From 34c9f6774cbfa8825fb15d84002fbf1ce2bd580f Mon Sep 17 00:00:00 2001
From: Daniele Lacamera <root@danielinux.net>
Date: Mon, 28 Oct 2024 12:18:06 +0100
Subject: [PATCH] Fixed sign tool SHA384 alignment

---
 tools/keytools/sign.c | 17 ++++++++++++-----
 1 file changed, 12 insertions(+), 5 deletions(-)

diff --git a/tools/keytools/sign.c b/tools/keytools/sign.c
index d862e50c5..47251c1cb 100644
--- a/tools/keytools/sign.c
+++ b/tools/keytools/sign.c
@@ -1249,7 +1249,7 @@ static int make_header_ex(int is_diff, uint8_t *pubkey, uint32_t pubkey_sz,
     {
     #ifndef NO_SHA384
         wc_Sha384 sha;
-        digest_sz = HDR_SHA384_LEN;
+        digest_sz = SHA384_DIGEST_SIZE;
         ALIGN_8(header_idx);
         printf("Calculating SHA384 digest...\n");
         /* pubkey hash calculation */
@@ -1259,16 +1259,17 @@ static int make_header_ex(int is_diff, uint8_t *pubkey, uint32_t pubkey_sz,
             if (ret == 0) {
                 wc_Sha384Final(&sha, buf);
                 /* Add Pubkey Hash to header */
+                ALIGN_8(header_idx);
                 header_append_tag(header, &header_idx, HDR_PUBKEY, digest_sz, buf);
     #ifdef DEBUG_SIGNTOOL
                 printf("Pubkey hash %d\n", digest_sz);
                 WOLFSSL_BUFFER(buf, digest_sz);
     #endif
+                ALIGN_8(header_idx);
             }
             wc_Sha384Free(&sha);
         }
         if (ret == 0 && CMD.hybrid && secondary_key_sz > 0) {
-            ALIGN_8(header_idx);
             ret = wc_InitSha384_ex(&sha, NULL, INVALID_DEVID);
             if (ret == 0) {
                 ret = wc_Sha384Update(&sha, secondary_key, secondary_key_sz);
@@ -1282,6 +1283,7 @@ static int make_header_ex(int is_diff, uint8_t *pubkey, uint32_t pubkey_sz,
                     printf("Secondary pubkey hash %d\n", digest_sz);
                     WOLFSSL_BUFFER(second_buf, digest_sz);
     #endif
+                    ALIGN_8(header_idx);
                 }
                 wc_Sha384Free(&sha);
             }
@@ -1308,8 +1310,10 @@ static int make_header_ex(int is_diff, uint8_t *pubkey, uint32_t pubkey_sz,
                 pos += read_sz;
             }
             fclose(f);
-            if (ret == 0)
+            if (ret == 0) {
                 wc_Sha384Final(&sha, digest);
+                digest_sz = HDR_SHA384_LEN;
+            }
             wc_Sha384Free(&sha);
         }
     #endif
@@ -1329,6 +1333,7 @@ static int make_header_ex(int is_diff, uint8_t *pubkey, uint32_t pubkey_sz,
                 printf("Pubkey hash %d\n", digest_sz);
                 WOLFSSL_BUFFER(buf, digest_sz);
     #endif
+            ALIGN_8(header_idx);
             }
             wc_Sha3_384_Free(&sha);
         }
@@ -1346,6 +1351,7 @@ static int make_header_ex(int is_diff, uint8_t *pubkey, uint32_t pubkey_sz,
                     printf("Secondary pubkey hash %d\n", digest_sz);
                     WOLFSSL_BUFFER(second_buf, digest_sz);
 #endif
+                    ALIGN_8(header_idx);
                 }
                 wc_Sha3_384_Free(&sha);
             }
@@ -1375,8 +1381,10 @@ static int make_header_ex(int is_diff, uint8_t *pubkey, uint32_t pubkey_sz,
                 pos += read_sz;
             }
             fclose(f);
-            if (ret == 0)
+            if (ret == 0) {
                 ret = wc_Sha3_384_Final(&sha, digest);
+                digest_sz = HDR_SHA3_384_LEN;
+            }
             wc_Sha3_384_Free(&sha);
         }
 
@@ -1392,7 +1400,6 @@ static int make_header_ex(int is_diff, uint8_t *pubkey, uint32_t pubkey_sz,
 #endif
 
     /* Add image hash to header */
-    ALIGN_8(header_idx);
     header_append_tag(header, &header_idx, CMD.hash_algo, digest_sz, digest);
     if (CMD.sign != NO_SIGN) {
         /* If hash only, then save digest and exit */