[NUC472/M487] Fix SHA H/W resource leakage in context cloning

Author: ccli8

features/mbedtls/targets/TARGET_NUVOTON/TARGET_M480/sha/sha1_alt.c

@@ -51,6 +51,21 @@ void mbedtls_sha1_free(mbedtls_sha1_context *ctx)
 void mbedtls_sha1_clone(mbedtls_sha1_context *dst,
                         const mbedtls_sha1_context *src)
 {
+    // If dst is H/W context, we need to change it to S/W context first before cloning to.
+    while (dst->ishw) {
+        mbedtls_sha1_free(dst);
+        // We just want S/W context, so we lock SHA H/W resource if it is available.
+        if (crypto_sha_acquire()) {
+            mbedtls_sha1_init(dst);
+            crypto_sha_release();
+        }
+        else {
+            mbedtls_sha1_init(dst);
+        }
+        
+        // We still have potential to get H/W context due to race condition. Retry if need be.
+    }
+
     if (src->ishw) {
         // Clone S/W ctx from H/W ctx
         dst->ishw = 0;

features/mbedtls/targets/TARGET_NUVOTON/TARGET_M480/sha/sha256_alt.c

@@ -51,6 +51,21 @@ void mbedtls_sha256_free(mbedtls_sha256_context *ctx)
 void mbedtls_sha256_clone(mbedtls_sha256_context *dst,
                           const mbedtls_sha256_context *src)
 {
+    // If dst is H/W context, we need to change it to S/W context first before cloning to.
+    while (dst->ishw) {
+        mbedtls_sha256_free(dst);
+        // We just want S/W context, so we lock SHA H/W resource if it is available.
+        if (crypto_sha_acquire()) {
+            mbedtls_sha256_init(dst);
+            crypto_sha_release();
+        }
+        else {
+            mbedtls_sha256_init(dst);
+        }
+        
+        // We still have potential to get H/W context due to race condition. Retry if need be.
+    }
+    
     if (src->ishw) {
         // Clone S/W ctx from H/W ctx
         dst->ishw = 0;

features/mbedtls/targets/TARGET_NUVOTON/TARGET_M480/sha/sha512_alt.c

@@ -51,6 +51,21 @@ void mbedtls_sha512_free(mbedtls_sha512_context *ctx)
 void mbedtls_sha512_clone(mbedtls_sha512_context *dst,
                           const mbedtls_sha512_context *src)
 {
+    // If dst is H/W context, we need to change it to S/W context first before cloning to.
+    while (dst->ishw) {
+        mbedtls_sha512_free(dst);
+        // We just want S/W context, so we lock SHA H/W resource if it is available.
+        if (crypto_sha_acquire()) {
+            mbedtls_sha512_init(dst);
+            crypto_sha_release();
+        }
+        else {
+            mbedtls_sha512_init(dst);
+        }
+        
+        // We still have potential to get H/W context due to race condition. Retry if need be.
+    }
+    
     if (src->ishw) {
         // Clone S/W ctx from H/W ctx
         dst->ishw = 0;

features/mbedtls/targets/TARGET_NUVOTON/TARGET_NUC472/sha/sha1_alt.c

@@ -51,6 +51,21 @@ void mbedtls_sha1_free(mbedtls_sha1_context *ctx)
 void mbedtls_sha1_clone(mbedtls_sha1_context *dst,
                         const mbedtls_sha1_context *src)
 {
+    // If dst is H/W context, we need to change it to S/W context first before cloning to.
+    while (dst->ishw) {
+        mbedtls_sha1_free(dst);
+        // We just want S/W context, so we lock SHA H/W resource if it is available.
+        if (crypto_sha_acquire()) {
+            mbedtls_sha1_init(dst);
+            crypto_sha_release();
+        }
+        else {
+            mbedtls_sha1_init(dst);
+        }
+        
+        // We still have potential to get H/W context due to race condition. Retry if need be.
+    }
+
     if (src->ishw) {
         // Clone S/W ctx from H/W ctx
         dst->ishw = 0;

features/mbedtls/targets/TARGET_NUVOTON/TARGET_NUC472/sha/sha256_alt.c

@@ -51,6 +51,21 @@ void mbedtls_sha256_free(mbedtls_sha256_context *ctx)
 void mbedtls_sha256_clone(mbedtls_sha256_context *dst,
                           const mbedtls_sha256_context *src)
 {
+    // If dst is H/W context, we need to change it to S/W context first before cloning to.
+    while (dst->ishw) {
+        mbedtls_sha256_free(dst);
+        // We just want S/W context, so we lock SHA H/W resource if it is available.
+        if (crypto_sha_acquire()) {
+            mbedtls_sha256_init(dst);
+            crypto_sha_release();
+        }
+        else {
+            mbedtls_sha256_init(dst);
+        }
+        
+        // We still have potential to get H/W context due to race condition. Retry if need be.
+    }
+    
     if (src->ishw) {
         // Clone S/W ctx from H/W ctx
         dst->ishw = 0;