From 6b9de280ceb38c84e3e3486697b51df90472315e Mon Sep 17 00:00:00 2001
From: Matt Borland <matt@mattborland.com>
Date: Fri, 22 Nov 2024 14:06:01 -0500
Subject: [PATCH 1/3] Add destroy for HMAC drbg

---
 include/boost/crypt/drbg/detail/hmac_drbg.hpp | 14 ++++++++++++++
 test/test_hmac_drbg.cpp                       |  2 ++
 2 files changed, 16 insertions(+)

diff --git a/include/boost/crypt/drbg/detail/hmac_drbg.hpp b/include/boost/crypt/drbg/detail/hmac_drbg.hpp
index 1d5ae7d7..b9bff8e7 100644
--- a/include/boost/crypt/drbg/detail/hmac_drbg.hpp
+++ b/include/boost/crypt/drbg/detail/hmac_drbg.hpp
@@ -71,6 +71,10 @@ class hmac_drbg
 
     BOOST_CRYPT_GPU_ENABLED constexpr hmac_drbg() = default;
 
+    #ifdef BOOST_CRYPT_HAS_CXX20_CONSTEXPR
+    BOOST_CRYPT_GPU_ENABLED constexpr ~hmac_drbg() noexcept { destroy(); }
+    #endif
+
     template <typename ForwardIter1, typename ForwardIter2, typename ForwardIter3 = const boost::crypt::uint8_t*>
     BOOST_CRYPT_GPU_ENABLED constexpr auto init(ForwardIter1 entropy, boost::crypt::size_t entropy_size,
                                                 ForwardIter2 nonce = nullptr, boost::crypt::size_t nonce_size = 0,
@@ -143,8 +147,18 @@ class hmac_drbg
     template <typename Container1, typename Container2, typename Container3>
     BOOST_CRYPT_GPU_ENABLED constexpr auto generate(Container1& data, const Container2& additional_data_1, const Container3& additional_data_2) noexcept -> state;
 
+    BOOST_CRYPT_GPU_ENABLED constexpr auto destroy() noexcept;
 };
 
+template <typename HMACType, boost::crypt::size_t max_hasher_security, boost::crypt::size_t outlen, bool prediction_resistance>
+constexpr auto hmac_drbg<HMACType, max_hasher_security, outlen, prediction_resistance>::destroy() noexcept
+{
+    key_.fill(0x00);
+    value_.fill(0x00);
+    reseed_counter_ = 0U;
+    initialized_ = false;
+}
+
 template <typename HMACType, boost::crypt::size_t max_hasher_security, boost::crypt::size_t outlen, bool prediction_resistance>
 template <typename ForwardIter1, typename ForwardIter2, typename ForwardIter3>
 constexpr auto hmac_drbg<HMACType, max_hasher_security, outlen, prediction_resistance>::generate(
diff --git a/test/test_hmac_drbg.cpp b/test/test_hmac_drbg.cpp
index 805fb72c..54b65d78 100644
--- a/test/test_hmac_drbg.cpp
+++ b/test/test_hmac_drbg.cpp
@@ -206,6 +206,8 @@ void sha1_pr()
 
     #endif
     #endif
+
+    rng.destroy();
 }
 
 int main()

From 311b08723427a109174ee6cc5b99e16a8d3becb4 Mon Sep 17 00:00:00 2001
From: Matt Borland <matt@mattborland.com>
Date: Fri, 22 Nov 2024 14:17:45 -0500
Subject: [PATCH 2/3] Add destroy to hasher bases

---
 include/boost/crypt/hash/detail/hasher_base_512.hpp | 7 +++++++
 include/boost/crypt/hash/detail/sha3_base.hpp       | 6 ++++++
 include/boost/crypt/hash/detail/sha512_base.hpp     | 7 +++++++
 test/test_sha3_224.cpp                              | 2 ++
 4 files changed, 22 insertions(+)

diff --git a/include/boost/crypt/hash/detail/hasher_base_512.hpp b/include/boost/crypt/hash/detail/hasher_base_512.hpp
index b033e88d..d322947c 100644
--- a/include/boost/crypt/hash/detail/hasher_base_512.hpp
+++ b/include/boost/crypt/hash/detail/hasher_base_512.hpp
@@ -62,6 +62,10 @@ class hasher_base_512
 
     BOOST_CRYPT_GPU_ENABLED constexpr auto base_init() noexcept -> void;
 
+    #ifdef BOOST_CRYPT_HAS_CXX20_CONSTEXPR
+    BOOST_CRYPT_GPU_ENABLED constexpr ~hasher_base_512() noexcept { destroy(); }
+    #endif
+
     template <typename ByteType>
     BOOST_CRYPT_GPU_ENABLED constexpr auto process_byte(ByteType byte) noexcept -> state;
 
@@ -101,11 +105,14 @@ class hasher_base_512
     #endif // BOOST_CRYPT_HAS_CUDA
 
     BOOST_CRYPT_GPU_ENABLED constexpr auto get_base_digest() noexcept -> return_type;
+
+    BOOST_CRYPT_GPU_ENABLED constexpr auto destroy() noexcept -> void { base_init(); };
 };
 
 template <boost::crypt::size_t digest_size, boost::crypt::size_t intermediate_hash_size, typename Derived>
 BOOST_CRYPT_GPU_ENABLED constexpr auto hasher_base_512<digest_size, intermediate_hash_size, Derived>::base_init() noexcept -> void
 {
+    intermediate_hash_.fill(0);
     buffer_.fill(0);
     buffer_index_ = 0U;
     low_ = 0U;
diff --git a/include/boost/crypt/hash/detail/sha3_base.hpp b/include/boost/crypt/hash/detail/sha3_base.hpp
index a6fd9c53..0774fc49 100644
--- a/include/boost/crypt/hash/detail/sha3_base.hpp
+++ b/include/boost/crypt/hash/detail/sha3_base.hpp
@@ -65,6 +65,10 @@ class sha3_base
 
     BOOST_CRYPT_GPU_ENABLED constexpr sha3_base() noexcept { init(); };
 
+    #ifdef BOOST_CRYPT_HAS_CXX20_CONSTEXPR
+    BOOST_CRYPT_GPU_ENABLED constexpr ~sha3_base() noexcept { destroy(); }
+    #endif
+
     BOOST_CRYPT_GPU_ENABLED constexpr auto init() noexcept -> void;
 
     template <typename ByteType>
@@ -112,6 +116,8 @@ class sha3_base
 
     template <typename Container>
     BOOST_CRYPT_GPU_ENABLED constexpr auto get_digest(Container& container) noexcept -> boost::crypt::size_t;
+
+    BOOST_CRYPT_GPU_ENABLED constexpr auto destroy() noexcept -> void { init(); }
 };
 
 template <boost::crypt::size_t digest_size, bool is_xof>
diff --git a/include/boost/crypt/hash/detail/sha512_base.hpp b/include/boost/crypt/hash/detail/sha512_base.hpp
index c05b2673..689bba67 100644
--- a/include/boost/crypt/hash/detail/sha512_base.hpp
+++ b/include/boost/crypt/hash/detail/sha512_base.hpp
@@ -75,6 +75,10 @@ class sha512_base final
 
     BOOST_CRYPT_GPU_ENABLED constexpr sha512_base() noexcept { init(); }
 
+    #ifdef BOOST_CRYPT_HAS_CXX20_CONSTEXPR
+    BOOST_CRYPT_GPU_ENABLED constexpr ~sha512_base() noexcept { destroy(); }
+    #endif
+
     BOOST_CRYPT_GPU_ENABLED constexpr auto init() noexcept -> void;
 
     template <typename ByteType>
@@ -116,6 +120,8 @@ class sha512_base final
     #endif // BOOST_CRYPT_HAS_CUDA
 
     BOOST_CRYPT_GPU_ENABLED constexpr auto get_digest() noexcept -> return_type;
+
+    BOOST_CRYPT_GPU_ENABLED constexpr auto destroy() noexcept -> void { init(); }
 };
 
 template <boost::crypt::size_t digest_size>
@@ -574,6 +580,7 @@ constexpr auto sha512_base<digest_size>::init(const integral_constant<boost::cry
 template <boost::crypt::size_t digest_size>
 constexpr auto sha512_base<digest_size>::init() noexcept -> void
 {
+    intermediate_hash_.fill(0);
     buffer_.fill(0);
     buffer_index_ = 0U;
     low_ = 0U;
diff --git a/test/test_sha3_224.cpp b/test/test_sha3_224.cpp
index f227a3ec..d2f88afb 100644
--- a/test/test_sha3_224.cpp
+++ b/test/test_sha3_224.cpp
@@ -175,6 +175,8 @@ void test_class()
 
         hasher.init();
     }
+
+    hasher.destroy();
 }
 
 template <typename T>

From 16897c11cfc97554d9c70242efc6899977188b69 Mon Sep 17 00:00:00 2001
From: Matt Borland <matt@mattborland.com>
Date: Fri, 22 Nov 2024 14:17:58 -0500
Subject: [PATCH 3/3] Add destroy to hmac

---
 include/boost/crypt/mac/hmac.hpp | 18 ++++++++++++++++++
 test/test_hmac.cpp               |  2 ++
 2 files changed, 20 insertions(+)

diff --git a/include/boost/crypt/mac/hmac.hpp b/include/boost/crypt/mac/hmac.hpp
index febc5177..bcbbc104 100644
--- a/include/boost/crypt/mac/hmac.hpp
+++ b/include/boost/crypt/mac/hmac.hpp
@@ -38,6 +38,10 @@ class hmac
 
     BOOST_CRYPT_GPU_ENABLED constexpr hmac() noexcept = default;
 
+    #ifdef BOOST_CRYPT_HAS_CXX20_CONSTEXPR
+    BOOST_CRYPT_GPU_ENABLED constexpr ~hmac() noexcept { destroy(); }
+    #endif
+
     template <typename ForwardIter>
     BOOST_CRYPT_GPU_ENABLED constexpr hmac(ForwardIter key, boost::crypt::size_t size) noexcept { init(key, size); }
 
@@ -67,8 +71,22 @@ class hmac
     BOOST_CRYPT_GPU_ENABLED constexpr auto get_outer_key() noexcept -> key_type;
 
     BOOST_CRYPT_GPU_ENABLED constexpr auto get_inner_key() noexcept -> key_type;
+
+    BOOST_CRYPT_GPU_ENABLED constexpr auto destroy() noexcept -> void;
 };
 
+template <typename HasherType>
+constexpr auto hmac<HasherType>::destroy() noexcept -> void
+{
+    inner_key_.fill(0x00);
+    outer_key_.fill(0x00);
+    inner_hash_.destroy();
+    outer_hash_.destroy();
+    initialized_ = false;
+    computed_ = false;
+    corrupted_ = false;
+}
+
 template <typename HasherType>
 constexpr auto hmac<HasherType>::get_inner_key() noexcept -> key_type
 {
diff --git a/test/test_hmac.cpp b/test/test_hmac.cpp
index 8988a279..65d2bfb5 100644
--- a/test/test_hmac.cpp
+++ b/test/test_hmac.cpp
@@ -79,6 +79,8 @@ void basic_tests()
             BOOST_TEST_EQ(res[i], soln[i]);
         }
     }
+
+    hmac_tester.destroy();
 }
 
 template <typename HasherType>