From 69ddefb09990ea817ac61edb0048288f3bcacb8b Mon Sep 17 00:00:00 2001 From: night1rider Date: Fri, 27 Feb 2026 16:13:21 -0700 Subject: [PATCH] Zero-initialize stack-declared hash contexts in GetHash functions before passing to Copy, which now calls Free(dst) and requires valid fields. --- wolfcrypt/src/md5.c | 1 + wolfcrypt/src/port/riscv/riscv-64-sha256.c | 2 ++ wolfcrypt/src/port/riscv/riscv-64-sha512.c | 4 ++++ wolfcrypt/src/sha3.c | 1 + 4 files changed, 8 insertions(+) diff --git a/wolfcrypt/src/md5.c b/wolfcrypt/src/md5.c index aa24c63bb6..5ee180bb60 100644 --- a/wolfcrypt/src/md5.c +++ b/wolfcrypt/src/md5.c @@ -522,6 +522,7 @@ int wc_Md5GetHash(wc_Md5* md5, byte* hash) if (md5 == NULL || hash == NULL) return BAD_FUNC_ARG; + XMEMSET(&tmpMd5, 0, sizeof(tmpMd5)); ret = wc_Md5Copy(md5, &tmpMd5); if (ret == 0) { ret = wc_Md5Final(&tmpMd5, hash); diff --git a/wolfcrypt/src/port/riscv/riscv-64-sha256.c b/wolfcrypt/src/port/riscv/riscv-64-sha256.c index abf9581da4..44af0b80c3 100644 --- a/wolfcrypt/src/port/riscv/riscv-64-sha256.c +++ b/wolfcrypt/src/port/riscv/riscv-64-sha256.c @@ -1031,6 +1031,7 @@ int wc_Sha256GetHash(wc_Sha256* sha256, byte* hash) } else { wc_Sha256 tmpSha256; + XMEMSET(&tmpSha256, 0, sizeof(tmpSha256)); /* Create a copy of the hash to finalize. */ ret = wc_Sha256Copy(sha256, &tmpSha256); if (ret == 0) { @@ -1350,6 +1351,7 @@ int wc_Sha224GetHash(wc_Sha224* sha224, byte* hash) } else { wc_Sha224 tmpSha224; + XMEMSET(&tmpSha224, 0, sizeof(tmpSha224)); /* Create a copy of the hash to finalize. */ ret = wc_Sha224Copy(sha224, &tmpSha224); if (ret == 0) { diff --git a/wolfcrypt/src/port/riscv/riscv-64-sha512.c b/wolfcrypt/src/port/riscv/riscv-64-sha512.c index c7ab141cd2..5c00f28d16 100644 --- a/wolfcrypt/src/port/riscv/riscv-64-sha512.c +++ b/wolfcrypt/src/port/riscv/riscv-64-sha512.c @@ -1140,6 +1140,7 @@ int wc_Sha512GetHash(wc_Sha512* sha512, byte* hash) } else { wc_Sha512 tmpSha512; + XMEMSET(&tmpSha512, 0, sizeof(tmpSha512)); /* Create a copy of the hash to finalize. */ ret = wc_Sha512Copy(sha512, &tmpSha512); if (ret == 0) { @@ -1357,6 +1358,7 @@ int wc_Sha512_224GetHash(wc_Sha512* sha512, byte* hash) } else { wc_Sha512 tmpSha512; + XMEMSET(&tmpSha512, 0, sizeof(tmpSha512)); /* Create a copy of the hash to finalize. */ ret = wc_Sha512Copy(sha512, &tmpSha512); if (ret == 0) { @@ -1456,6 +1458,7 @@ int wc_Sha512_256GetHash(wc_Sha512* sha512, byte* hash) } else { wc_Sha512 tmpSha512; + XMEMSET(&tmpSha512, 0, sizeof(tmpSha512)); /* Create a copy of the hash to finalize. */ ret = wc_Sha512Copy(sha512, &tmpSha512); if (ret == 0) { @@ -1671,6 +1674,7 @@ int wc_Sha384GetHash(wc_Sha384* sha384, byte* hash) } else { wc_Sha384 tmpSha384; + XMEMSET(&tmpSha384, 0, sizeof(tmpSha384)); /* Create a copy of the hash to finalize. */ ret = wc_Sha384Copy(sha384, &tmpSha384); if (ret == 0) { diff --git a/wolfcrypt/src/sha3.c b/wolfcrypt/src/sha3.c index 6fa0e89e8b..5fd3b0e305 100644 --- a/wolfcrypt/src/sha3.c +++ b/wolfcrypt/src/sha3.c @@ -1345,6 +1345,7 @@ static int wc_Sha3GetHash(wc_Sha3* sha3, byte* hash, byte p, byte len) if (sha3 == NULL || hash == NULL) return BAD_FUNC_ARG; + XMEMSET(&tmpSha3, 0, sizeof(tmpSha3)); ret = wc_Sha3Copy(sha3, &tmpSha3); if (ret == 0) { ret = wc_Sha3Final(&tmpSha3, hash, p, len);