Context doesn't get cleaned up after being used

[rilysh]

Hello, The finalizing function of hash algorithms doesn't clean up their previously used buffers, as a result, anyone is able to read the data from the context. This is a bad thing as if it's being used to create private hashes, it might be possible that someone can snoop the context and retrieve the hash later.

A small solution would be purging everything with explicit memset function after calling the final function, and only keeping the hash to its target location.

Something like: memset(ctx, 0, sizeof(*ctx)); at the end of the final function.