WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Use char instead of sword8, sanity length check on CKA_VALUE

pull/8267/head
Colton Willey 2024-12-09 16:09:04 -08:00
parent 0cda59e00e
commit 0c20a20acc
4 changed files with 11 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/ssl_load.c
View File

@ -4163,8 +4163,8 @@ static int wolfSSL_CTX_use_certificate_ex(WOLFSSL_CTX* ctx,
labelLen = (word32)XSTRLEN(label); labelLen = (word32)XSTRLEN(label);
} }
ret = wc_CryptoCb_GetCert(devId, (const sword8 *)label, ret = wc_CryptoCb_GetCert(devId, label, labelLen, id, idLen,
labelLen, id, idLen, &certData, &certDataLen, &certFormat, ctx->heap); &certData, &certDataLen, &certFormat, ctx->heap);
if (ret != 0) { if (ret != 0) {
ret = WOLFSSL_FAILURE; ret = WOLFSSL_FAILURE;
goto exit; goto exit;

2
wolfcrypt/src/cryptocb.c
View File

@ -1801,7 +1801,7 @@ int wc_CryptoCb_RandomSeed(OS_Seed* os, byte* seed, word32 sz)
#endif /* !WC_NO_RNG */ #endif /* !WC_NO_RNG */
#ifndef NO_CERTS #ifndef NO_CERTS
int wc_CryptoCb_GetCert(int devId, const sword8 *label, word32 labelLen, int wc_CryptoCb_GetCert(int devId, const char *label, word32 labelLen,
const byte *id, word32 idLen, byte** out, const byte *id, word32 idLen, byte** out,
word32* outSz, int *format, void *heap) word32* outSz, int *format, void *heap)
{ {

7
wolfcrypt/src/wc_pkcs11.c
View File

@ -4021,6 +4021,11 @@ static int Pkcs11GetCert(Pkcs11Session* session, wc_CryptoInfo* info) {
goto exit; goto exit;
} }
if (tmpl[0].ulValueLen <= 0) {
ret = WC_HW_E;
goto exit;
}
certData = (byte *)XMALLOC( certData = (byte *)XMALLOC(
(int)tmpl[0].ulValueLen, info->cert.heap, DYNAMIC_TYPE_CERT); (int)tmpl[0].ulValueLen, info->cert.heap, DYNAMIC_TYPE_CERT);
if (certData == NULL) { if (certData == NULL) {
@ -4051,7 +4056,7 @@ exit:
return ret; return ret;
} }
#endif /* ifndef NO_CERTS */ #endif /* !NO_CERTS */
/** /**
* Perform a cryptographic operation using PKCS#11 device. * Perform a cryptographic operation using PKCS#11 device.

4
wolfssl/wolfcrypt/cryptocb.h
View File

@ -452,7 +452,7 @@ typedef struct wc_CryptoInfo {
struct { struct {
const byte *id; const byte *id;
word32 idLen; word32 idLen;
const sword8 *label; const char *label;
word32 labelLen; word32 labelLen;
byte **certDataOut; byte **certDataOut;
word32 *certSz; word32 *certSz;
@ -670,7 +670,7 @@ WOLFSSL_LOCAL int wc_CryptoCb_Cmac(Cmac* cmac, const byte* key, word32 keySz,
#endif #endif
#ifndef NO_CERTS #ifndef NO_CERTS
WOLFSSL_LOCAL int wc_CryptoCb_GetCert(int devId, const sword8 *label, WOLFSSL_LOCAL int wc_CryptoCb_GetCert(int devId, const char *label,
word32 labelLen, const byte *id, word32 idLen, byte** out, word32 labelLen, const byte *id, word32 idLen, byte** out,
word32* outSz, int *format, void *heap); word32* outSz, int *format, void *heap);
#endif #endif