From 2cf1253c5469a6323479401d5fc565f0ca525665 Mon Sep 17 00:00:00 2001
From: Daniel Pouzzner <douzzer@wolfssl.com>
Date: Thu, 18 Dec 2025 15:35:10 -0600
Subject: [PATCH] fix out-of-order ForceZero()s in wc_HKDF_Extract(),
 wc_HKDF_Expand(), and wc_SSH_KDF() (fixes 844e961ff5).

---
 wolfcrypt/src/hmac.c | 4 ++--
 wolfcrypt/src/kdf.c  | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/wolfcrypt/src/hmac.c b/wolfcrypt/src/hmac.c
index 9749a8e33..da3c6c6cc 100644
--- a/wolfcrypt/src/hmac.c
+++ b/wolfcrypt/src/hmac.c
@@ -1279,8 +1279,8 @@ int wolfSSL_GetHmacMaxSize(void)
                 ret = wc_HmacUpdate(&myHmac, inKey, inKeySz);
             if (ret == 0)
                 ret = wc_HmacFinal(&myHmac,  out);
-            ForceZero(&myHmac, sizeof(myHmac));
             wc_HmacFree(&myHmac);
+            ForceZero(&myHmac, sizeof(myHmac));
         }
 
         return ret;
@@ -1345,8 +1345,8 @@ int wolfSSL_GetHmacMaxSize(void)
             n++;
         }
 
-        ForceZero(&myHmac, sizeof(myHmac));
         wc_HmacFree(&myHmac);
+        ForceZero(&myHmac, sizeof(myHmac));
 
         return ret;
     }
diff --git a/wolfcrypt/src/kdf.c b/wolfcrypt/src/kdf.c
index cece18239..4b776e588 100644
--- a/wolfcrypt/src/kdf.c
+++ b/wolfcrypt/src/kdf.c
@@ -734,8 +734,8 @@ int wc_SSH_KDF(byte hashId, byte keyId, byte* key, word32 keySz,
         }
     }
 
-    ForceZero(&hash, sizeof(hash));
     _HashFree(enmhashId, &hash);
+    ForceZero(&hash, sizeof(hash));
 
     return ret;
 }