerHash));
 }
 #endif /* WOLFSSL_KCAPI_HMAC */
 

wolfcrypt/src/sha256.c

@@ -2347,7 +2347,19 @@ static WC_INLINE int Transform_Sha256_Len(wc_Sha256* sha256, const byte* data,
     #if defined(PSOC6_HASH_SHA2)
         wc_Psoc6_Sha_Free();
     #endif
+    #if !defined(FREESCALE_LTC_SHA) && \
+        !(defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH)) && \
+        !defined(STM32_HASH_SHA2) && \
+        !defined(WOLFSSL_SILABS_SE_ACCEL) && \
+        !defined(WOLFSSL_IMXRT_DCP) && \
+        !defined(PSOC6_HASH_SHA2)
+        /* PSA compiles out the free function completely */
+        ForceZero(sha224->buffer, sizeof(sha224->buffer));
+        if (sha224->hiLen != 0 || sha224->loLen != 0)
+            ForceZero(sha224->digest, sizeof(sha224->digest));
+    #else
         ForceZero(sha224, sizeof(*sha224));
+    #endif
     }
 #endif /* !defined(WOLFSSL_HAVE_PSA) || defined(WOLFSSL_PSA_NO_HASH)  */
 #endif /*  WOLFSSL_SHA224 */
@@ -2494,7 +2506,19 @@ void wc_Sha256Free(wc_Sha256* sha256)
     wc_Psoc6_Sha_Free();
 #endif
 
+#if !defined(FREESCALE_LTC_SHA) && \
+    !(defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH)) && \
+    !defined(STM32_HASH_SHA2) && \
+    !defined(WOLFSSL_SILABS_SE_ACCEL) && \
+    !defined(WOLFSSL_IMXRT_DCP) && \
+    !defined(PSOC6_HASH_SHA2)
+    /* PSA compiles out the free function completely */
+    ForceZero(sha256->buffer, sizeof(sha256->buffer));
+    if (sha256->hiLen != 0 || sha256->loLen != 0)
+        ForceZero(sha256->digest, sizeof(sha256->digest));
+#else
     ForceZero(sha256, sizeof(*sha256));
+#endif
 } /* wc_Sha256Free */
 
 #endif /* !defined(WOLFSSL_HAVE_PSA) || defined(WOLFSSL_PSA_NO_HASH) */

wolfcrypt/src/sha512.c

@@ -1688,7 +1688,13 @@ void wc_Sha512Free(wc_Sha512* sha512)
     wc_Psoc6_Sha_Free();
 #endif
 
+#if !defined(PSOC6_HASH_SHA2)
+    ForceZero(sha512->buffer, sizeof(sha512->buffer));
+    if (!(sha512->hiLen == 0 && sha512->loLen == 0))
+        ForceZero(sha512->digest, sizeof(sha512->digest));
+#else
     ForceZero(sha512, sizeof(*sha512));
+#endif
 }
 #endif
 
@@ -2176,7 +2182,13 @@ void wc_Sha384Free(wc_Sha384* sha384)
     wc_MXC_TPU_SHA_Free(&(sha384->mxcCtx));
 #endif
 
+#if !defined(PSOC6_HASH_SHA2)
+    ForceZero(sha384->buffer, sizeof(sha384->buffer));
+    if (!(sha384->hiLen == 0 && sha384->loLen == 0))
+        ForceZero(sha384->digest, sizeof(sha384->digest));
+#else
     ForceZero(sha384, sizeof(*sha384));
+#endif
 }
 
 #endif