Remove/ForceZeor secrets from stack after use

danielinux · danielinux · commit e4b12e4a9753 · 2026-03-09T11:16:17.000+01:00
F/445
diff --git a/src/update_flash.c b/src/update_flash.c
@@ -224,6 +224,7 @@ void RAMFUNCTION wolfBoot_check_self_update(void)
 static int RAMFUNCTION wolfBoot_copy_sector(struct wolfBoot_image *src,
     struct wolfBoot_image *dst, uint32_t sector)
 {
+    int ret = 0;
     uint32_t pos = 0;
     uint32_t src_sector_offset = (sector * WOLFBOOT_SECTOR_SIZE);
     uint32_t dst_sector_offset = src_sector_offset;
@@ -245,8 +246,10 @@ static int RAMFUNCTION wolfBoot_copy_sector(struct wolfBoot_image *src,
         dst_sector_offset = 0;
 
 #ifdef EXT_ENCRYPTED
-    if (wolfBoot_initialize_encryption() < 0)
-        return -1;
+    if (wolfBoot_initialize_encryption() < 0) {
+        ret = -1;
+        goto out;
+    }
 
     wolfBoot_get_encrypt_key(key, nonce);
     if (src->part == PART_SWAP)
@@ -286,7 +289,8 @@ static int RAMFUNCTION wolfBoot_copy_sector(struct wolfBoot_image *src,
             }
             pos += FLASHBUFFER_SIZE;
         }
-        return pos;
+        ret = pos;
+        goto out;
     }
 #endif
     wb_flash_erase(dst, dst_sector_offset, WOLFBOOT_SECTOR_SIZE);
@@ -298,12 +302,19 @@ static int RAMFUNCTION wolfBoot_copy_sector(struct wolfBoot_image *src,
         }
         pos += FLASHBUFFER_SIZE;
     }
-    return pos;
+    ret = pos;
+out:
+#ifdef EXT_ENCRYPTED
+    ForceZero(key, sizeof(key));
+    ForceZero(nonce, sizeof(nonce));
+#endif
+    return ret;
 }
 
 #ifdef EXT_ENCRYPTED
 static int RAMFUNCTION wolfBoot_backup_last_boot_sector(uint32_t sector)
 {
+    int ret = 0;
     uint32_t pos = 0;
     uint32_t src_sector_offset = (sector * WOLFBOOT_SECTOR_SIZE);
     uint32_t dst_sector_offset = 0;
@@ -325,8 +336,10 @@ static int RAMFUNCTION wolfBoot_backup_last_boot_sector(uint32_t sector)
 
     iv_counter = src_sector_offset;
     iv_counter /= ENCRYPT_BLOCK_SIZE;
-    if (wolfBoot_initialize_encryption() < 0)
-        return -1;
+    if (wolfBoot_initialize_encryption() < 0) {
+        ret = -1;
+        goto out;
+    }
     /*
      * Preserve the IV sequence used by the source sector so that the staging
      * copy in SWAP can be decrypted with exactly the same keystream when it is
@@ -345,9 +358,14 @@ static int RAMFUNCTION wolfBoot_backup_last_boot_sector(uint32_t sector)
             wb_flash_write(dst, dst_sector_offset + pos, encrypted_block, ENCRYPT_BLOCK_SIZE);
             pos += ENCRYPT_BLOCK_SIZE;
         }
-        return 0;
-    } else
-        return wolfBoot_copy_sector(src, dst, sector);
+        ret = 0;
+    } else {
+        ret = wolfBoot_copy_sector(src, dst, sector);
+    }
+out:
+    ForceZero(key, sizeof(key));
+    ForceZero(nonce, sizeof(nonce));
+    return ret;
 }
 #else
 #define wolfBoot_backup_last_boot_sector(sec) wolfBoot_copy_sector(boot, swap, sec)
@@ -701,6 +719,10 @@ static int wolfBoot_delta_update(struct wolfBoot_image *boot,
         sector++;
     }
 out:
+#ifdef EXT_ENCRYPTED
+    ForceZero(key, sizeof(key));
+    ForceZero(nonce, sizeof(nonce));
+#endif
 #ifdef EXT_FLASH
     ext_flash_lock();
 #endif
