diff --git a/src/wh_client_keywrap.c b/src/wh_client_keywrap.c index 595d71260..0bb1e15f0 100644 --- a/src/wh_client_keywrap.c +++ b/src/wh_client_keywrap.c @@ -81,7 +81,7 @@ int wh_Client_KeyWrapResponse(whClientContext* ctx, } if (group != WH_MESSAGE_GROUP_KEY || action != WH_KEY_KEYWRAP || - size < sizeof(*resp) || size > sizeof(*resp) + resp->wrappedKeySz || + size < sizeof(*resp) || size < sizeof(*resp) + resp->wrappedKeySz || resp->cipherType != cipherType) { return WH_ERROR_ABORTED; } @@ -201,7 +201,7 @@ int wh_Client_KeyUnwrapAndExportResponse(whClientContext* ctx, if (group != WH_MESSAGE_GROUP_KEY || action != WH_KEY_KEYUNWRAPEXPORT || size < sizeof(*resp) || - size > sizeof(*resp) + sizeof(*metadataOut) + resp->keySz || + size < sizeof(*resp) + sizeof(*metadataOut) + resp->keySz || resp->cipherType != cipherType) { return WH_ERROR_ABORTED; } @@ -421,7 +421,7 @@ int wh_Client_DataWrapResponse(whClientContext* ctx, } if (group != WH_MESSAGE_GROUP_KEY || action != WH_KEY_DATAWRAP || - size < sizeof(*resp) || size > sizeof(*resp) + resp->wrappedDataSz || + size < sizeof(*resp) || size < sizeof(*resp) + resp->wrappedDataSz || resp->cipherType != cipherType) { return WH_ERROR_ABORTED; } @@ -534,7 +534,7 @@ int wh_Client_DataUnwrapResponse(whClientContext* ctx, } if (group != WH_MESSAGE_GROUP_KEY || action != WH_KEY_DATAUNWRAP || - size < sizeof(*resp) || size > sizeof(*resp) + resp->dataSz || + size < sizeof(*resp) || size < sizeof(*resp) + resp->dataSz || resp->cipherType != cipherType) { return WH_ERROR_ABORTED; } diff --git a/test-refactor/README.md b/test-refactor/README.md index bdf1397e6..ecabef72f 100644 --- a/test-refactor/README.md +++ b/test-refactor/README.md @@ -108,3 +108,4 @@ Not yet migrated (still live in `wolfHSM/test/`): ### Other improvements - Add callback from `wh_Server_HandleRequestMessage` to allow sleep and avoid a busy loop +- Add client-only harness to feed invalid server inputs from the test bench with the goal of expanding coverage.