fix out-of-order ForceZero()s in wc_HKDF_Extract(), wc_HKDF_Expand(), and wc_SSH_KDF() (fixes 844e961).

Author: douzzer

wolfcrypt/src/hmac.c

@@ -1279,8 +1279,8 @@ int wolfSSL_GetHmacMaxSize(void)
                 ret = wc_HmacUpdate(&myHmac, inKey, inKeySz);
             if (ret == 0)
                 ret = wc_HmacFinal(&myHmac,  out);
-            ForceZero(&myHmac, sizeof(myHmac));
             wc_HmacFree(&myHmac);
+            ForceZero(&myHmac, sizeof(myHmac));
         }
 
         return ret;
@@ -1345,8 +1345,8 @@ int wolfSSL_GetHmacMaxSize(void)
             n++;
         }
 
-        ForceZero(&myHmac, sizeof(myHmac));
         wc_HmacFree(&myHmac);
+        ForceZero(&myHmac, sizeof(myHmac));
 
         return ret;
     }

wolfcrypt/src/kdf.c

@@ -734,8 +734,8 @@ int wc_SSH_KDF(byte hashId, byte keyId, byte* key, word32 keySz,
         }
     }
 
-    ForceZero(&hash, sizeof(hash));
     _HashFree(enmhashId, &hash);
+    ForceZero(&hash, sizeof(hash));
 
     return ret;
 }