projects / platform / core / security / key-manager.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Fix parameter validation in ocsp
[platform/core/security/key-manager.git] / src / manager / client / client-manager-impl.cpp
diff --git a/src/manager/client/client-manager-impl.cpp b/src/manager/client/client-manager-impl.cpp
index 76a5e57..3bb1ef9 100644 (file)
--- a/src/manager/client/client-manager-impl.cpp
+++ b/src/manager/client/client-manager-impl.cpp
@@ -711,6 +711,10 @@ int ManagerImpl::ocspCheck(const CertificateShPtrVector &certChain, int &ocspSta
 
         RawBufferVector rawCertChain;
         for (auto &e: certChain) {
+            if (!e || e->empty()) {
+                LogError("Empty certificate");
+                return CKM_API_ERROR_INPUT_PARAM;
+            }
             rawCertChain.push_back(e->getDER());
         }
 
@@ -763,11 +767,12 @@ int ManagerImpl::setPermission(const Alias &alias,
     });
 }
 
-int ManagerImpl::encrypt(const CryptoAlgorithm &algo,
-                         const Alias &keyAlias,
-                         const Password &password,
-                         const RawBuffer& plain,
-                         RawBuffer& encrypted)
+int ManagerImpl::crypt(EncryptionCommand command,
+          const CryptoAlgorithm &algo,
+          const Alias &keyAlias,
+          const Password &password,
+          const RawBuffer& input,
+          RawBuffer& output)
 {
     int my_counter = ++m_counter;
 
@@ -775,13 +780,13 @@ int ManagerImpl::encrypt(const CryptoAlgorithm &algo,
         MessageBuffer recv;
         AliasSupport helper(keyAlias);
         CryptoAlgorithmSerializable cas(algo);
-        auto send = MessageBuffer::Serialize(static_cast<int>(EncryptionCommand::ENCRYPT),
+        auto send = MessageBuffer::Serialize(static_cast<int>(command),
                                              my_counter,
                                              cas,
                                              helper.getName(),
                                              helper.getLabel(),
                                              password,
-                                             plain);
+                                             input);
 
         int retCode = m_encryptionConnection.processRequest(send.Pop(), recv);
         if (CKM_API_SUCCESS != retCode)
@@ -789,7 +794,7 @@ int ManagerImpl::encrypt(const CryptoAlgorithm &algo,
 
         int command;
         int counter;
-        recv.Deserialize(command, counter, encrypted);
+        recv.Deserialize(command, counter, retCode, output);
 
         if (my_counter != counter) {
             return CKM_API_ERROR_UNKNOWN;
@@ -799,40 +804,22 @@ int ManagerImpl::encrypt(const CryptoAlgorithm &algo,
     });
 }
 
+int ManagerImpl::encrypt(const CryptoAlgorithm &algo,
+            const Alias &keyAlias,
+            const Password &password,
+            const RawBuffer& plain,
+            RawBuffer& encrypted)
+{
+    return crypt(EncryptionCommand::ENCRYPT, algo, keyAlias, password, plain, encrypted);
+}
+
 int ManagerImpl::decrypt(const CryptoAlgorithm &algo,
                          const Alias &keyAlias,
                          const Password &password,
                          const RawBuffer& encrypted,
                          RawBuffer& decrypted)
 {
-    int my_counter = ++m_counter;
-
-    return try_catch([&] {
-        MessageBuffer recv;
-        AliasSupport helper(keyAlias);
-        CryptoAlgorithmSerializable cas(algo);
-        auto send = MessageBuffer::Serialize(static_cast<int>(EncryptionCommand::DECRYPT),
-                                             my_counter,
-                                             cas,
-                                             helper.getName(),
-                                             helper.getLabel(),
-                                             password,
-                                             encrypted);
-
-        int retCode = m_encryptionConnection.processRequest(send.Pop(), recv);
-        if (CKM_API_SUCCESS != retCode)
-            return retCode;
-
-        int command;
-        int counter;
-        recv.Deserialize(command, counter, decrypted);
-
-        if (my_counter != counter) {
-            return CKM_API_ERROR_UNKNOWN;
-        }
-
-        return retCode;
-    });
+    return crypt(EncryptionCommand::DECRYPT, algo, keyAlias, password, encrypted, decrypted);
 }
 
 ManagerShPtr Manager::create() {
Domain: Security / Utilities;