diff --git a/cores/esp8266/Updater.cpp b/cores/esp8266/Updater.cpp index 70d16a55ed..351a57746b 100644 --- a/cores/esp8266/Updater.cpp +++ b/cores/esp8266/Updater.cpp @@ -1,6 +1,7 @@ #include "Updater.h" #include "eboot_command.h" #include +#include "StackThunk.h" //#define DEBUG_UPDATER Serial @@ -40,6 +41,14 @@ UpdaterClass::UpdaterClass() { #if ARDUINO_SIGNING installSignature(&esp8266::updaterSigningHash, &esp8266::updaterSigningVerifier); + stack_thunk_add_ref(); +#endif +} + +UpdaterClass::~UpdaterClass() +{ +#if ARDUINO_SIGNING + stack_thunk_del_ref(); #endif } @@ -199,6 +208,7 @@ bool UpdaterClass::end(bool evenIfRemaining){ #ifdef DEBUG_UPDATER DEBUG_UPDATER.println(F("no update")); #endif + _reset(); return false; } @@ -206,7 +216,6 @@ bool UpdaterClass::end(bool evenIfRemaining){ #ifdef DEBUG_UPDATER DEBUG_UPDATER.printf_P(PSTR("premature end: res:%u, pos:%zu/%zu\n"), getError(), progress(), _size); #endif - _reset(); return false; } @@ -226,6 +235,7 @@ bool UpdaterClass::end(bool evenIfRemaining){ #endif if (sigLen != _verify->length()) { _setError(UPDATE_ERROR_SIGN); + _reset(); return false; } @@ -251,6 +261,7 @@ bool UpdaterClass::end(bool evenIfRemaining){ uint8_t *sig = (uint8_t*)malloc(sigLen); if (!sig) { _setError(UPDATE_ERROR_SIGN); + _reset(); return false; } ESP.flashRead(_startAddress + binSize, (uint32_t *)sig, sigLen); @@ -262,9 +273,12 @@ bool UpdaterClass::end(bool evenIfRemaining){ DEBUG_UPDATER.printf("\n"); #endif if (!_verify->verify(_hash, (void *)sig, sigLen)) { + free(sig); _setError(UPDATE_ERROR_SIGN); + _reset(); return false; } + free(sig); #ifdef DEBUG_UPDATER DEBUG_UPDATER.printf_P(PSTR("[Updater] Signature matches\n")); #endif diff --git a/cores/esp8266/Updater.h b/cores/esp8266/Updater.h index d47c613330..f51edc5b7d 100644 --- a/cores/esp8266/Updater.h +++ b/cores/esp8266/Updater.h @@ -53,6 +53,7 @@ class UpdaterClass { typedef std::function THandlerFunction_Progress; UpdaterClass(); + ~UpdaterClass(); /* Optionally add a cryptographic signature verification hash and method */ void installSignature(UpdaterHashClass *hash, UpdaterVerifyClass *verify) { _hash = hash; _verify = verify; } diff --git a/libraries/ESP8266WiFi/src/BearSSLHelpers.cpp b/libraries/ESP8266WiFi/src/BearSSLHelpers.cpp index ffce2b00e4..f962547797 100644 --- a/libraries/ESP8266WiFi/src/BearSSLHelpers.cpp +++ b/libraries/ESP8266WiFi/src/BearSSLHelpers.cpp @@ -870,9 +870,9 @@ uint32_t SigningVerifier::length() } } -bool SigningVerifier::verify(UpdaterHashClass *hash, const void *signature, uint32_t signatureLen) { - if (!_pubKey || !hash || !signature || signatureLen != length()) return false; - +// We need to use the 2nd stack to do a verification, so do the thunk +// directly inside the class function for ease of use. +extern "C" bool SigningVerifier_verify(PublicKey *_pubKey, UpdaterHashClass *hash, const void *signature, uint32_t signatureLen) { if (_pubKey->isRSA()) { bool ret; unsigned char vrf[hash->len()]; @@ -890,6 +890,20 @@ bool SigningVerifier::verify(UpdaterHashClass *hash, const void *signature, uint } }; +#if !CORE_MOCK +make_stack_thunk(SigningVerifier_verify); +extern "C" bool thunk_SigningVerifier_verify(PublicKey *_pubKey, UpdaterHashClass *hash, const void *signature, uint32_t signatureLen); +#endif + +bool SigningVerifier::verify(UpdaterHashClass *hash, const void *signature, uint32_t signatureLen) { + if (!_pubKey || !hash || !signature || signatureLen != length()) return false; +#if !CORE_MOCK + return thunk_SigningVerifier_verify(_pubKey, hash, signature, signatureLen); +#else + return SigningVerifier_verify(_pubKey, hash, signature, signatureLen); +#endif +} + #if !CORE_MOCK // Second stack thunked helpers