aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ks.c18
1 files changed, 13 insertions, 5 deletions
diff --git a/ks.c b/ks.c
index 1598679..f4015e0 100644
--- a/ks.c
+++ b/ks.c
@@ -623,16 +623,17 @@ hal_error_t hal_ks_fetch(hal_ks_t *ks,
if ((err = hal_ks_index_find(ks, &slot->name, &b, &slot->hint)) != HAL_OK ||
(err = hal_ks_block_test_owner(ks, b, slot->client, slot->session)) != HAL_OK ||
(err = hal_ks_block_read_cached(ks, b, &block)) != HAL_OK)
- goto done;
+ goto unlock;
if (hal_ks_block_get_type(block) != HAL_KS_BLOCK_TYPE_KEY) {
err = HAL_ERROR_KEYSTORE_WRONG_BLOCK_TYPE; /* HAL_ERROR_KEY_NOT_FOUND */
- goto done;
+ goto unlock;
}
hal_ks_cache_mark_used(ks, block, b);
hal_ks_key_block_t *k = &block->key;
+ const size_t k_der_len = k->der_len;
slot->type = k->type;
slot->curve = k->curve;
@@ -641,6 +642,15 @@ hal_error_t hal_ks_fetch(hal_ks_t *ks,
if (der == NULL && der_len != NULL)
*der_len = k->der_len;
+ if (der != NULL && k_der_len <= der_max)
+ memcpy(der, k->der, k_der_len);
+
+ unlock:
+ hal_ks_unlock();
+
+ if (err != HAL_OK)
+ return err;
+
if (der != NULL) {
uint8_t kek[KEK_LENGTH];
@@ -653,13 +663,11 @@ hal_error_t hal_ks_fetch(hal_ks_t *ks,
*der_len = der_max;
if ((err = hal_mkm_get_kek(kek, &kek_len, sizeof(kek))) == HAL_OK)
- err = hal_aes_keyunwrap(NULL, kek, kek_len, k->der, k->der_len, der, der_len);
+ err = hal_aes_keyunwrap(NULL, kek, kek_len, der, k_der_len, der, der_len);
memset(kek, 0, sizeof(kek));
}
- done:
- hal_ks_unlock();
return err;
}