commit f4e3fc91336296f97ce89c7b144c28b3056550e4
author Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Fri Jun 12 11:14:35 2020 +0200
committer Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Mon Jun 15 11:55:53 2020 +0200
tree 28692493734a129a76f457adb268e24bd8883a24
parent 1fc09be3ea3b2cfdb4054ea80bf3b72d26f188d0

Use starts/finish around Lucky 13 dummy compressions

Fixes #3246

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>

library/ssl_msg.c

diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index ae8d076..7fc4bf0 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -1578,6 +1578,8 @@
              * linking an extra division function in some builds).
              */
             size_t j, extra_run = 0;
+            /* This size is enough to server either as input to
+             * md_process() or as output to md_finish() */
             unsigned char tmp[MBEDTLS_MD_MAX_BLOCK_SIZE];
 
             /*
@@ -1633,10 +1635,15 @@
             ssl_read_memory( data + rec->data_len, padlen );
             mbedtls_md_hmac_finish( &transform->md_ctx_dec, mac_expect );
 
-            /* Call mbedtls_md_process at least once due to cache attacks
-             * that observe whether md_process() was called of not */
+            /* Dummy calls to compression function.
+             * Call mbedtls_md_process at least once due to cache attacks
+             * that observe whether md_process() was called of not.
+             * Respect the usual start-(process|update)-finish sequence for
+             * the sake of hardware accelerators that might require it. */
+            mbedtls_md_starts( &transform->md_ctx_dec );
             for( j = 0; j < extra_run + 1; j++ )
                 mbedtls_md_process( &transform->md_ctx_dec, tmp );
+            mbedtls_md_finish( &transform->md_ctx_dec, tmp );
 
             mbedtls_md_hmac_reset( &transform->md_ctx_dec );