[NUC472/M487] Fix SHA H/W is not stopped in corner case

Take SHA1 for example, without the fix, SHA H/W is not stopped in either case:
(1) ctx->total == 0 in mbedtls_sha1_hw_finish()
(2) mbedtls_sha1_hw_finish() is not called by upper layer

Author: ccli8

features/mbedtls/targets/TARGET_NUVOTON/TARGET_M480/sha/sha_alt_hw.c

@@ -50,6 +50,8 @@ void mbedtls_sha1_hw_free(crypto_sha_context *ctx)
         return;
     }
 
+    CRPT->HMAC_CTL |= CRPT_HMAC_CTL_STOP_Msk;
+
     /* Uninit crypto module */
     crypto_uninit();
     crypto_zeroize(ctx, sizeof(crypto_sha_context));
@@ -91,8 +93,6 @@ void mbedtls_sha1_hw_finish(crypto_sha_context *ctx, unsigned char output[20])
         crypto_sha_update_nobuf(ctx, ctx->buffer, ctx->buffer_left, 1);
         ctx->buffer_left = 0;
         crypto_sha_getinternstate(output, 20);
-
-        CRPT->HMAC_CTL |= CRPT_HMAC_CTL_STOP_Msk;
     } else {
         mbedtls_sha1_sw_context ctx_sw;
 
@@ -101,6 +101,8 @@ void mbedtls_sha1_hw_finish(crypto_sha_context *ctx, unsigned char output[20])
         mbedtls_sha1_sw_finish(&ctx_sw, output);
         mbedtls_sha1_sw_free(&ctx_sw);
     }
+    
+    CRPT->HMAC_CTL |= CRPT_HMAC_CTL_STOP_Msk;
 }
 
 void mbedtls_sha1_hw_process(crypto_sha_context *ctx, const unsigned char data[64])
@@ -127,6 +129,8 @@ void mbedtls_sha256_hw_free(crypto_sha_context *ctx)
         return;
     }
 
+    CRPT->HMAC_CTL |= CRPT_HMAC_CTL_STOP_Msk;
+
     /* Uninit crypto module */
     crypto_uninit();
     crypto_zeroize(ctx, sizeof(crypto_sha_context));
@@ -169,8 +173,6 @@ void mbedtls_sha256_hw_finish(crypto_sha_context *ctx, unsigned char output[32])
         crypto_sha_update_nobuf(ctx, ctx->buffer, ctx->buffer_left, 1);
         ctx->buffer_left = 0;
         crypto_sha_getinternstate(output, ctx->is224_384 ? 28 : 32);
-
-        CRPT->HMAC_CTL |= CRPT_HMAC_CTL_STOP_Msk;
     } else {
         mbedtls_sha256_sw_context ctx_sw;
 
@@ -179,6 +181,8 @@ void mbedtls_sha256_hw_finish(crypto_sha_context *ctx, unsigned char output[32])
         mbedtls_sha256_sw_finish(&ctx_sw, output);
         mbedtls_sha256_sw_free(&ctx_sw);
     }
+    
+    CRPT->HMAC_CTL |= CRPT_HMAC_CTL_STOP_Msk;
 }
 
 void mbedtls_sha256_hw_process(crypto_sha_context *ctx, const unsigned char data[64])
@@ -206,6 +210,8 @@ void mbedtls_sha512_hw_free(crypto_sha_context *ctx)
         return;
     }
 
+    CRPT->HMAC_CTL |= CRPT_HMAC_CTL_STOP_Msk;
+    
     /* Uninit crypto module */
     crypto_uninit();
     crypto_zeroize(ctx, sizeof(crypto_sha_context));
@@ -248,8 +254,6 @@ void mbedtls_sha512_hw_finish(crypto_sha_context *ctx, unsigned char output[64])
         crypto_sha_update_nobuf(ctx, ctx->buffer, ctx->buffer_left, 1);
         ctx->buffer_left = 0;
         crypto_sha_getinternstate(output, ctx->is224_384 ? 48 : 64);
-
-        CRPT->HMAC_CTL |= CRPT_HMAC_CTL_STOP_Msk;
     } else {
         mbedtls_sha512_sw_context ctx_sw;
 
@@ -258,6 +262,8 @@ void mbedtls_sha512_hw_finish(crypto_sha_context *ctx, unsigned char output[64])
         mbedtls_sha512_sw_finish(&ctx_sw, output);
         mbedtls_sha512_sw_free(&ctx_sw);
     }
+    
+    CRPT->HMAC_CTL |= CRPT_HMAC_CTL_STOP_Msk;
 }
 
 void mbedtls_sha512_hw_process(crypto_sha_context *ctx, const unsigned char data[128])

features/mbedtls/targets/TARGET_NUVOTON/TARGET_NUC472/sha/sha_alt_hw.c

@@ -50,6 +50,8 @@ void mbedtls_sha1_hw_free(crypto_sha_context *ctx)
         return;
     }
 
+    CRPT->SHA_CTL |= CRPT_SHA_CTL_STOP_Msk;
+
     /* Uninit crypto module */
     crypto_uninit();
     crypto_zeroize(ctx, sizeof(crypto_sha_context));
@@ -91,8 +93,6 @@ void mbedtls_sha1_hw_finish(crypto_sha_context *ctx, unsigned char output[20])
         crypto_sha_update_nobuf(ctx, ctx->buffer, ctx->buffer_left, 1);
         ctx->buffer_left = 0;
         crypto_sha_getinternstate(output, 20);
-
-        CRPT->SHA_CTL |= CRPT_SHA_CTL_STOP_Msk;
     } else {
         mbedtls_sha1_sw_context ctx_sw;
 
@@ -101,6 +101,8 @@ void mbedtls_sha1_hw_finish(crypto_sha_context *ctx, unsigned char output[20])
         mbedtls_sha1_sw_finish(&ctx_sw, output);
         mbedtls_sha1_sw_free(&ctx_sw);
     }
+    
+    CRPT->SHA_CTL |= CRPT_SHA_CTL_STOP_Msk;
 }
 
 void mbedtls_sha1_hw_process(crypto_sha_context *ctx, const unsigned char data[64])
@@ -127,6 +129,8 @@ void mbedtls_sha256_hw_free(crypto_sha_context *ctx)
         return;
     }
 
+    CRPT->SHA_CTL |= CRPT_SHA_CTL_STOP_Msk;
+
     /* Uninit crypto module */
     crypto_uninit();
     crypto_zeroize(ctx, sizeof(crypto_sha_context));
@@ -169,8 +173,6 @@ void mbedtls_sha256_hw_finish(crypto_sha_context *ctx, unsigned char output[32])
         crypto_sha_update_nobuf(ctx, ctx->buffer, ctx->buffer_left, 1);
         ctx->buffer_left = 0;
         crypto_sha_getinternstate(output, ctx->is224 ? 28 : 32);
-
-        CRPT->SHA_CTL |= CRPT_SHA_CTL_STOP_Msk;
     } else {
         mbedtls_sha256_sw_context ctx_sw;
 
@@ -179,6 +181,8 @@ void mbedtls_sha256_hw_finish(crypto_sha_context *ctx, unsigned char output[32])
         mbedtls_sha256_sw_finish(&ctx_sw, output);
         mbedtls_sha256_sw_free(&ctx_sw);
     }
+    
+    CRPT->SHA_CTL |= CRPT_SHA_CTL_STOP_Msk;
 }
 
 void mbedtls_sha256_hw_process(crypto_sha_context *ctx, const unsigned char data[64])