From 143894013bc90d6c78232b01e73066770212c44c Mon Sep 17 00:00:00 2001
From: Sid Hsu <sid.hsu@infineon.com>
Date: Tue, 7 Jun 2022 21:09:01 +0800
Subject: [PATCH] Run init/free to the backup context for GetDigest. (#19233)

CYW30739 platform specific SHA256 implementations need
mbedtls_sha256_init/mbedtls_sha256_free functions called to do
initialization and cleanup.
---
 src/crypto/CHIPCryptoPALmbedTLS.cpp | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/crypto/CHIPCryptoPALmbedTLS.cpp b/src/crypto/CHIPCryptoPALmbedTLS.cpp
index af27353f179f90..1c849cd78e8559 100644
--- a/src/crypto/CHIPCryptoPALmbedTLS.cpp
+++ b/src/crypto/CHIPCryptoPALmbedTLS.cpp
@@ -290,6 +290,7 @@ CHIP_ERROR Hash_SHA256_stream::GetDigest(MutableByteSpan & out_buffer)
 
     // Back-up context as we are about to finalize the hash to extract digest.
     mbedtls_sha256_context previous_ctx;
+    mbedtls_sha256_init(&previous_ctx);
     mbedtls_sha256_clone(&previous_ctx, context);
 
     // Pad + compute digest, then finalize context. It is restored next line to continue.
@@ -297,6 +298,7 @@ CHIP_ERROR Hash_SHA256_stream::GetDigest(MutableByteSpan & out_buffer)
 
     // Restore context prior to finalization.
     mbedtls_sha256_clone(context, &previous_ctx);
+    mbedtls_sha256_free(&previous_ctx);
 
     return result;
 }