WolfSSL
/
wolfBoot
mirror of https://github.com/wolfSSL/wolfBoot.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Fix for `NO_SWAP_EXT=1` with encryption enabled. Peer review fixes.

master
David Garske 2025-06-13 13:17:00 -07:00 committed by Daniele Lacamera
parent bd179ed339
commit b79be86a56
4 changed files with 14 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
include/user_settings.h
View File

@ -118,7 +118,11 @@ extern int tolower(int c);
# if !defined(WOLFBOOT_TPM)
# define NO_ECC_SIGN
# define NO_ECC_DHE
# define WOLFSSL_NO_CT_OPS /* don't use constant time ops in misc.c */
/* For Renesas RX do not enable the misc.c constant time code
* due to issue with 64-bit types */
# if defined(__RX__)
# define WOLFSSL_NO_CT_OPS /* don't use constant time ops in misc.c */
# endif
# if !defined(WOLFBOOT_ENABLE_WOLFHSM_CLIENT)
# define NO_ECC_EXPORT
# define NO_ECC_KEY_EXPORT

6
src/image.c
View File

@ -1565,7 +1565,7 @@ static int update_hash_flash_fwimg(wolfBoot_hash_t* ctx,
{
uint32_t current_offset = offset;
uint32_t remaining_size = size;
uint8_t read_buf[WOLFBOOT_SHA_BLOCK_SIZE] XALIGNED(4); /* Use local buffer*/
uint8_t read_buf[WOLFBOOT_SHA_BLOCK_SIZE] XALIGNED_STACK(4); /* Use local buffer */
while (remaining_size > 0) {
uint32_t read_size = (remaining_size > WOLFBOOT_SHA_BLOCK_SIZE)
@ -1594,7 +1594,7 @@ static int update_hash_flash_fwimg(wolfBoot_hash_t* ctx,
static int update_hash_flash_addr(wolfBoot_hash_t* ctx, uintptr_t addr,
uint32_t size, int src_ext)
{
uint8_t buffer[WOLFBOOT_SHA_BLOCK_SIZE] XALIGNED(4);
uint8_t buffer[WOLFBOOT_SHA_BLOCK_SIZE] XALIGNED_STACK(4);
uint32_t remaining_size = size;
uintptr_t current_addr = addr;
@ -1633,7 +1633,7 @@ int wolfBoot_check_flash_image_elf(uint8_t part, unsigned long* entry_out)
size_t ph_size = 0;
size_t current_ph_offset = 0;
int64_t final_offset = -1;
uint8_t calc_digest[WOLFBOOT_SHA_DIGEST_SIZE] XALIGNED(4);
uint8_t calc_digest[WOLFBOOT_SHA_DIGEST_SIZE] XALIGNED_STACK(4);
uint8_t* exp_digest;
int32_t stored_sha_len;
int i;

6
src/libwolfboot.c
View File

@ -1836,8 +1836,8 @@ int RAMFUNCTION ext_flash_encrypt_write(uintptr_t address, const uint8_t *data,
*/
int RAMFUNCTION ext_flash_decrypt_read(uintptr_t address, uint8_t *data, int len)
{
uint8_t block[ENCRYPT_BLOCK_SIZE] XALIGNED(4);
uint8_t dec_block[ENCRYPT_BLOCK_SIZE] XALIGNED(4);
uint8_t block[ENCRYPT_BLOCK_SIZE] XALIGNED_STACK(4);
uint8_t dec_block[ENCRYPT_BLOCK_SIZE] XALIGNED_STACK(4);
uint32_t row_address = address, row_offset, iv_counter = 0;
int i;
int flash_read_size;
@ -1915,7 +1915,7 @@ int RAMFUNCTION ext_flash_decrypt_read(uintptr_t address, uint8_t *data, int len
unaligned_trailer_size = read_remaining;
if (unaligned_trailer_size > 0)
{
uint8_t dec_block[ENCRYPT_BLOCK_SIZE] XALIGNED(4);
uint8_t dec_block[ENCRYPT_BLOCK_SIZE] XALIGNED_STACK(4);
if (ext_flash_read(address, block, ENCRYPT_BLOCK_SIZE)
!= ENCRYPT_BLOCK_SIZE)
return -1;

6
src/update_flash.c
View File

@ -153,7 +153,7 @@ static int RAMFUNCTION wolfBoot_copy_sector(struct wolfBoot_image *src,
#ifdef EXT_ENCRYPTED
wolfBoot_get_encrypt_key(key, nonce);
if(src->part == PART_SWAP)
if (src->part == PART_SWAP)
iv_counter = dst_sector_offset;
else
iv_counter = src_sector_offset;
@ -172,8 +172,8 @@ static int RAMFUNCTION wolfBoot_copy_sector(struct wolfBoot_image *src,
while (pos < WOLFBOOT_SECTOR_SIZE) {
if (src_sector_offset + pos <
(src->fw_size + IMAGE_HEADER_SIZE + FLASHBUFFER_SIZE)) {
/* bypass decryption, copy encrypted data into swap */
if (dst->part == PART_SWAP) {
/* bypass decryption, copy encrypted data into swap (and its external) */
if (dst->part == PART_SWAP && SWAP_EXT) {
ext_flash_read((uintptr_t)(src->hdr) + src_sector_offset + pos,
(void *)buffer, FLASHBUFFER_SIZE);
} else {