Removed further timing differences during SSL message decryption in ssl_decrypt_buf()

New padding checking is unbiased on correct or incorrect padding and
has no branch prediction timing differences.

The additional MAC checks further straighten out the timing differences.

include/polarssl/md5.h

@@ -154,6 +154,9 @@ void md5_hmac( const unsigned char *key, size_t keylen,
  */
 int md5_self_test( int verbose );
 
+/* Internal use */
+void md5_process( md5_context *ctx, const unsigned char data[64] );
+
 #ifdef __cplusplus
 }
 #endif

include/polarssl/sha1.h

@@ -152,6 +152,9 @@ void sha1_hmac( const unsigned char *key, size_t keylen,
  */
 int sha1_self_test( int verbose );
 
+/* Internal use */
+void sha1_process( sha1_context *ctx, const unsigned char data[64] );
+
 #ifdef __cplusplus
 }
 #endif

include/polarssl/sha2.h

@@ -160,6 +160,9 @@ void sha2_hmac( const unsigned char *key, size_t keylen,
  */
 int sha2_self_test( int verbose );
 
+/* Internal use */
+void sha2_process( sha2_context *ctx, const unsigned char data[64] );
+
 #ifdef __cplusplus
 }
 #endif