Use free + init to reset accumulator in entropy module The SHA-256 / SHA-512 context used for entropy mixing in entropy.c was previously reset by zeroization. The commit replaces this by a pair of calls to `mbedtls_shaxxx_init` and `mbedtls_shaxxx_free` which is safe also for alternative implementations of SHA-256 or SHA-512 for which zeroization might not be a proper reset.

commit: 31b37f6edd54233cdf67665d10205d9b94b9cc2d [log] [tgz]
author: Hanno Becker <hanno.becker@arm.com> Wed Jan 17 23:09:20 2018 +0000
committer: Hanno Becker <hanno.becker@arm.com> Wed Jan 17 23:12:53 2018 +0000
tree: 9f3d7ae49c76282c99cd63dc597df78a96d571a0
parent: 4ecd34f86c9c829b2b48f71b9536955875509428 [diff] [blame]
diff --git a/library/entropy.c b/library/entropy.c
index d3c1327..8125f64 100644
--- a/library/entropy.c
+++ b/library/entropy.c

@@ -318,7 +318,8 @@
     /*
      * Reset accumulator and counters and recycle existing entropy
      */
-    memset( &ctx->accumulator, 0, sizeof( mbedtls_sha512_context ) );
+    mbedtls_sha512_free( &ctx->accumulator );
+    mbedtls_sha512_init( &ctx->accumulator );
     mbedtls_sha512_starts( &ctx->accumulator, 0 );
     mbedtls_sha512_update( &ctx->accumulator, buf, MBEDTLS_ENTROPY_BLOCK_SIZE );
 
@@ -332,7 +333,8 @@
     /*
      * Reset accumulator and counters and recycle existing entropy
      */
-    memset( &ctx->accumulator, 0, sizeof( mbedtls_sha256_context ) );
+    mbedtls_sha256_free( &ctx->accumulator );
+    mbedtls_sha256_init( &ctx->accumulator );
     mbedtls_sha256_starts( &ctx->accumulator, 0 );
     mbedtls_sha256_update( &ctx->accumulator, buf, MBEDTLS_ENTROPY_BLOCK_SIZE );
commit	31b37f6edd54233cdf67665d10205d9b94b9cc2d	[log] [tgz]
author	Hanno Becker <hanno.becker@arm.com>	Wed Jan 17 23:09:20 2018 +0000
committer	Hanno Becker <hanno.becker@arm.com>	Wed Jan 17 23:12:53 2018 +0000
tree	9f3d7ae49c76282c99cd63dc597df78a96d571a0
parent	4ecd34f86c9c829b2b48f71b9536955875509428 [diff] [blame]