From 31b37f6edd54233cdf67665d10205d9b94b9cc2d Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 17 Jan 2018 23:09:20 +0000 Subject: [PATCH] Use free + init to reset accumulator in entropy module The SHA-256 / SHA-512 context used for entropy mixing in entropy.c was previously reset by zeroization. The commit replaces this by a pair of calls to `mbedtls_shaxxx_init` and `mbedtls_shaxxx_free` which is safe also for alternative implementations of SHA-256 or SHA-512 for which zeroization might not be a proper reset. --- library/entropy.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/library/entropy.c b/library/entropy.c index d3c1327196..8125f644a8 100644 --- a/library/entropy.c +++ b/library/entropy.c @@ -318,7 +318,8 @@ int mbedtls_entropy_func( void *data, unsigned char *output, size_t len ) /* * Reset accumulator and counters and recycle existing entropy */ - memset( &ctx->accumulator, 0, sizeof( mbedtls_sha512_context ) ); + mbedtls_sha512_free( &ctx->accumulator ); + mbedtls_sha512_init( &ctx->accumulator ); mbedtls_sha512_starts( &ctx->accumulator, 0 ); mbedtls_sha512_update( &ctx->accumulator, buf, MBEDTLS_ENTROPY_BLOCK_SIZE ); @@ -332,7 +333,8 @@ int mbedtls_entropy_func( void *data, unsigned char *output, size_t len ) /* * Reset accumulator and counters and recycle existing entropy */ - memset( &ctx->accumulator, 0, sizeof( mbedtls_sha256_context ) ); + mbedtls_sha256_free( &ctx->accumulator ); + mbedtls_sha256_init( &ctx->accumulator ); mbedtls_sha256_starts( &ctx->accumulator, 0 ); mbedtls_sha256_update( &ctx->accumulator, buf, MBEDTLS_ENTROPY_BLOCK_SIZE );