mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-05 15:20:49 +02:00
CAAM/SECO add XMALLOC NULL checks and zero KEK stack buffer
This commit is contained in:
@@ -960,6 +960,10 @@ static hsm_err_t wc_SECO_AESCCM(unsigned int args[4], CAAM_BUFFER* buf, int sz)
|
||||
cipherAndTagSz = buf[4].Length + buf[2].Length;
|
||||
cipherAndTag = (byte*)XMALLOC(cipherAndTagSz, NULL,
|
||||
DYNAMIC_TYPE_TMP_BUFFER);
|
||||
if (cipherAndTag == NULL) {
|
||||
return HSM_OUT_OF_MEMORY;
|
||||
}
|
||||
|
||||
dir = args[0] & 0xFFFF; /* get if doing enc or dec */
|
||||
if (dir == CAAM_ENC) {
|
||||
in = (uint8_t*)buf[2].TheAddress;
|
||||
@@ -1012,6 +1016,11 @@ static hsm_err_t wc_SECO_AESGCM(unsigned int args[4], CAAM_BUFFER* buf, int sz)
|
||||
cipherAndTagSz = buf[4].Length + buf[2].Length;
|
||||
cipherAndTag = (byte*)XMALLOC(cipherAndTagSz, NULL,
|
||||
DYNAMIC_TYPE_TMP_BUFFER);
|
||||
if (cipherAndTag == NULL) {
|
||||
(void)hsm_close_cipher_service(cipher_hdl);
|
||||
return HSM_OUT_OF_MEMORY;
|
||||
}
|
||||
|
||||
if (dir == CAAM_ENC) {
|
||||
in = (uint8_t*)buf[2].TheAddress;
|
||||
inSz = buf[2].Length;
|
||||
@@ -1142,6 +1151,8 @@ word32 wc_SECO_WrapKey(word32 keyId, byte* in, word32 inSz, byte* iv,
|
||||
}
|
||||
}
|
||||
|
||||
ForceZero(KEK, sizeof(KEK));
|
||||
|
||||
key_args.flags |= HSM_OP_MANAGE_KEY_FLAGS_PART_UNIQUE_ROOT_KEK;
|
||||
#if 0
|
||||
/* for now only using the unique kek, this would be for common */
|
||||
|
||||
Reference in New Issue
Block a user