From b79be86a56e8afa7ad76fa2346443b41e30ed92d Mon Sep 17 00:00:00 2001
From: David Garske <david@wolfssl.com>
Date: Fri, 13 Jun 2025 13:17:00 -0700
Subject: [PATCH] Fix for `NO_SWAP_EXT=1` with encryption enabled. Peer review
 fixes.

---
 include/user_settings.h | 6 +++++-
 src/image.c             | 6 +++---
 src/libwolfboot.c       | 6 +++---
 src/update_flash.c      | 6 +++---
 4 files changed, 14 insertions(+), 10 deletions(-)

diff --git a/include/user_settings.h b/include/user_settings.h
index 298ee985..61b5cfab 100644
--- a/include/user_settings.h
+++ b/include/user_settings.h
@@ -118,7 +118,11 @@ extern int tolower(int c);
 #       if !defined(WOLFBOOT_TPM)
 #          define NO_ECC_SIGN
 #          define NO_ECC_DHE
-#          define WOLFSSL_NO_CT_OPS /* don't use constant time ops in misc.c */
+           /* For Renesas RX do not enable the misc.c constant time code
+            * due to issue with 64-bit types */
+#          if defined(__RX__)
+#              define WOLFSSL_NO_CT_OPS /* don't use constant time ops in misc.c */
+#          endif
 #          if !defined(WOLFBOOT_ENABLE_WOLFHSM_CLIENT)
 #              define NO_ECC_EXPORT
 #              define NO_ECC_KEY_EXPORT
diff --git a/src/image.c b/src/image.c
index e952cf07..ccb69158 100644
--- a/src/image.c
+++ b/src/image.c
@@ -1565,7 +1565,7 @@ static int update_hash_flash_fwimg(wolfBoot_hash_t*       ctx,
 {
     uint32_t current_offset = offset;
     uint32_t remaining_size = size;
-    uint8_t read_buf[WOLFBOOT_SHA_BLOCK_SIZE] XALIGNED(4); /* Use local buffer*/
+    uint8_t read_buf[WOLFBOOT_SHA_BLOCK_SIZE] XALIGNED_STACK(4); /* Use local buffer */
 
     while (remaining_size > 0) {
         uint32_t read_size = (remaining_size > WOLFBOOT_SHA_BLOCK_SIZE)
@@ -1594,7 +1594,7 @@ static int update_hash_flash_fwimg(wolfBoot_hash_t*       ctx,
 static int update_hash_flash_addr(wolfBoot_hash_t* ctx, uintptr_t addr,
                                   uint32_t size, int src_ext)
 {
-    uint8_t   buffer[WOLFBOOT_SHA_BLOCK_SIZE] XALIGNED(4);
+    uint8_t   buffer[WOLFBOOT_SHA_BLOCK_SIZE] XALIGNED_STACK(4);
     uint32_t  remaining_size = size;
     uintptr_t current_addr   = addr;
 
@@ -1633,7 +1633,7 @@ int wolfBoot_check_flash_image_elf(uint8_t part, unsigned long* entry_out)
     size_t                ph_size           = 0;
     size_t                current_ph_offset = 0;
     int64_t               final_offset      = -1;
-    uint8_t               calc_digest[WOLFBOOT_SHA_DIGEST_SIZE] XALIGNED(4);
+    uint8_t               calc_digest[WOLFBOOT_SHA_DIGEST_SIZE] XALIGNED_STACK(4);
     uint8_t*              exp_digest;
     int32_t               stored_sha_len;
     int                   i;
diff --git a/src/libwolfboot.c b/src/libwolfboot.c
index c7ad8bfa..01e08706 100644
--- a/src/libwolfboot.c
+++ b/src/libwolfboot.c
@@ -1836,8 +1836,8 @@ int RAMFUNCTION ext_flash_encrypt_write(uintptr_t address, const uint8_t *data,
  */
 int RAMFUNCTION ext_flash_decrypt_read(uintptr_t address, uint8_t *data, int len)
 {
-    uint8_t  block[ENCRYPT_BLOCK_SIZE] XALIGNED(4);
-    uint8_t  dec_block[ENCRYPT_BLOCK_SIZE] XALIGNED(4);
+    uint8_t  block[ENCRYPT_BLOCK_SIZE] XALIGNED_STACK(4);
+    uint8_t  dec_block[ENCRYPT_BLOCK_SIZE] XALIGNED_STACK(4);
     uint32_t row_address = address, row_offset, iv_counter = 0;
     int i;
     int flash_read_size;
@@ -1915,7 +1915,7 @@ int RAMFUNCTION ext_flash_decrypt_read(uintptr_t address, uint8_t *data, int len
     unaligned_trailer_size = read_remaining;
     if (unaligned_trailer_size > 0)
     {
-        uint8_t dec_block[ENCRYPT_BLOCK_SIZE] XALIGNED(4);
+        uint8_t dec_block[ENCRYPT_BLOCK_SIZE] XALIGNED_STACK(4);
         if (ext_flash_read(address, block, ENCRYPT_BLOCK_SIZE)
                 != ENCRYPT_BLOCK_SIZE)
             return -1;
diff --git a/src/update_flash.c b/src/update_flash.c
index 13489757..500b2b00 100644
--- a/src/update_flash.c
+++ b/src/update_flash.c
@@ -153,7 +153,7 @@ static int RAMFUNCTION wolfBoot_copy_sector(struct wolfBoot_image *src,
 
 #ifdef EXT_ENCRYPTED
     wolfBoot_get_encrypt_key(key, nonce);
-    if(src->part == PART_SWAP)
+    if (src->part == PART_SWAP)
         iv_counter = dst_sector_offset;
     else
         iv_counter = src_sector_offset;
@@ -172,8 +172,8 @@ static int RAMFUNCTION wolfBoot_copy_sector(struct wolfBoot_image *src,
         while (pos < WOLFBOOT_SECTOR_SIZE)  {
           if (src_sector_offset + pos <
               (src->fw_size + IMAGE_HEADER_SIZE + FLASHBUFFER_SIZE)) {
-              /* bypass decryption, copy encrypted data into swap */
-              if (dst->part == PART_SWAP) {
+              /* bypass decryption, copy encrypted data into swap (and its external) */
+              if (dst->part == PART_SWAP && SWAP_EXT) {
                   ext_flash_read((uintptr_t)(src->hdr) + src_sector_offset + pos,
                                  (void *)buffer, FLASHBUFFER_SIZE);
               } else {