secure boot v2: Fix crash if signature verification fails in app

sha_handle is "finished" when verify_secure_boot_signature() returns and should be nulled out. Alternative version of fix submitted in https://github.com/espressif/esp-idf/pull/6210 Closes https://github.com/espressif/esp-idf/pull/6210 Signed-off-by: Angus Gratton <angus@espressif.com>
2020-12-31 18:14:50 +11:00 · 2020-12-31 18:14:50 +11:00 · a8837aa378
commit a8837aa378
--- a/components/bootloader_support/src/esp_image_format.c
+++ b/components/bootloader_support/src/esp_image_format.c
@ -235,6 +235,7 @@ static esp_err_t image_load(esp_image_load_mode_t mode, const esp_partition_pos_
            if (true) {
 #endif // end checking for JTAG
                err = verify_secure_boot_signature(sha_handle, data, image_digest, verified_digest);
+                sha_handle = NULL; // verify_secure_boot_signature finishes sha_handle
            }
 #else // SECURE_BOOT_CHECK_SIGNATURE
            // No secure boot, but SHA-256 can be appended for basic corruption detection