Use free + init to reset accumulator in entropy module
The SHA-256 / SHA-512 context used for entropy mixing in entropy.c
was previously reset by zeroization. The commit replaces this by
a pair of calls to `mbedtls_shaxxx_init` and `mbedtls_shaxxx_free`
which is safe also for alternative implementations of SHA-256 or
SHA-512 for which zeroization might not be a proper reset.
diff --git a/library/entropy.c b/library/entropy.c
index d3c1327..8125f64 100644
--- a/library/entropy.c
+++ b/library/entropy.c
@@ -318,7 +318,8 @@
/*
* Reset accumulator and counters and recycle existing entropy
*/
- memset( &ctx->accumulator, 0, sizeof( mbedtls_sha512_context ) );
+ mbedtls_sha512_free( &ctx->accumulator );
+ mbedtls_sha512_init( &ctx->accumulator );
mbedtls_sha512_starts( &ctx->accumulator, 0 );
mbedtls_sha512_update( &ctx->accumulator, buf, MBEDTLS_ENTROPY_BLOCK_SIZE );
@@ -332,7 +333,8 @@
/*
* Reset accumulator and counters and recycle existing entropy
*/
- memset( &ctx->accumulator, 0, sizeof( mbedtls_sha256_context ) );
+ mbedtls_sha256_free( &ctx->accumulator );
+ mbedtls_sha256_init( &ctx->accumulator );
mbedtls_sha256_starts( &ctx->accumulator, 0 );
mbedtls_sha256_update( &ctx->accumulator, buf, MBEDTLS_ENTROPY_BLOCK_SIZE );