Fix #5079. Add the support of call to mbedtls_xxx_finish even if mbedtls_xxx_udate

adustm · adustm · commit 3250e2d6d468 · 2018-01-30T09:41:23.000+01:00
was not called since mbedtls_xxx_start
diff --git a/features/mbedtls/targets/TARGET_STM/TARGET_STM32F4/TARGET_STM32F439xI/mbedtls_device.h b/features/mbedtls/targets/TARGET_STM/TARGET_STM32F4/TARGET_STM32F439xI/mbedtls_device.h
@@ -22,12 +22,10 @@
 
 #define MBEDTLS_AES_ALT
 
-/* FIXME: Don't enable SHA1, SHA256 and MD5 hardware acceleration until issue
- * #5079 is fixed. (https://github.com/ARMmbed/mbed-os/issues/5079) */
-/* #define MBEDTLS_SHA256_ALT */
+#define MBEDTLS_SHA256_ALT
 
-/* #define MBEDTLS_SHA1_ALT */
+#define MBEDTLS_SHA1_ALT
 
-/* #define MBEDTLS_MD5_ALT */
+#define MBEDTLS_MD5_ALT
 
 #endif /* MBEDTLS_DEVICE_H */
diff --git a/features/mbedtls/targets/TARGET_STM/md5_alt.c b/features/mbedtls/targets/TARGET_STM/md5_alt.c
@@ -175,6 +175,12 @@ void mbedtls_md5_finish( mbedtls_md5_context *ctx, unsigned char output[16] )
             return; // Return error code here
         }
     }
+    /* The following test can happen when the input is empty, and mbedtls_md5_update has never been called */
+    if(ctx->hhash_md5.Phase == HAL_HASH_PHASE_READY) {
+        /* Select the MD5 mode and reset the HASH processor core, so that the HASH will be ready to compute
+            the message digest of a new message */
+        HASH->CR |= HASH_ALGOSELECTION_MD5 | HASH_CR_INIT;
+    }
     mbedtls_zeroize( ctx->sbuf, ST_MD5_BLOCK_SIZE);
     ctx->sbuf_len = 0;
     __HAL_HASH_START_DIGEST();
diff --git a/features/mbedtls/targets/TARGET_STM/sha1_alt.c b/features/mbedtls/targets/TARGET_STM/sha1_alt.c
@@ -174,6 +174,12 @@ void mbedtls_sha1_finish( mbedtls_sha1_context *ctx, unsigned char output[20] )
             return; // Return error code here
         }
     }
+    /* The following test can happen when the input is empty, and mbedtls_sha1_update has never been called */
+    if(ctx->hhash_sha1.Phase == HAL_HASH_PHASE_READY) {
+        /* Select the SHA1 mode and reset the HASH processor core, so that the HASH will be ready to compute
+           the message digest of a new message */
+        HASH->CR |= HASH_ALGOSELECTION_SHA1 | HASH_CR_INIT;
+    }
     mbedtls_zeroize(ctx->sbuf, ST_SHA1_BLOCK_SIZE);
     ctx->sbuf_len = 0;
     __HAL_HASH_START_DIGEST();
diff --git a/features/mbedtls/targets/TARGET_STM/sha256_alt.c b/features/mbedtls/targets/TARGET_STM/sha256_alt.c
@@ -198,6 +198,18 @@ void mbedtls_sha256_finish( mbedtls_sha256_context *ctx, unsigned char output[32
             }
         }
     }
+    /* The following test can happen when the input is empty, and mbedtls_sha256_update has never been called */
+    if(ctx->hhash_sha256.Phase == HAL_HASH_PHASE_READY) {
+        if (ctx->is224 == 0) {
+            /* Select the SHA256 mode and reset the HASH processor core, so that the HASH will be ready to compute
+           the message digest of a new message */
+            HASH->CR |= HASH_ALGOSELECTION_SHA256 | HASH_CR_INIT;
+        } else {
+            /* Select the SHA224 mode and reset the HASH processor core, so that the HASH will be ready to compute
+           the message digest of a new message */
+            HASH->CR |= HASH_ALGOSELECTION_SHA224 | HASH_CR_INIT;
+        }
+    }
     mbedtls_zeroize(ctx->sbuf, ST_SHA256_BLOCK_SIZE);
     ctx->sbuf_len = 0;
     __HAL_HASH_START_DIGEST();

Original file line number	Diff line number	Diff line change
`@@ -175,6 +175,12 @@ void mbedtls_md5_finish( mbedtls_md5_context *ctx, unsigned char output[16] )`
`175`	`175`	`return; // Return error code here`
`176`	`176`	`}`
`177`	`177`	`}`
	`178`	`+ /* The following test can happen when the input is empty, and mbedtls_md5_update has never been called */`
	`179`	`+ if(ctx->hhash_md5.Phase == HAL_HASH_PHASE_READY) {`
	`180`	`+ /* Select the MD5 mode and reset the HASH processor core, so that the HASH will be ready to compute`
	`181`	`+ the message digest of a new message */`
	`182`	`+ HASH->CR \|= HASH_ALGOSELECTION_MD5 \| HASH_CR_INIT;`
	`183`	`+ }`
`178`	`184`	`mbedtls_zeroize( ctx->sbuf, ST_MD5_BLOCK_SIZE);`
`179`	`185`	`ctx->sbuf_len = 0;`
`180`	`186`	`__HAL_HASH_START_DIGEST();`
Original file line number	Diff line number	Diff line change
`@@ -174,6 +174,12 @@ void mbedtls_sha1_finish( mbedtls_sha1_context *ctx, unsigned char output[20] )`
`174`	`174`	`return; // Return error code here`
`175`	`175`	`}`
`176`	`176`	`}`
	`177`	`+ /* The following test can happen when the input is empty, and mbedtls_sha1_update has never been called */`
	`178`	`+ if(ctx->hhash_sha1.Phase == HAL_HASH_PHASE_READY) {`
	`179`	`+ /* Select the SHA1 mode and reset the HASH processor core, so that the HASH will be ready to compute`
	`180`	`+ the message digest of a new message */`
	`181`	`+ HASH->CR \|= HASH_ALGOSELECTION_SHA1 \| HASH_CR_INIT;`
	`182`	`+ }`
`177`	`183`	`mbedtls_zeroize(ctx->sbuf, ST_SHA1_BLOCK_SIZE);`
`178`	`184`	`ctx->sbuf_len = 0;`
`179`	`185`	`__HAL_HASH_START_DIGEST();`
Original file line number	Diff line number	Diff line change
`@@ -198,6 +198,18 @@ void mbedtls_sha256_finish( mbedtls_sha256_context *ctx, unsigned char output[32`
`198`	`198`	`}`
`199`	`199`	`}`
`200`	`200`	`}`
	`201`	`+ /* The following test can happen when the input is empty, and mbedtls_sha256_update has never been called */`
	`202`	`+ if(ctx->hhash_sha256.Phase == HAL_HASH_PHASE_READY) {`
	`203`	`+ if (ctx->is224 == 0) {`
	`204`	`+ /* Select the SHA256 mode and reset the HASH processor core, so that the HASH will be ready to compute`
	`205`	`+ the message digest of a new message */`
	`206`	`+ HASH->CR \|= HASH_ALGOSELECTION_SHA256 \| HASH_CR_INIT;`
	`207`	`+ } else {`
	`208`	`+ /* Select the SHA224 mode and reset the HASH processor core, so that the HASH will be ready to compute`
	`209`	`+ the message digest of a new message */`
	`210`	`+ HASH->CR \|= HASH_ALGOSELECTION_SHA224 \| HASH_CR_INIT;`
	`211`	`+ }`
	`212`	`+ }`
`201`	`213`	`mbedtls_zeroize(ctx->sbuf, ST_SHA256_BLOCK_SIZE);`
`202`	`214`	`ctx->sbuf_len = 0;`
`203`	`215`	`__HAL_HASH_START_DIGEST();`