bootutil: Fix encryption context de initialization in boot_state_clear

de-nordic · de-nordic · commit d391e70a04d2 · 2025-10-29T15:18:47.000Z
Call boot_enc_deinit before memset to 0.

Signed-off-by: Dominik Ermel &lt;dominik.ermel@nordicsemi.no&gt;
diff --git a/boot/bootutil/src/bootutil_misc.c b/boot/bootutil/src/bootutil_misc.c
@@ -647,5 +647,18 @@ const struct image_max_size *boot_get_max_app_size(void)
  */
 void boot_state_clear(struct boot_loader_state *state)
 {
+#if defined(MCUBOOT_ENC_IMAGES)
+    int image;
+    int slot;
+
+    for (image = 0; image < BOOT_IMAGE_NUMBER; ++image) {
+        for (slot = 0; slot < BOOT_NUM_SLOTS; ++slot) {
+            /* Not using boot_enc_zeorize here, as it is redundant
+             * to the memset below that clears entire boot_loader_state.
+             */
+            boot_enc_drop(&state->enc[image][slot]);
+        }
+    }
+#endif
     memset(state, 0, sizeof(struct boot_loader_state));
 }
