Address review feedback

Frauschi · Frauschi · commit 70c4b2f725c2 · 2026-03-18T11:48:37.000+01:00
diff --git a/examples/posix/wh_posix_server/wh_posix_server.c b/examples/posix/wh_posix_server/wh_posix_server.c
@@ -305,8 +305,8 @@ int main(int argc, char** argv)
 #if !defined(WOLFHSM_CFG_NO_CRYPTO)
     /* Crypto context */
     whServerCryptoContext crypto[1] = {{0}};
-    WC_RNG         rng[1];
-    uint8_t        buffer[128] = {0};
+    WC_RNG                rng[1] = {{0}};
+    uint8_t               buffer[128] = {0};
 
 #if defined(WOLFHSM_CFG_SHE_EXTENSION)
     whServerSheContext she[1] = {{0}};
@@ -339,9 +339,10 @@ int main(int argc, char** argv)
         }
         else if (strcmp(argv[i], "--flags") == 0 && i + 1 < argc) {
             char* end;
-            unsigned long val = strtoul(argv[i + 1], &end, 0);
-            errno             = 0;
+            unsigned long val;
 
+            errno = 0;
+            val   = strtoul(argv[i + 1], &end, 0);
             if (errno || *end || val > 0xFFFF) {
                 WOLFHSM_CFG_PRINTF("Invalid --flags value: %s\n", argv[i + 1]);
                 return -1;
diff --git a/src/wh_client_crypto.c b/src/wh_client_crypto.c
@@ -611,7 +611,7 @@ int wh_Client_AesEcb(whClientContext* ctx, Aes* aes, int enc, const uint8_t* in,
     whKeyId                         key_id  = WH_DEVCTX_TO_KEYID(aes->devCtx);
     uint8_t*                        req_in  = NULL;
     uint8_t*                        req_key = NULL;
-    uint16_t                        req_len = 0;
+    uint64_t                        req_len = 0;
 
     uint16_t group  = WH_MESSAGE_GROUP_CRYPTO;
     uint16_t action = WC_ALGO_TYPE_CIPHER;
diff --git a/src/wh_nvm_flash.c b/src/wh_nvm_flash.c
@@ -1024,10 +1024,12 @@ int wh_NvmFlash_GetAvailable(void* c,
         uint32_t *out_reclaim_size, whNvmId *out_reclaim_objects)
 {
     whNvmFlashContext* context = c;
-    nfMemDirectory *d = &context->directory;
+    nfMemDirectory *d;
+
     if (context == NULL) {
         return WH_ERROR_BADARGS;
     }
+    d = &context->directory;
     if (out_avail_size != NULL) {
         *out_avail_size = (context->partition_units -
                 NF_PARTITION_DATA_OFFSET - d->next_free_data) *
diff --git a/src/wh_server_crypto.c b/src/wh_server_crypto.c
@@ -22,7 +22,6 @@
  */
 
 /* Pick up compile-time configuration */
-#include "wolfhsm/wh_keyid.h"
 #include "wolfhsm/wh_settings.h"
 
 #if !defined(WOLFHSM_CFG_NO_CRYPTO) && defined(WOLFHSM_CFG_ENABLE_SERVER)
@@ -53,6 +52,7 @@
 #include "wolfhsm/wh_utils.h"
 #include "wolfhsm/wh_server_keystore.h"
 #include "wolfhsm/wh_server_crypto.h"
+#include "wolfhsm/wh_keyid.h"
 
 #include "wolfhsm/wh_server.h"
 
@@ -1126,7 +1126,7 @@ static int _HandleEccVerify(whServerContext* ctx, uint16_t magic, int devId,
     whMessageCrypto_EccVerifyRequest  req;
     whMessageCrypto_EccVerifyResponse res;
 
-    uint32_t available      = inSize - sizeof(whMessageCrypto_EccVerifyRequest);
+    uint32_t available      = 0;
     uint32_t options        = 0;
     whKeyId  key_id         = WH_KEYID_ERASED;
     uint32_t hash_len       = 0;
@@ -1153,6 +1153,7 @@ static int _HandleEccVerify(whServerContext* ctx, uint16_t magic, int devId,
     }
 
     /* Validate variable-length fields fit within inSize */
+    available = inSize - sizeof(whMessageCrypto_EccVerifyRequest);
     if (req.sigSz > available) {
         return WH_ERROR_BADARGS;
     }
@@ -1391,7 +1392,7 @@ static int _HandleHkdf(whServerContext* ctx, uint16_t magic, int devId,
     whNvmFlags flags      = 0;
     uint8_t*   label      = 0;
     uint16_t   label_size = WH_NVM_LABEL_LEN;
-    uint32_t   available  = inSize - sizeof(whMessageCrypto_HkdfRequest);
+    uint32_t   available  = 0;
 
     const uint8_t* inKey         = NULL;
     const uint8_t* salt          = NULL;
@@ -1427,6 +1428,7 @@ static int _HandleHkdf(whServerContext* ctx, uint16_t magic, int devId,
         WH_KEYTYPE_CRYPTO, ctx->comm->client_id, req.keyIdIn);
 
     /* Validate variable-length fields fit within input buffer */
+    available = inSize - sizeof(whMessageCrypto_HkdfRequest);
     if (inKeySz > available) {
         return WH_ERROR_BADARGS;
     }
@@ -1542,7 +1544,7 @@ static int _HandleCmacKdf(whServerContext* ctx, uint16_t magic, int devId,
     whNvmFlags flags       = WH_NVM_FLAGS_NONE;
     uint8_t*   label       = NULL;
     uint16_t   label_size  = WH_NVM_LABEL_LEN;
-    uint32_t   available   = inSize - sizeof(whMessageCrypto_CmacKdfRequest);
+    uint32_t   available   = 0;
 
     const uint8_t* salt           = NULL;
     const uint8_t* z              = NULL;
@@ -1582,6 +1584,7 @@ static int _HandleCmacKdf(whServerContext* ctx, uint16_t magic, int devId,
 
 
     /* Validate variable-length fields fit within input buffer */
+    available = inSize - sizeof(whMessageCrypto_CmacKdfRequest);
     if (saltSz > available) {
         return WH_ERROR_BADARGS;
     }
@@ -1976,7 +1979,7 @@ static int _HandleEd25519Sign(whServerContext* ctx, uint16_t magic, int devId,
     whMessageCrypto_Ed25519SignRequest req;
     uint8_t                            sig[ED25519_SIG_SIZE];
     word32                             sig_len   = sizeof(sig);
-    uint32_t                           available = inSize - sizeof(req);
+    uint32_t                           available = 0;
     whKeyId                            key_id    = WH_KEYID_ERASED;
     uint32_t                           msg_len   = 0;
     uint8_t*                           req_msg   = NULL;
@@ -1994,6 +1997,8 @@ static int _HandleEd25519Sign(whServerContext* ctx, uint16_t magic, int devId,
         return ret;
     }
 
+    /* Validate variable-length fields fit within input buffer */
+    available = inSize - sizeof(whMessageCrypto_Ed25519SignRequest);
     if (req.msgSz > available) {
         return WH_ERROR_BADARGS;
     }
@@ -2078,7 +2083,7 @@ static int _HandleEd25519Verify(whServerContext* ctx, uint16_t magic, int devId,
     ed25519_key                           key[1];
     whMessageCrypto_Ed25519VerifyRequest  req;
     whMessageCrypto_Ed25519VerifyResponse res;
-    uint32_t                              available  = inSize - sizeof(req);
+    uint32_t                              available  = 0;
     whKeyId                               key_id     = WH_KEYID_ERASED;
     uint32_t                              sig_len    = 0;
     uint32_t                              msg_len    = 0;
@@ -2098,6 +2103,8 @@ static int _HandleEd25519Verify(whServerContext* ctx, uint16_t magic, int devId,
         return ret;
     }
 
+    /* Validate variable-length fields fit within input buffer */
+    available = inSize - sizeof(whMessageCrypto_Ed25519VerifyRequest);
     if (req.sigSz > available) {
         return WH_ERROR_BADARGS;
     }
@@ -2176,7 +2183,7 @@ static int _HandleEd25519SignDma(whServerContext* ctx, uint16_t magic,
     whMessageCrypto_Ed25519SignDmaRequest  req;
     whMessageCrypto_Ed25519SignDmaResponse res;
     word32                                 sigLen = 0;
-    uint32_t                               available = inSize - sizeof(req);
+    uint32_t                               available = 0;
     uint8_t*                               req_ctx = NULL;
     whKeyId                                key_id = WH_KEYID_ERASED;
     int                                    evict = 0;
@@ -2192,6 +2199,8 @@ static int _HandleEd25519SignDma(whServerContext* ctx, uint16_t magic,
         return ret;
     }
 
+    /* Validate variable-length fields fit within input buffer */
+    available = inSize - sizeof(whMessageCrypto_Ed25519SignDmaRequest);
     if (req.ctxSz > available) {
         return WH_ERROR_BADARGS;
     }
@@ -2286,7 +2295,7 @@ static int _HandleEd25519VerifyDma(whServerContext* ctx, uint16_t magic,
     void*                                    sigAddr   = NULL;
     whMessageCrypto_Ed25519VerifyDmaRequest  req;
     whMessageCrypto_Ed25519VerifyDmaResponse res;
-    uint32_t                                 available = inSize - sizeof(req);
+    uint32_t                                 available = 0;
     uint8_t*                                 req_ctx   = NULL;
     whKeyId                                  key_id    = WH_KEYID_ERASED;
     int                                      evict     = 0;
@@ -2302,6 +2311,8 @@ static int _HandleEd25519VerifyDma(whServerContext* ctx, uint16_t magic,
         return ret;
     }
 
+    /* Validate variable-length fields fit within input buffer */
+    available = inSize - sizeof(whMessageCrypto_Ed25519VerifyDmaRequest);
     if (req.ctxSz > available) {
         return WH_ERROR_BADARGS;
     }

Original file line number	Diff line number	Diff line change
`@@ -1024,10 +1024,12 @@ int wh_NvmFlash_GetAvailable(void* c,`
`1024`	`1024`	`uint32_t out_reclaim_size, whNvmId out_reclaim_objects)`
`1025`	`1025`	`{`
`1026`	`1026`	`whNvmFlashContext* context = c;`
`1027`		`- nfMemDirectory *d = &context->directory;`
	`1027`	`+ nfMemDirectory *d;`
	`1028`	`+`
`1028`	`1029`	`if (context == NULL) {`
`1029`	`1030`	`return WH_ERROR_BADARGS;`
`1030`	`1031`	`}`
	`1032`	`+ d = &context->directory;`
`1031`	`1033`	`if (out_avail_size != NULL) {`
`1032`	`1034`	`*out_avail_size = (context->partition_units -`
`1033`	`1035`	`NF_PARTITION_DATA_OFFSET - d->next_free_data) *`