Zero-initialize stack-declared hash contexts in GetHash functions before passing to Copy, which now calls Free(dst) and requires valid fields.

Author: night1rider

wolfcrypt/src/md5.c

@@ -522,6 +522,7 @@ int wc_Md5GetHash(wc_Md5* md5, byte* hash)
     if (md5 == NULL || hash == NULL)
         return BAD_FUNC_ARG;
 
+    XMEMSET(&tmpMd5, 0, sizeof(tmpMd5));
     ret = wc_Md5Copy(md5, &tmpMd5);
     if (ret == 0) {
         ret = wc_Md5Final(&tmpMd5, hash);

wolfcrypt/src/port/riscv/riscv-64-sha256.c

@@ -1031,6 +1031,7 @@ int wc_Sha256GetHash(wc_Sha256* sha256, byte* hash)
     }
     else {
         wc_Sha256 tmpSha256;
+        XMEMSET(&tmpSha256, 0, sizeof(tmpSha256));
         /* Create a copy of the hash to finalize. */
         ret = wc_Sha256Copy(sha256, &tmpSha256);
         if (ret == 0) {
@@ -1350,6 +1351,7 @@ int wc_Sha224GetHash(wc_Sha224* sha224, byte* hash)
     }
     else {
         wc_Sha224 tmpSha224;
+        XMEMSET(&tmpSha224, 0, sizeof(tmpSha224));
         /* Create a copy of the hash to finalize. */
         ret = wc_Sha224Copy(sha224, &tmpSha224);
         if (ret == 0) {

wolfcrypt/src/port/riscv/riscv-64-sha512.c

@@ -1140,6 +1140,7 @@ int wc_Sha512GetHash(wc_Sha512* sha512, byte* hash)
     }
     else {
         wc_Sha512 tmpSha512;
+        XMEMSET(&tmpSha512, 0, sizeof(tmpSha512));
         /* Create a copy of the hash to finalize. */
         ret = wc_Sha512Copy(sha512, &tmpSha512);
         if (ret == 0) {
@@ -1357,6 +1358,7 @@ int wc_Sha512_224GetHash(wc_Sha512* sha512, byte* hash)
     }
     else {
         wc_Sha512 tmpSha512;
+        XMEMSET(&tmpSha512, 0, sizeof(tmpSha512));
         /* Create a copy of the hash to finalize. */
         ret = wc_Sha512Copy(sha512, &tmpSha512);
         if (ret == 0) {
@@ -1456,6 +1458,7 @@ int wc_Sha512_256GetHash(wc_Sha512* sha512, byte* hash)
     }
     else {
         wc_Sha512 tmpSha512;
+        XMEMSET(&tmpSha512, 0, sizeof(tmpSha512));
         /* Create a copy of the hash to finalize. */
         ret = wc_Sha512Copy(sha512, &tmpSha512);
         if (ret == 0) {
@@ -1671,6 +1674,7 @@ int wc_Sha384GetHash(wc_Sha384* sha384, byte* hash)
     }
     else {
         wc_Sha384 tmpSha384;
+        XMEMSET(&tmpSha384, 0, sizeof(tmpSha384));
         /* Create a copy of the hash to finalize. */
         ret = wc_Sha384Copy(sha384, &tmpSha384);
         if (ret == 0) {

wolfcrypt/src/sha3.c

@@ -1345,6 +1345,7 @@ static int wc_Sha3GetHash(wc_Sha3* sha3, byte* hash, byte p, byte len)
     if (sha3 == NULL || hash == NULL)
         return BAD_FUNC_ARG;
 
+    XMEMSET(&tmpSha3, 0, sizeof(tmpSha3));
     ret = wc_Sha3Copy(sha3, &tmpSha3);
     if (ret == 0) {
         ret = wc_Sha3Final(&tmpSha3, hash, p, len);