Abstracting mcuboot crypto functions for cleaner porting and less of an ifdef hell.
- The enc_context needs to initialize.
boot_enc_load seems to always be used to start the process, so calling
init inside makes sense.
- Handle boot_encrypt getting called with size of 0.
- No need to free contexts because Zephyr sets MBEDTLS_PLATFORM_NO_STD_FUNCTIONS.
I don't quite like this because it's implicit and will leak memory on
other ports.
Signed-off-by: Blaž Hrastnik <blaz@mxxn.io>
diff --git a/boot/bootutil/src/image_rsa.c b/boot/bootutil/src/image_rsa.c
index e36b8ba..a94de5c 100644
--- a/boot/bootutil/src/image_rsa.c
+++ b/boot/bootutil/src/image_rsa.c
@@ -30,7 +30,7 @@
#ifdef MCUBOOT_SIGN_RSA
#include "bootutil/sign_key.h"
-#include "bootutil/sha256.h"
+#include "bootutil/crypto/sha256.h"
#include "mbedtls/rsa.h"
#include "mbedtls/asn1.h"
@@ -148,6 +148,8 @@
mask += bytes;
count -= bytes;
}
+
+ bootutil_sha256_drop(&ctx);
}
/*
@@ -260,6 +262,7 @@
bootutil_sha256_update(&shactx, hash, PSS_HLEN);
bootutil_sha256_update(&shactx, &db_mask[PSS_MASK_SALT_POS], PSS_SLEN);
bootutil_sha256_finish(&shactx, h2);
+ bootutil_sha256_drop(&shactx);
/* Step 14. If H = H', output "consistent". Otherwise, output
* "inconsistent". */