From 6260ee9cabfe6b80867d67762a0fc7c0b6ac62ba Mon Sep 17 00:00:00 2001
From: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
Date: Fri, 14 Apr 2023 12:28:16 +0200
Subject: [PATCH] cert_app: init entropy unconditionally

When mbedtls_entropy_free() is called without mbedtls_entropy_init() entropy is uninitialized and contains garbage which may lead to segmentation fault.

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
---
 programs/x509/cert_app.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/programs/x509/cert_app.c b/programs/x509/cert_app.c
index 042b80e43b..b212ac3054 100644
--- a/programs/x509/cert_app.c
+++ b/programs/x509/cert_app.c
@@ -162,6 +162,7 @@ int main(int argc, char *argv[])
     mbedtls_ssl_init(&ssl);
     mbedtls_ssl_config_init(&conf);
     mbedtls_x509_crt_init(&cacert);
+    mbedtls_entropy_init(&entropy);
 #if defined(MBEDTLS_X509_CRL_PARSE_C)
     mbedtls_x509_crl_init(&cacrl);
 #else
@@ -347,7 +348,6 @@ usage:
         mbedtls_printf("\n  . Seeding the random number generator...");
         fflush(stdout);
 
-        mbedtls_entropy_init(&entropy);
         if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
                                          (const unsigned char *) pers,
                                          strlen(pers))) != 0) {