Fix issues in CC310 shax_alt discovered by OTT

Initialize the Cryptocell context in the `mbedtls_shax_process()`
function, in case it wasn't initialized. The Process function can be
called without calling to the starts function. Discovered by
On Target Testing on the NRF52840_DK platform.

Author: Ron Eldor

features/cryptocell/FEATURE_CRYPTOCELL310/sha1_alt.c

@@ -44,11 +44,23 @@ void mbedtls_sha1_clone( mbedtls_sha1_context *dst,
     memcpy( dst, src, sizeof( mbedtls_sha1_context ) );
 }
 
-int mbedtls_sha1_starts_ret( mbedtls_sha1_context *ctx )
+static int init_cc( mbedtls_sha1_context *ctx )
 {
+    int ret = 0;
     if( CRYS_HASH_Init( &ctx->crys_hash_ctx, CRYS_HASH_SHA1_mode ) != CRYS_OK )
-            return ( MBEDTLS_ERR_SHA1_HW_ACCEL_FAILED );
-    return ( 0 );
+    {
+        ret = MBEDTLS_ERR_SHA1_HW_ACCEL_FAILED ;
+        goto exit;
+    }
+
+    ctx->is_cc_initiated = 1;
+exit:
+    return ( ret );
+}
+
+int mbedtls_sha1_starts_ret( mbedtls_sha1_context *ctx )
+{
+    return ( init_cc( ctx ) );
 }
 
 
@@ -79,8 +91,21 @@ int mbedtls_sha1_finish_ret( mbedtls_sha1_context *ctx,
 int mbedtls_internal_sha1_process( mbedtls_sha1_context *ctx,
                                    const unsigned char data[64] )
 {
+    int ret = 0;
+    if( ctx->is_cc_initiated == 0 )
+    {
+        ret = init_cc( ctx );
+        if( ret != 0 )
+            goto exit;
+    }
+
     if( CRYS_HASH_Update( &ctx->crys_hash_ctx, (uint8_t*)data, 64 ) != CRYS_OK )
-        return ( MBEDTLS_ERR_SHA1_HW_ACCEL_FAILED );
-    return ( 0 );
+    {
+        ret = MBEDTLS_ERR_SHA1_HW_ACCEL_FAILED;
+        goto exit;
+    }
+
+exit:
+        return ( ret );
 }
 #endif //MBEDTLS_SHA1_ALT

features/cryptocell/FEATURE_CRYPTOCELL310/sha1_alt.h

@@ -33,6 +33,7 @@ extern "C" {
 typedef struct
 {
     CRYS_HASHUserContext_t crys_hash_ctx;
+    int                    is_cc_initiated;
 } mbedtls_sha1_context;
 
 /**

features/cryptocell/FEATURE_CRYPTOCELL310/sha256_alt.c

@@ -42,21 +42,46 @@ void mbedtls_sha256_clone( mbedtls_sha256_context *dst,
     memcpy( dst, src, sizeof( mbedtls_sha256_context ) );
 }
 
+static int init_cc( mbedtls_sha256_context *ctx, int is224 )
+{
+    int ret = 0;
+    if( CRYS_HASH_Init( &ctx->crys_hash_ctx, is224 ?
+                       CRYS_HASH_SHA224_mode : CRYS_HASH_SHA256_mode ) != CRYS_OK )
+    {
+        ret = MBEDTLS_ERR_SHA256_HW_ACCEL_FAILED ;
+        goto exit;
+    }
+
+    ctx->is_cc_initiated = 1;
+exit:
+    return ( ret );
+
+}
 
 int mbedtls_sha256_starts_ret( mbedtls_sha256_context *ctx, int is224 )
 {
-    if(CRYS_HASH_Init( &ctx->crys_hash_ctx, is224 ?
-                    CRYS_HASH_SHA224_mode : CRYS_HASH_SHA256_mode ) != CRYS_OK )
-        return ( MBEDTLS_ERR_SHA256_HW_ACCEL_FAILED );
-    return ( 0 );
+    return ( init_cc( ctx, is224 ) );
 }
 
 int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx,
                                      const unsigned char data[64] )
 {
+    int ret = 0;
+    if( ctx->is_cc_initiated == 0 )
+    {
+        ret = init_cc( ctx, 0 );
+        if( ret != 0 )
+            goto exit;
+    }
+
     if( CRYS_HASH_Update( &ctx->crys_hash_ctx, (uint8_t*)data, 64 ) != CRYS_OK )
-        return ( MBEDTLS_ERR_SHA256_HW_ACCEL_FAILED );
-    return ( 0 );
+    {
+        ret = MBEDTLS_ERR_SHA256_HW_ACCEL_FAILED;
+        goto exit;
+    }
+
+exit:
+    return ( ret );
 }
 
 int mbedtls_sha256_update_ret( mbedtls_sha256_context *ctx,

features/cryptocell/FEATURE_CRYPTOCELL310/sha256_alt.h

@@ -35,6 +35,7 @@ extern "C" {
 typedef struct
 {
     CRYS_HASHUserContext_t crys_hash_ctx;
+    int                    is_cc_initiated;
 } mbedtls_sha256_context;