review feedback

Author: bigbrett

src/wh_server_cert.c

@@ -503,7 +503,13 @@ int wh_Server_HandleCertRequest(whServerContext* server, uint16_t magic,
                         else {
                             rc = wh_Server_KeystoreReadKey(
                                 server, certId, NULL, cert_data, &cert_len);
-                            resp.cert_len = cert_len;
+                            if (rc == WH_ERROR_OK) {
+                                resp.cert_len = cert_len;
+                            }
+                            else if (rc == WH_ERROR_NOSPACE) {
+                                resp.cert_len = cert_len;
+                                rc = WH_ERROR_BUFFER_SIZE;
+                            }
                         }
                     }
                 }
@@ -670,6 +676,9 @@ int wh_Server_HandleCertRequest(whServerContext* server, uint16_t magic,
                                 cert_len = req.cert_len;
                                 resp.rc  = wh_Server_KeystoreReadKey(
                                     server, certId, NULL, cert_data, &cert_len);
+                                if (resp.rc == WH_ERROR_NOSPACE) {
+                                    resp.rc = WH_ERROR_BUFFER_SIZE;
+                                }
                             }
                         }
                     }

src/wh_server_keystore.c

@@ -647,13 +647,16 @@ int wh_Server_KeystoreReadKey(whServerContext* server, whKeyId keyId,
     /* Check the cache using unified function */
     ret = _FindInCache(server, keyId, NULL, NULL, &cacheBuffer, &cacheMeta);
     if (ret == WH_ERROR_OK) {
-        /* Found in cache */
-        if (cacheMeta->len > *outSz)
-            return WH_ERROR_NOSPACE;
+        /* Found in cache - always populate metadata if requested */
         if (outMeta != NULL) {
             memcpy((uint8_t*)outMeta, (uint8_t*)cacheMeta,
                    sizeof(whNvmMetadata));
         }
+        /* Check buffer size only when data output is requested */
+        if (out != NULL && cacheMeta->len > *outSz) {
+            *outSz = cacheMeta->len;
+            return WH_ERROR_NOSPACE;
+        }
         if (out != NULL) {
             memcpy(out, cacheBuffer, cacheMeta->len);
         }

wolfhsm/wh_server_cert.h

@@ -67,7 +67,7 @@ int wh_Server_CertEraseTrusted(whServerContext* server, whNvmId id);
  * @param id The key ID of the certificate to read. If the key type is
  * WH_KEYTYPE_NVM, the certificate is read from NVM. Otherwise, the certificate
  * is read from the keystore cache (e.g. for wrapped certs cached via
- * wh_Client_KeyUnwrapAndCache).
+ * wh_Client_CertUnwrapAndCache).
  * @param cert Buffer to store the certificate data
  * @param inout_cert_len On input, size of cert buffer. On output, actual cert
  * size
@@ -85,7 +85,7 @@ int wh_Server_CertReadTrusted(whServerContext* server, whKeyId id,
  * @param cert_len Length of the certificate data
  * @param trustedRootId Key ID of the trusted root certificate. Can be an NVM ID
  * (WH_KEYTYPE_NVM) or a cached key ID (e.g. WH_KEYTYPE_WRAPPED from
- * wh_Client_KeyUnwrapAndCache).
+ * wh_Client_CertUnwrapAndCache).
  * @param flags Flags for the certificate verification (see WH_CERT_FLAGS_* in
  * wh_common.h)
  * @param cachedKeyFlags NVM usage flags to apply when caching the leaf public