From f664d8cba64b7b5690555644c639d04480860575 Mon Sep 17 00:00:00 2001 From: Jerzy Kasenberg Date: Tue, 22 Apr 2025 08:52:50 +0200 Subject: [PATCH] bootutil: Fix crash when bootutil_sha_init() is called in loop For mynewt hardware implementation of hash functionality calling bootutil_sha_init() in a loop without call to bootutil_sha_drop() result in a failure. In two places where bootutil_sha_drop() was called after the loop, call is move into the loop to match calls to bootutil_sha_init(). This will not impact default implementation where calling bootutil_sha_drop() in a loop does not change anything. Signed-off-by: Jerzy Kasenberg --- boot/bootutil/src/image_rsa.c | 3 +-- boot/bootutil/src/image_validate.c | 3 +-- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/boot/bootutil/src/image_rsa.c b/boot/bootutil/src/image_rsa.c index 37c35e05e4..778a92b468 100644 --- a/boot/bootutil/src/image_rsa.c +++ b/boot/bootutil/src/image_rsa.c @@ -97,6 +97,7 @@ pss_mgf1(uint8_t *mask, const uint8_t *hash) bootutil_sha_update(&ctx, hash, PSS_HLEN); bootutil_sha_update(&ctx, counter, 4); bootutil_sha_finish(&ctx, htmp); + bootutil_sha_drop(&ctx); counter[3]++; @@ -108,8 +109,6 @@ pss_mgf1(uint8_t *mask, const uint8_t *hash) mask += bytes; count -= bytes; } - - bootutil_sha_drop(&ctx); } /* diff --git a/boot/bootutil/src/image_validate.c b/boot/bootutil/src/image_validate.c index 61cbf4de04..7a7573a0be 100644 --- a/boot/bootutil/src/image_validate.c +++ b/boot/bootutil/src/image_validate.c @@ -289,12 +289,11 @@ bootutil_find_key(uint8_t *keyhash, uint8_t keyhash_len) bootutil_sha_init(&sha_ctx); bootutil_sha_update(&sha_ctx, key->key, *key->len); bootutil_sha_finish(&sha_ctx, hash); + bootutil_sha_drop(&sha_ctx); if (!memcmp(hash, keyhash, keyhash_len)) { - bootutil_sha_drop(&sha_ctx); return i; } } - bootutil_sha_drop(&sha_ctx); return -1; } #else /* !MCUBOOT_HW_KEY */