@@ -556,9 +556,10 @@ int wh_Server_HandleCertRequest(whServerContext* server, uint16_t magic,
556556
557557#ifdef WOLFHSM_CFG_DMA
558558 case WH_MESSAGE_CERT_ACTION_ADDTRUSTED_DMA : {
559- whMessageCert_AddTrustedDmaRequest req = {0 };
560- whMessageCert_SimpleResponse resp = {0 };
561- void * cert_data = NULL ;
559+ whMessageCert_AddTrustedDmaRequest req = {0 };
560+ whMessageCert_SimpleResponse resp = {0 };
561+ void * cert_data = NULL ;
562+ int cert_dma_pre_ok = 0 ;
562563
563564 if (req_size != sizeof (req )) {
564565 /* Request is malformed */
@@ -574,6 +575,9 @@ int wh_Server_HandleCertRequest(whServerContext* server, uint16_t magic,
574575 resp .rc = wh_Server_DmaProcessClientAddress (
575576 server , req .cert_addr , & cert_data , req .cert_len ,
576577 WH_DMA_OPER_CLIENT_READ_PRE , (whServerDmaFlags ){0 });
578+ if (resp .rc == WH_ERROR_OK ) {
579+ cert_dma_pre_ok = 1 ;
580+ }
577581 }
578582 if (resp .rc == WH_ERROR_OK ) {
579583 /* Process the add trusted action */
@@ -586,9 +590,10 @@ int wh_Server_HandleCertRequest(whServerContext* server, uint16_t magic,
586590 (void )WH_SERVER_NVM_UNLOCK (server );
587591 } /* WH_SERVER_NVM_LOCK() */
588592 }
589- if (resp .rc == WH_ERROR_OK ) {
590- /* Post-process client address */
591- resp .rc = wh_Server_DmaProcessClientAddress (
593+ /* Always call POST for successful PRE, regardless of operation
594+ * result */
595+ if (cert_dma_pre_ok ) {
596+ (void )wh_Server_DmaProcessClientAddress (
592597 server , req .cert_addr , & cert_data , req .cert_len ,
593598 WH_DMA_OPER_CLIENT_READ_POST , (whServerDmaFlags ){0 });
594599 }
@@ -600,11 +605,12 @@ int wh_Server_HandleCertRequest(whServerContext* server, uint16_t magic,
600605 }; break ;
601606
602607 case WH_MESSAGE_CERT_ACTION_READTRUSTED_DMA : {
603- whMessageCert_ReadTrustedDmaRequest req = {0 };
604- whMessageCert_SimpleResponse resp = {0 };
605- void * cert_data = NULL ;
608+ whMessageCert_ReadTrustedDmaRequest req = {0 };
609+ whMessageCert_SimpleResponse resp = {0 };
610+ void * cert_data = NULL ;
606611 uint32_t cert_len ;
607612 whNvmMetadata meta ;
613+ int cert_dma_pre_ok = 0 ;
608614
609615 if (req_size != sizeof (req )) {
610616 /* Request is malformed */
@@ -620,6 +626,9 @@ int wh_Server_HandleCertRequest(whServerContext* server, uint16_t magic,
620626 resp .rc = wh_Server_DmaProcessClientAddress (
621627 server , req .cert_addr , & cert_data , req .cert_len ,
622628 WH_DMA_OPER_CLIENT_WRITE_PRE , (whServerDmaFlags ){0 });
629+ if (resp .rc == WH_ERROR_OK ) {
630+ cert_dma_pre_ok = 1 ;
631+ }
623632 }
624633 if (resp .rc == WH_ERROR_OK ) {
625634 /* Check metadata to see if the certificate is non-exportable */
@@ -641,10 +650,11 @@ int wh_Server_HandleCertRequest(whServerContext* server, uint16_t magic,
641650 (void )WH_SERVER_NVM_UNLOCK (server );
642651 } /* WH_SERVER_NVM_LOCK() */
643652 }
644- if (resp .rc == WH_ERROR_OK ) {
645- /* Post-process client address */
646- resp .rc = wh_Server_DmaProcessClientAddress (
647- server , req .cert_addr , & cert_data , cert_len ,
653+ /* Always call POST for successful PRE, regardless of operation
654+ * result */
655+ if (cert_dma_pre_ok ) {
656+ (void )wh_Server_DmaProcessClientAddress (
657+ server , req .cert_addr , & cert_data , req .cert_len ,
648658 WH_DMA_OPER_CLIENT_WRITE_POST , (whServerDmaFlags ){0 });
649659 }
650660
@@ -655,10 +665,11 @@ int wh_Server_HandleCertRequest(whServerContext* server, uint16_t magic,
655665 }; break ;
656666
657667 case WH_MESSAGE_CERT_ACTION_VERIFY_DMA : {
658- whMessageCert_VerifyDmaRequest req = {0 };
659- whMessageCert_VerifyDmaResponse resp = {0 };
660- void * cert_data = NULL ;
661- whKeyId keyId = WH_KEYID_ERASED ;
668+ whMessageCert_VerifyDmaRequest req = {0 };
669+ whMessageCert_VerifyDmaResponse resp = {0 };
670+ void * cert_data = NULL ;
671+ whKeyId keyId = WH_KEYID_ERASED ;
672+ int cert_dma_pre_ok = 0 ;
662673
663674 if (req_size != sizeof (req )) {
664675 /* Request is malformed */
@@ -677,6 +688,9 @@ int wh_Server_HandleCertRequest(whServerContext* server, uint16_t magic,
677688 resp .rc = wh_Server_DmaProcessClientAddress (
678689 server , req .cert_addr , & cert_data , req .cert_len ,
679690 WH_DMA_OPER_CLIENT_READ_PRE , (whServerDmaFlags ){0 });
691+ if (resp .rc == WH_ERROR_OK ) {
692+ cert_dma_pre_ok = 1 ;
693+ }
680694 }
681695 if (resp .rc == WH_ERROR_OK ) {
682696 resp .rc = WH_SERVER_NVM_LOCK (server );
@@ -693,9 +707,10 @@ int wh_Server_HandleCertRequest(whServerContext* server, uint16_t magic,
693707 (void )WH_SERVER_NVM_UNLOCK (server );
694708 } /* WH_SERVER_NVM_LOCK() */
695709 }
696- if (resp .rc == WH_ERROR_OK ) {
697- /* Post-process client address */
698- resp .rc = wh_Server_DmaProcessClientAddress (
710+ /* Always call POST for successful PRE, regardless of operation
711+ * result */
712+ if (cert_dma_pre_ok ) {
713+ (void )wh_Server_DmaProcessClientAddress (
699714 server , req .cert_addr , & cert_data , req .cert_len ,
700715 WH_DMA_OPER_CLIENT_READ_POST , (whServerDmaFlags ){0 });
701716 }
@@ -766,9 +781,10 @@ int wh_Server_HandleCertRequest(whServerContext* server, uint16_t magic,
766781#if defined(WOLFHSM_CFG_DMA )
767782 case WH_MESSAGE_CERT_ACTION_VERIFY_ACERT_DMA : {
768783 /* Acert verify request uses standard cert verify request struct */
769- whMessageCert_VerifyDmaRequest req = {0 };
770- whMessageCert_SimpleResponse resp = {0 };
771- void * cert_data = NULL ;
784+ whMessageCert_VerifyDmaRequest req = {0 };
785+ whMessageCert_SimpleResponse resp = {0 };
786+ void * cert_data = NULL ;
787+ int cert_dma_pre_ok = 0 ;
772788
773789 if (req_size != sizeof (req )) {
774790 /* Request is malformed */
@@ -783,6 +799,9 @@ int wh_Server_HandleCertRequest(whServerContext* server, uint16_t magic,
783799 rc = wh_Server_DmaProcessClientAddress (
784800 server , req .cert_addr , & cert_data , req .cert_len ,
785801 WH_DMA_OPER_CLIENT_READ_PRE , (whServerDmaFlags ){0 });
802+ if (rc == WH_ERROR_OK ) {
803+ cert_dma_pre_ok = 1 ;
804+ }
786805 }
787806 if (rc == WH_ERROR_OK ) {
788807 /* Process the verify action */
@@ -805,9 +824,10 @@ int wh_Server_HandleCertRequest(whServerContext* server, uint16_t magic,
805824 resp .rc = rc ;
806825 }
807826 }
808- if (rc == WH_ERROR_OK ) {
809- /* Post-process client address */
810- rc = wh_Server_DmaProcessClientAddress (
827+ /* Always call POST for successful PRE, regardless of operation
828+ * result */
829+ if (cert_dma_pre_ok ) {
830+ (void )wh_Server_DmaProcessClientAddress (
811831 server , req .cert_addr , & cert_data , req .cert_len ,
812832 WH_DMA_OPER_CLIENT_READ_POST , (whServerDmaFlags ){0 });
813833 }
0 commit comments