mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-05 11:50:52 +02:00
Merge pull request #10340 from JeremiahM37/fenrir-3
harden falcon key handling
This commit is contained in:
+6
-5
@@ -9815,8 +9815,8 @@ int wc_GetKeyOID(byte* key, word32 keySz, const byte** curveOID, word32* oidSz,
|
||||
return MEMORY_E;
|
||||
|
||||
if (wc_falcon_init(falcon) == 0) {
|
||||
tmpIdx = 0;
|
||||
if (wc_falcon_set_level(falcon, 1) == 0) {
|
||||
if ((*algoID == 0) && (wc_falcon_set_level(falcon, 1) == 0)) {
|
||||
tmpIdx = 0;
|
||||
if (wc_Falcon_PrivateKeyDecode(key, &tmpIdx, falcon, keySz)
|
||||
== 0) {
|
||||
*algoID = FALCON_LEVEL1k;
|
||||
@@ -9825,7 +9825,8 @@ int wc_GetKeyOID(byte* key, word32 keySz, const byte** curveOID, word32* oidSz,
|
||||
WOLFSSL_MSG("Not Falcon Level 1 DER key");
|
||||
}
|
||||
}
|
||||
else if (wc_falcon_set_level(falcon, 5) == 0) {
|
||||
if ((*algoID == 0) && (wc_falcon_set_level(falcon, 5) == 0)) {
|
||||
tmpIdx = 0;
|
||||
if (wc_Falcon_PrivateKeyDecode(key, &tmpIdx, falcon, keySz)
|
||||
== 0) {
|
||||
*algoID = FALCON_LEVEL5k;
|
||||
@@ -9834,8 +9835,8 @@ int wc_GetKeyOID(byte* key, word32 keySz, const byte** curveOID, word32* oidSz,
|
||||
WOLFSSL_MSG("Not Falcon Level 5 DER key");
|
||||
}
|
||||
}
|
||||
else {
|
||||
WOLFSSL_MSG("GetKeyOID falcon initialization failed");
|
||||
if (*algoID == 0) {
|
||||
WOLFSSL_MSG("GetKeyOID could not match Falcon DER key");
|
||||
}
|
||||
wc_falcon_free(falcon);
|
||||
}
|
||||
|
||||
@@ -662,6 +662,14 @@ int wc_falcon_check_key(falcon_key* key)
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
if ((key->level != 1) && (key->level != 5)) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
if (!key->pubKeySet || !key->prvKeySet) {
|
||||
return PUBLIC_KEY_E;
|
||||
}
|
||||
|
||||
/* The public key is also decoded and stored within the private key buffer
|
||||
* behind the private key. Hence, we can compare both stored public keys. */
|
||||
if (key->level == 1) {
|
||||
|
||||
Reference in New Issue
Block a user