Commit f448629c authored by Dominik Ermel's avatar Dominik Ermel Committed by Jamie McCrae
Browse files

bootutil: boot_decrypt_key: Only one bootutil_hmac_sha256_drop needed 



Optimize out some unneeded calls.

Signed-off-by: default avatarDominik Ermel <dominik.ermel@nordicsemi.no>
(cherry picked from commit 687dc8c5)
parent 2f5d6bf9

boot/bootutil/src/encrypted.c

+1 −4
Original line number Diff line number Diff line
@@ -559,18 +559,15 @@ boot_decrypt_key(const uint8_t *buf, uint8_t *enckey) 


    /* Assumes the tag buffer is at least sizeof(hmac_tag_size(state)) bytes */

    rc = bootutil_hmac_sha256_finish(&hmac, tag, BOOTUTIL_CRYPTO_SHA256_DIGEST_SIZE);

    if (rc != 0) {

    (void)bootutil_hmac_sha256_drop(&hmac);

    if (rc != 0) {

        return -1;

    }



    if (bootutil_constant_time_compare(tag, &buf[EC_TAG_INDEX], 32) != 0) {

        (void)bootutil_hmac_sha256_drop(&hmac);

        return -1;

    }



    bootutil_hmac_sha256_drop(&hmac);



    /*

     * Finally decrypt the received ciphered key

     */

CRA Git | Maintained and supported by SUSTech CRA and CCSE