From e1a31db70831324d117d92e39820fb085add6f38 Mon Sep 17 00:00:00 2001
From: Paul Adelsbach <paul.adelsbach@wolfssl.com>
Date: Tue, 21 Apr 2026 19:49:38 -0700
Subject: [PATCH] Ensure DMA READ_POST occurs in error cases in imgmgr

---
 src/wh_server_img_mgr.c | 62 ++++++++++++++++++++++-------------------
 1 file changed, 33 insertions(+), 29 deletions(-)

diff --git a/src/wh_server_img_mgr.c b/src/wh_server_img_mgr.c
index 250ea79e7..865f60ca2 100644
--- a/src/wh_server_img_mgr.c
+++ b/src/wh_server_img_mgr.c
@@ -240,6 +240,17 @@ int wh_Server_ImgMgrVerifyMethodEccWithSha256(whServerImgMgrContext*   context,
     /* Hash the image data from server pointer using one-shot API */
     ret = wc_Sha256Hash_ex((const uint8_t*)serverPtr, (word32)img->size, hash,
                            NULL, server->devId);
+
+    /* Always release the DMA mapping to avoid leaking READ_PRE-allocated
+     * resources, even when the hash failed. Preserve the original error. */
+    {
+        int dmaRet = wh_Server_DmaProcessClientAddress(
+            server, img->addr, &serverPtr, img->size,
+            WH_DMA_OPER_CLIENT_READ_POST, (whServerDmaFlags){0});
+        if (ret == 0) {
+            ret = dmaRet;
+        }
+    }
 #else
     /* Hash the image data using one-shot API */
     ret = wc_Sha256Hash_ex((const uint8_t*)img->addr, (word32)img->size, hash,
@@ -250,16 +261,6 @@ int wh_Server_ImgMgrVerifyMethodEccWithSha256(whServerImgMgrContext*   context,
         return ret;
     }
 
-#ifdef WOLFHSM_CFG_DMA
-    ret = wh_Server_DmaProcessClientAddress(
-        server, img->addr, &serverPtr, img->size, WH_DMA_OPER_CLIENT_READ_POST,
-        (whServerDmaFlags){0});
-    if (ret != WH_ERROR_OK) {
-        wc_ecc_free(&eccKey);
-        return ret;
-    }
-#endif
-
     /* Verify the signature */
     ret = wc_ecc_verify_hash(sig, (word32)sigSz, hash, sizeof(hash),
                              &verifyResult, &eccKey);
@@ -320,6 +321,17 @@ int wh_Server_ImgMgrVerifyMethodAesCmac(whServerImgMgrContext*   context,
     ret = wc_AesCmacVerify_ex(&cmac, sig, (word32)sigSz, (const byte*)serverPtr,
                               (word32)img->size, key, (word32)keySz, NULL,
                               server->devId);
+
+    /* Always release the DMA mapping to avoid leaking READ_PRE-allocated
+     * resources, even when the verify failed. Preserve the original error. */
+    {
+        int dmaRet = wh_Server_DmaProcessClientAddress(
+            server, img->addr, &serverPtr, img->size,
+            WH_DMA_OPER_CLIENT_READ_POST, (whServerDmaFlags){0});
+        if (ret == 0) {
+            ret = dmaRet;
+        }
+    }
 #else
     ret = wc_AesCmacVerify_ex(&cmac, sig, (word32)sigSz, (const byte*)img->addr,
                               (word32)img->size, key, (word32)keySz, NULL,
@@ -329,15 +341,6 @@ int wh_Server_ImgMgrVerifyMethodAesCmac(whServerImgMgrContext*   context,
         return ret;
     }
 
-#ifdef WOLFHSM_CFG_DMA
-    ret = wh_Server_DmaProcessClientAddress(
-        server, img->addr, &serverPtr, img->size, WH_DMA_OPER_CLIENT_READ_POST,
-        (whServerDmaFlags){0});
-    if (ret != WH_ERROR_OK) {
-        return ret;
-    }
-#endif
-
     return WH_ERROR_OK; /* CMAC verification succeeded */
 }
 #endif /* WOLFSSL_CMAC */
@@ -390,6 +393,17 @@ int wh_Server_ImgMgrVerifyMethodRsaSslWithSha256(
     /* Hash the image data from server pointer using one-shot API */
     ret = wc_Sha256Hash_ex((const uint8_t*)serverPtr, (word32)img->size, hash,
                            NULL, server->devId);
+
+    /* Always release the DMA mapping to avoid leaking READ_PRE-allocated
+     * resources, even when the hash failed. Preserve the original error. */
+    {
+        int dmaRet = wh_Server_DmaProcessClientAddress(
+            server, img->addr, &serverPtr, img->size,
+            WH_DMA_OPER_CLIENT_READ_POST, (whServerDmaFlags){0});
+        if (ret == 0) {
+            ret = dmaRet;
+        }
+    }
 #else
     /* Hash the image data using one-shot API */
     ret = wc_Sha256Hash_ex((const uint8_t*)img->addr, (word32)img->size, hash,
@@ -400,16 +414,6 @@ int wh_Server_ImgMgrVerifyMethodRsaSslWithSha256(
         return ret;
     }
 
-#ifdef WOLFHSM_CFG_DMA
-    ret = wh_Server_DmaProcessClientAddress(
-        server, img->addr, &serverPtr, img->size, WH_DMA_OPER_CLIENT_READ_POST,
-        (whServerDmaFlags){0});
-    if (ret != WH_ERROR_OK) {
-        wc_FreeRsaKey(&rsaKey);
-        return ret;
-    }
-#endif
-
     /* Verify the signature using RSA SSL verify */
     ret =
         wc_RsaSSL_Verify(sig, (word32)sigSz, decrypted, decryptedLen, &rsaKey);