@@ -491,16 +491,18 @@ int wh_Server_HandleCertRequest(whServerContext* server, uint16_t magic,
491491 rc = WH_SERVER_NVM_LOCK (server );
492492 if (rc == WH_ERROR_OK ) {
493493 if (req .id & WH_KEYID_CLIENT_WRAPPED_FLAG ) {
494- /* Cache path: translate and read cert + metadata */
494+ /* Cache path: check metadata before reading cert data */
495495 whKeyId certId = wh_KeyId_TranslateFromClient (
496496 WH_KEYTYPE_WRAPPED , server -> comm -> client_id , req .id );
497- rc = wh_Server_KeystoreReadKey (server , certId , & meta ,
498- cert_data , & cert_len );
497+ rc = wh_Server_KeystoreReadKey (server , certId , & meta , NULL ,
498+ & cert_len );
499499 if (rc == WH_ERROR_OK ) {
500500 if (meta .flags & WH_NVM_FLAGS_NONEXPORTABLE ) {
501501 rc = WH_ERROR_ACCESS ;
502502 }
503503 else {
504+ rc = wh_Server_KeystoreReadKey (
505+ server , certId , NULL , cert_data , & cert_len );
504506 resp .cert_len = cert_len ;
505507 }
506508 }
@@ -651,18 +653,24 @@ int wh_Server_HandleCertRequest(whServerContext* server, uint16_t magic,
651653 resp .rc = WH_SERVER_NVM_LOCK (server );
652654 if (resp .rc == WH_ERROR_OK ) {
653655 if (req .id & WH_KEYID_CLIENT_WRAPPED_FLAG ) {
654- /* Cache path: translate and read cert + metadata */
656+ /* Cache path: translate and check metadata before
657+ * reading cert data into client DMA buffer */
655658 whKeyId certId = wh_KeyId_TranslateFromClient (
656659 WH_KEYTYPE_WRAPPED , server -> comm -> client_id ,
657660 req .id );
658661 cert_len = req .cert_len ;
659662 resp .rc = wh_Server_KeystoreReadKey (
660- server , certId , & meta , cert_data , & cert_len );
663+ server , certId , & meta , NULL , & cert_len );
661664 if (resp .rc == WH_ERROR_OK ) {
662665 if ((meta .flags & WH_NVM_FLAGS_NONEXPORTABLE ) !=
663666 0 ) {
664667 resp .rc = WH_ERROR_ACCESS ;
665668 }
669+ else {
670+ cert_len = req .cert_len ;
671+ resp .rc = wh_Server_KeystoreReadKey (
672+ server , certId , NULL , cert_data , & cert_len );
673+ }
666674 }
667675 }
668676 else {
0 commit comments