CAAM/SECO add XMALLOC NULL checks and zero KEK stack buffer

This commit is contained in:
JacobBarthelmeh
2026-05-11 16:29:48 -06:00
parent 7683edc448
commit 8b2b49d496
+11
View File
@@ -960,6 +960,10 @@ static hsm_err_t wc_SECO_AESCCM(unsigned int args[4], CAAM_BUFFER* buf, int sz)
cipherAndTagSz = buf[4].Length + buf[2].Length;
cipherAndTag = (byte*)XMALLOC(cipherAndTagSz, NULL,
DYNAMIC_TYPE_TMP_BUFFER);
if (cipherAndTag == NULL) {
return HSM_OUT_OF_MEMORY;
}
dir = args[0] & 0xFFFF; /* get if doing enc or dec */
if (dir == CAAM_ENC) {
in = (uint8_t*)buf[2].TheAddress;
@@ -1012,6 +1016,11 @@ static hsm_err_t wc_SECO_AESGCM(unsigned int args[4], CAAM_BUFFER* buf, int sz)
cipherAndTagSz = buf[4].Length + buf[2].Length;
cipherAndTag = (byte*)XMALLOC(cipherAndTagSz, NULL,
DYNAMIC_TYPE_TMP_BUFFER);
if (cipherAndTag == NULL) {
(void)hsm_close_cipher_service(cipher_hdl);
return HSM_OUT_OF_MEMORY;
}
if (dir == CAAM_ENC) {
in = (uint8_t*)buf[2].TheAddress;
inSz = buf[2].Length;
@@ -1142,6 +1151,8 @@ word32 wc_SECO_WrapKey(word32 keyId, byte* in, word32 inSz, byte* iv,
}
}
ForceZero(KEK, sizeof(KEK));
key_args.flags |= HSM_OP_MANAGE_KEY_FLAGS_PART_UNIQUE_ROOT_KEK;
#if 0
/* for now only using the unique kek, this would be for common */