From 1cc67a0d0ecc46e4916a2a42a567c1f010ae3a37 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 17 Jan 2018 17:38:28 +0000 Subject: [PATCH] Add missing calls to sha{256/512}_{init/free} in entropy module The entropy context contains a SHA-256 or SHA-512 context for entropy mixing, but doesn't initialize / free this context properly in the initialization and freeing functions `mbedtls_entropy_init` and `mbedtls_entropy_free` through a call to `mbedtls_sha{256/512}_init` resp. `mbedtls_sha{256/512}_free`. Instead, only a zeroization of the entire entropy structure is performed. This doesn't lead to problems for the current software implementations of SHA-256 and SHA-512 because zeroization is proper initialization for them, but it may (and does) cause problems for alternative implementations of SHA-256 and SHA-512 that use context structures that cannot be properly initialized through zeroization. This commit fixes this. Found and fix suggested by ccli8. --- library/entropy.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/library/entropy.c b/library/entropy.c index b45384dbe4..d3c1327196 100644 --- a/library/entropy.c +++ b/library/entropy.c @@ -68,8 +68,10 @@ void mbedtls_entropy_init( mbedtls_entropy_context *ctx ) #endif #if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR) + mbedtls_sha512_init( &ctx->accumulator ); mbedtls_sha512_starts( &ctx->accumulator, 0 ); #else + mbedtls_sha256_init( &ctx->accumulator ); mbedtls_sha256_starts( &ctx->accumulator, 0 ); #endif #if defined(MBEDTLS_HAVEGE_C) @@ -105,6 +107,13 @@ void mbedtls_entropy_free( mbedtls_entropy_context *ctx ) #if defined(MBEDTLS_HAVEGE_C) mbedtls_havege_free( &ctx->havege_data ); #endif + +#if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR) + mbedtls_sha512_free( &ctx->accumulator ); +#else + mbedtls_sha256_free( &ctx->accumulator ); +#endif + #if defined(MBEDTLS_THREADING_C) mbedtls_mutex_free( &ctx->mutex ); #endif