Fix misuse of MD API in SSL constant-flow HMAC The sequence of calls starts-update-starts-update-finish is not a guaranteed valid way to abort an operation and start a new one. Our software implementation just happens to support it, but alt implementations may very well not support it. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>

commit: 21bfbdd703e82c8836bc4aa52845c0c43a2e1f38 [log] [tgz]
author: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Mon May 17 12:28:08 2021 +0200
committer: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Wed May 19 10:40:02 2021 +0200
tree: e836ca85cba5b799db95de587a80d3278b81924e
parent: 8ce4ab18ab8a26e75978ea1b199de1ede238353a [diff] [blame]
diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index 54a7be0..1352b49 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c

@@ -1241,6 +1241,9 @@
             MD_CHK( mbedtls_md_update( ctx, data + offset, 1 ) );
     }
 
+    /* The context needs to finish() before it starts() again */
+    MD_CHK( mbedtls_md_finish( ctx, aux_out ) );
+
     /* Now compute HASH(okey + inner_hash) */
     MD_CHK( mbedtls_md_starts( ctx ) );
     MD_CHK( mbedtls_md_update( ctx, okey, block_size ) );
commit	21bfbdd703e82c8836bc4aa52845c0c43a2e1f38	[log] [tgz]
author	Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	Mon May 17 12:28:08 2021 +0200
committer	Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	Wed May 19 10:40:02 2021 +0200
tree	e836ca85cba5b799db95de587a80d3278b81924e
parent	8ce4ab18ab8a26e75978ea1b199de1ede238353a [diff] [blame]