From 999e1b9f99539636416035ed74ddb53b3a4be9fa Mon Sep 17 00:00:00 2001 From: JacobBarthelmeh Date: Tue, 12 May 2026 10:44:21 -0600 Subject: [PATCH 01/10] In NXP DCP port clear key buffer after use --- wolfcrypt/src/port/nxp/dcp_port.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/wolfcrypt/src/port/nxp/dcp_port.c b/wolfcrypt/src/port/nxp/dcp_port.c index 92091af2cf1..7162be509a8 100644 --- a/wolfcrypt/src/port/nxp/dcp_port.c +++ b/wolfcrypt/src/port/nxp/dcp_port.c @@ -205,14 +205,16 @@ int DCPAesInit(Aes *aes) return 0; } +static unsigned char aes_key_aligned[16] __attribute__((aligned(0x10))); + void DCPAesFree(Aes *aes) { + ForceZero(aes_key_aligned, sizeof(aes_key_aligned)); dcp_free(aes->handle.channel); aes->handle.channel = 0; } -static unsigned char aes_key_aligned[16] __attribute__((aligned(0x10))); int DCPAesSetKey(Aes* aes, const byte* key, word32 len, const byte* iv, int dir) { @@ -231,8 +233,9 @@ int DCPAesSetKey(Aes* aes, const byte* key, word32 len, const byte* iv, return WC_HW_E; } dcp_lock(); - memcpy(aes_key_aligned, key, 16); + XMEMCPY(aes_key_aligned, key, 16); status = DCP_AES_SetKey(DCP, &aes->handle, aes_key_aligned, 16); + ForceZero(aes_key_aligned, sizeof(aes_key_aligned)); if (status != kStatus_Success) status = WC_HW_E; else { From a04b68243cc04b328ebe148fb3142b8b0773861d Mon Sep 17 00:00:00 2001 From: JacobBarthelmeh Date: Tue, 12 May 2026 10:47:42 -0600 Subject: [PATCH 02/10] clear public/private key buffer after use in tropicsquare port --- wolfcrypt/src/port/tropicsquare/tropic01.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/wolfcrypt/src/port/tropicsquare/tropic01.c b/wolfcrypt/src/port/tropicsquare/tropic01.c index 8fa96906b41..7915711d4a2 100644 --- a/wolfcrypt/src/port/tropicsquare/tropic01.c +++ b/wolfcrypt/src/port/tropicsquare/tropic01.c @@ -546,6 +546,9 @@ int Tropic01_Deinit(void) WOLFSSL_MSG("TROPIC01: Crypto device deinitialized successfully"); } + ForceZero(sh0priv, sizeof(sh0priv)); + ForceZero(sh0pub, sizeof(sh0pub)); + return 0; } From df5311c92324a27f3a63ac03ac59049697032975 Mon Sep 17 00:00:00 2001 From: JacobBarthelmeh Date: Tue, 12 May 2026 10:55:50 -0600 Subject: [PATCH 03/10] align blake2 load/store helpers with store64's alignment guard --- wolfssl/wolfcrypt/blake2-impl.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/wolfssl/wolfcrypt/blake2-impl.h b/wolfssl/wolfcrypt/blake2-impl.h index 68f9c8ff8b8..21b8e3fc5c4 100644 --- a/wolfssl/wolfcrypt/blake2-impl.h +++ b/wolfssl/wolfcrypt/blake2-impl.h @@ -40,7 +40,7 @@ static WC_INLINE word32 load32( const void *src ) { -#if defined(LITTLE_ENDIAN_ORDER) +#if defined(LITTLE_ENDIAN_ORDER) && !defined(WOLFSSL_GENERAL_ALIGNMENT) return *( const word32 * )( src ); #else const byte *p = ( const byte * )src; @@ -54,7 +54,7 @@ static WC_INLINE word32 load32( const void *src ) static WC_INLINE word64 load64( const void *src ) { -#if defined(LITTLE_ENDIAN_ORDER) +#if defined(LITTLE_ENDIAN_ORDER) && !defined(WOLFSSL_GENERAL_ALIGNMENT) return *( const word64 * )( src ); #else const byte *p = ( const byte * )src; @@ -72,7 +72,7 @@ static WC_INLINE word64 load64( const void *src ) static WC_INLINE void store32( void *dst, word32 w ) { -#if defined(LITTLE_ENDIAN_ORDER) +#if defined(LITTLE_ENDIAN_ORDER) && !defined(WOLFSSL_GENERAL_ALIGNMENT) *( word32 * )( dst ) = w; #else byte *p = ( byte * )dst; From 35f61aaa66f343b9eb17a511b2a170abd3d00aba Mon Sep 17 00:00:00 2001 From: JacobBarthelmeh Date: Tue, 12 May 2026 11:30:38 -0600 Subject: [PATCH 04/10] explicit cast to word16 before shift with RC2 --- wolfcrypt/src/rc2.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/wolfcrypt/src/rc2.c b/wolfcrypt/src/rc2.c index dde4b673306..3fd9ecbbac1 100644 --- a/wolfcrypt/src/rc2.c +++ b/wolfcrypt/src/rc2.c @@ -171,10 +171,10 @@ int wc_Rc2EcbEncrypt(Rc2* rc2, byte* out, const byte* in, word32 sz) return BUFFER_E; } - r10 = (in[1] << 8) | in[0]; /* R[0] */ - r32 = (in[3] << 8) | in[2]; /* R[1] */ - r54 = (in[5] << 8) | in[4]; /* R[2] */ - r76 = (in[7] << 8) | in[6]; /* R[3] */ + r10 = (word16)((word16)in[1] << 8) | in[0]; /* R[0] */ + r32 = (word16)((word16)in[3] << 8) | in[2]; /* R[1] */ + r54 = (word16)((word16)in[5] << 8) | in[4]; /* R[2] */ + r76 = (word16)((word16)in[7] << 8) | in[6]; /* R[3] */ for (i = 0; i < 16; i++) { j = i * 4; @@ -236,10 +236,10 @@ int wc_Rc2EcbDecrypt(Rc2* rc2, byte* out, const byte* in, word32 sz) return BUFFER_E; } - r0 = (in[1] << 8) | in[0]; - r1 = (in[3] << 8) | in[2]; - r2 = (in[5] << 8) | in[4]; - r3 = (in[7] << 8) | in[6]; + r0 = (word16)((word16)in[1] << 8) | in[0]; + r1 = (word16)((word16)in[3] << 8) | in[2]; + r2 = (word16)((word16)in[5] << 8) | in[4]; + r3 = (word16)((word16)in[7] << 8) | in[6]; for (i = 16; i > 0; i--) { j = 4*i - 1; From f7d595eec48f1d09c2989dcfe8171c30fda13907 Mon Sep 17 00:00:00 2001 From: JacobBarthelmeh Date: Wed, 20 May 2026 00:51:09 -0700 Subject: [PATCH 05/10] fix for Renesas RX64 GetHash on initial state --- .../src/port/Renesas/renesas_rx64_hw_sha.c | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/wolfcrypt/src/port/Renesas/renesas_rx64_hw_sha.c b/wolfcrypt/src/port/Renesas/renesas_rx64_hw_sha.c index 4f3c045692e..1a8bc2e2d29 100644 --- a/wolfcrypt/src/port/Renesas/renesas_rx64_hw_sha.c +++ b/wolfcrypt/src/port/Renesas/renesas_rx64_hw_sha.c @@ -318,6 +318,23 @@ static int RX64_HashGet(wolfssl_RX64_HW_Hash* hash, byte* out) return BAD_FUNC_ARG; } + /* RX64 HW SHA rejects empty input; return the documented empty-message + * digest instead. This matches the special case in RX64_HashFinal so + * callers like wc_Sha256GetHash on a freshly-initialised state succeed. */ + if ((hash->msg == NULL) && (hash->len == 0) && (hash->used == 0)) + { + if (hash->sha_type == RX64_SHA1) { + XMEMCPY(out, DefaultShaHashData, sizeof(DefaultShaHashData)); + } + else if (hash->sha_type == RX64_SHA224) { + XMEMCPY(out, DefaultSha224HashData, sizeof(DefaultSha224HashData)); + } + else if (hash->sha_type == RX64_SHA256) { + XMEMCPY(out, DefaultSha256HashData, sizeof(DefaultSha256HashData)); + } + return 0; + } + ret = RX64_ShaCalc(hash->msg, hash->len, out, hash->sha_type); if (ret != R_PROCESS_COMPLETE) { return ret; From 2a05c13db856a44537140f91515c355b8e001a8f Mon Sep 17 00:00:00 2001 From: JacobBarthelmeh Date: Wed, 20 May 2026 01:00:19 -0700 Subject: [PATCH 06/10] fix to use correct struct size for devcrypto memset --- wolfcrypt/src/port/devcrypto/wc_devcrypto.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wolfcrypt/src/port/devcrypto/wc_devcrypto.c b/wolfcrypt/src/port/devcrypto/wc_devcrypto.c index 9a939157b4f..e6d82dab4e6 100644 --- a/wolfcrypt/src/port/devcrypto/wc_devcrypto.c +++ b/wolfcrypt/src/port/devcrypto/wc_devcrypto.c @@ -234,7 +234,7 @@ void wc_SetupCryptAead(struct crypt_auth_op* crt, WC_CRYPTODEV* dev, byte* src, word32 srcSz, byte* dst, byte* iv, word32 ivSz, int flag, byte* authIn, word32 authInSz, byte* authTag, word32 authTagSz) { - XMEMSET(crt, 0, sizeof(struct crypt_op)); + XMEMSET(crt, 0, sizeof(struct crypt_auth_op)); crt->ses = dev->sess.ses; crt->src = src; crt->len = srcSz; From 26bce72776e841c33b47d3ea070d7f7c5d177942 Mon Sep 17 00:00:00 2001 From: JacobBarthelmeh Date: Wed, 20 May 2026 01:19:10 -0700 Subject: [PATCH 07/10] fix for devcrypto RSA size used --- wolfcrypt/src/port/devcrypto/devcrypto_rsa.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/wolfcrypt/src/port/devcrypto/devcrypto_rsa.c b/wolfcrypt/src/port/devcrypto/devcrypto_rsa.c index 9d7682d416a..4d118f80da8 100644 --- a/wolfcrypt/src/port/devcrypto/devcrypto_rsa.c +++ b/wolfcrypt/src/port/devcrypto/devcrypto_rsa.c @@ -89,11 +89,11 @@ static void wc_SetupRsaPrivate(struct crypt_kop* kop, WC_CRYPTODEV* dev, if (dpSz == 0 || dqSz == 0) { kop->crk_param[inIdx].crp_p = n; - kop->crk_param[inIdx].crp_nbits = dSz * WOLFSSL_BIT_SIZE; + kop->crk_param[inIdx].crp_nbits = nSz * WOLFSSL_BIT_SIZE; inIdx++; kop->crk_param[inIdx].crp_p = d; - kop->crk_param[inIdx].crp_nbits = nSz * WOLFSSL_BIT_SIZE; + kop->crk_param[inIdx].crp_nbits = dSz * WOLFSSL_BIT_SIZE; inIdx++; } else { From 51698759fa9ea47759e4ecf67ee13188345c3ef9 Mon Sep 17 00:00:00 2001 From: JacobBarthelmeh Date: Wed, 20 May 2026 01:29:34 -0700 Subject: [PATCH 08/10] 0 memset kop in devcrypto before use --- wolfcrypt/src/port/devcrypto/devcrypto_ecdsa.c | 1 + 1 file changed, 1 insertion(+) diff --git a/wolfcrypt/src/port/devcrypto/devcrypto_ecdsa.c b/wolfcrypt/src/port/devcrypto/devcrypto_ecdsa.c index 4ae7de01e62..da5fea3aa42 100644 --- a/wolfcrypt/src/port/devcrypto/devcrypto_ecdsa.c +++ b/wolfcrypt/src/port/devcrypto/devcrypto_ecdsa.c @@ -64,6 +64,7 @@ int wc_DevCryptoEccKeyGen(int curveId, int enc, byte* pri, word32 priSz, } if (ret == 0) { + XMEMSET(&kop, 0, sizeof(kop)); kop.crk_op = CRK_ECC_KEYGEN; kop.ses = ctx.sess.ses; kop.crk_flags = ecdsel; From 3c8bdaafc3aa4910e2f7f47d38afec8142628704 Mon Sep 17 00:00:00 2001 From: JacobBarthelmeh Date: Wed, 20 May 2026 01:33:52 -0700 Subject: [PATCH 09/10] use ENOMEM return instead of MEMORY_E --- linuxkm/lkcapi_aes_glue.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/linuxkm/lkcapi_aes_glue.c b/linuxkm/lkcapi_aes_glue.c index 78f5d0842b0..574c7d20de0 100644 --- a/linuxkm/lkcapi_aes_glue.c +++ b/linuxkm/lkcapi_aes_glue.c @@ -408,7 +408,7 @@ static int km_AesInitCommon( if (! ctx->aes_decrypt_C) { pr_err("%s: allocation of %zu bytes for decryption key failed.\n", name, sizeof(*ctx->aes_decrypt_C)); - err = -MEMORY_E; + err = -ENOMEM; goto out; } From 0073f3c8794e66c59eecafca2218703c10a68b68 Mon Sep 17 00:00:00 2001 From: JacobBarthelmeh Date: Thu, 21 May 2026 09:34:28 -0700 Subject: [PATCH 10/10] dcp unlock added around aes forcezero, adjust align macro check --- wolfcrypt/src/port/nxp/dcp_port.c | 8 ++++++++ wolfssl/wolfcrypt/blake2-impl.h | 12 ++++++++---- 2 files changed, 16 insertions(+), 4 deletions(-) diff --git a/wolfcrypt/src/port/nxp/dcp_port.c b/wolfcrypt/src/port/nxp/dcp_port.c index 7162be509a8..eed9e8297f7 100644 --- a/wolfcrypt/src/port/nxp/dcp_port.c +++ b/wolfcrypt/src/port/nxp/dcp_port.c @@ -31,6 +31,12 @@ #include #include #include +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif #if defined(__DCACHE_PRESENT) && (__DCACHE_PRESENT == 1U) && defined(DCP_USE_DCACHE) && (DCP_USE_DCACHE == 1U) #error "DCACHE not supported by this driver. Please undefine DCP_USE_DCACHE." @@ -209,7 +215,9 @@ static unsigned char aes_key_aligned[16] __attribute__((aligned(0x10))); void DCPAesFree(Aes *aes) { + dcp_lock(); ForceZero(aes_key_aligned, sizeof(aes_key_aligned)); + dcp_unlock(); dcp_free(aes->handle.channel); aes->handle.channel = 0; } diff --git a/wolfssl/wolfcrypt/blake2-impl.h b/wolfssl/wolfcrypt/blake2-impl.h index 21b8e3fc5c4..63fd8eef59b 100644 --- a/wolfssl/wolfcrypt/blake2-impl.h +++ b/wolfssl/wolfcrypt/blake2-impl.h @@ -40,7 +40,8 @@ static WC_INLINE word32 load32( const void *src ) { -#if defined(LITTLE_ENDIAN_ORDER) && !defined(WOLFSSL_GENERAL_ALIGNMENT) +#if defined(LITTLE_ENDIAN_ORDER) && \ + (!defined(WOLFSSL_GENERAL_ALIGNMENT) || (WOLFSSL_GENERAL_ALIGNMENT == 0)) return *( const word32 * )( src ); #else const byte *p = ( const byte * )src; @@ -54,7 +55,8 @@ static WC_INLINE word32 load32( const void *src ) static WC_INLINE word64 load64( const void *src ) { -#if defined(LITTLE_ENDIAN_ORDER) && !defined(WOLFSSL_GENERAL_ALIGNMENT) +#if defined(LITTLE_ENDIAN_ORDER) && \ + (!defined(WOLFSSL_GENERAL_ALIGNMENT) || (WOLFSSL_GENERAL_ALIGNMENT == 0)) return *( const word64 * )( src ); #else const byte *p = ( const byte * )src; @@ -72,7 +74,8 @@ static WC_INLINE word64 load64( const void *src ) static WC_INLINE void store32( void *dst, word32 w ) { -#if defined(LITTLE_ENDIAN_ORDER) && !defined(WOLFSSL_GENERAL_ALIGNMENT) +#if defined(LITTLE_ENDIAN_ORDER) && \ + (!defined(WOLFSSL_GENERAL_ALIGNMENT) || (WOLFSSL_GENERAL_ALIGNMENT == 0)) *( word32 * )( dst ) = w; #else byte *p = ( byte * )dst; @@ -85,7 +88,8 @@ static WC_INLINE void store32( void *dst, word32 w ) static WC_INLINE void store64( void *dst, word64 w ) { -#if defined(LITTLE_ENDIAN_ORDER) && !defined(WOLFSSL_GENERAL_ALIGNMENT) +#if defined(LITTLE_ENDIAN_ORDER) && \ + (!defined(WOLFSSL_GENERAL_ALIGNMENT) || (WOLFSSL_GENERAL_ALIGNMENT == 0)) *( word64 * )( dst ) = w; #else byte *p = ( byte * )dst;