From 7566edaf88bda9877b3c06f4dd161e457af747cf Mon Sep 17 00:00:00 2001 From: Dominik Ermel Date: Wed, 17 Jul 2024 12:11:55 +0000 Subject: [PATCH] boot: Move encryption context invalidation to boot_enc_drop. The enc_key_data.valid had been set to true when key has been added to the encryption context, but in case when boot_enc_drop was called, on the same context, the flag remained true, even though the context may no longer hold any valid context nor key. The commit moves the enc_key_data invalidation to enc_key_drop. Signed-off-by: Dominik Ermel (cherry picked from commit 335573520dbe64392280fab0e94edc50dc0cb05b) --- boot/bootutil/src/encrypted.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/boot/bootutil/src/encrypted.c b/boot/bootutil/src/encrypted.c index 8521f64e..81343cf0 100644 --- a/boot/bootutil/src/encrypted.c +++ b/boot/bootutil/src/encrypted.c @@ -347,6 +347,7 @@ int boot_enc_drop(struct enc_key_data *enc_state, uint8_t slot) { bootutil_aes_ctr_drop(&enc_state[slot].aes_ctr); + enc_state[slot].valid = 0; return 0; } @@ -359,7 +360,6 @@ boot_enc_set_key(struct enc_key_data *enc_state, uint8_t slot, rc = bootutil_aes_ctr_set_key(&enc_state[slot].aes_ctr, bs->enckey[slot]); if (rc != 0) { boot_enc_drop(enc_state, slot); - enc_state[slot].valid = 0; return -1; }