Fix misuse of MD API in SSL constant-flow HMAC The sequence of calls starts-update-starts-update-finish is not a guaranteed valid way to abort an operation and start a new one. Our software implementation just happens to support it, but alt implementations may very well not support it. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>

commit: 5ca21db813894628586568fc6d53e08fa5cbafa5 [log] [tgz]
author: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Mon May 17 12:28:08 2021 +0200
committer: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Wed May 19 10:33:40 2021 +0200
tree: 7975521d80b31340cba033e3932b900ee82384e8
parent: 5605911fd35be4dc24c5c24caf6e363382ad4ad5 [diff] [blame]
diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index 3956a67..55623cc 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c

@@ -1164,6 +1164,9 @@
             MD_CHK( mbedtls_md_update( ctx, data + offset, 1 ) );
     }
 
+    /* The context needs to finish() before it starts() again */
+    MD_CHK( mbedtls_md_finish( ctx, aux_out ) );
+
     /* Now compute HASH(okey + inner_hash) */
     MD_CHK( mbedtls_md_starts( ctx ) );
     MD_CHK( mbedtls_md_update( ctx, okey, block_size ) );
commit	5ca21db813894628586568fc6d53e08fa5cbafa5	[log] [tgz]
author	Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	Mon May 17 12:28:08 2021 +0200
committer	Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	Wed May 19 10:33:40 2021 +0200
tree	7975521d80b31340cba033e3932b900ee82384e8
parent	5605911fd35be4dc24c5c24caf6e363382ad4ad5 [diff] [blame]