Merge pull request #8393 from anhu/draft-tls-westerbaan-mldsa

New codepoint for MLDSA
2026-01-30 23:39:16 +01:00 · 2025-02-13 10:20:30 +10:00
parent 0e474fc673 aa59eab732
commit 365aac0306
4 changed files with 35 additions and 33 deletions
--- a/src/internal.c
+++ b/src/internal.c
@@ -4582,14 +4582,11 @@ void DecodeSigAlg(const byte* input, byte* hashAlgo, byte* hsType)
            }
            break;
    #endif
-#if defined(HAVE_FALCON) || defined(HAVE_DILITHIUM)
-        case PQC_SA_MAJOR:
-            /* Hash performed as part of sign/verify operation.
-             * However, if we want a dual alg signature with a
-             * classic algorithm as alternative, we need an explicit
-             * hash algo here.
-             */
+    /* Hash performed as part of sign/verify operation.
+     * However, if we want a dual alg signature with a classic algorithm as
+     * alternative, we need an explicit hash algo here. */
    #ifdef HAVE_FALCON
+        case FALCON_SA_MAJOR:
            if (input[1] == FALCON_LEVEL1_SA_MINOR) {
                *hsType = falcon_level1_sa_algo;
                *hashAlgo = sha256_mac;
@@ -4598,8 +4595,10 @@ void DecodeSigAlg(const byte* input, byte* hashAlgo, byte* hsType)
                *hsType = falcon_level5_sa_algo;
                *hashAlgo = sha512_mac;
            }
+            break;
    #endif /* HAVE_FALCON */
    #ifdef HAVE_DILITHIUM
+        case DILITHIUM_SA_MAJOR:
            if (input[1] == DILITHIUM_LEVEL2_SA_MINOR) {
                *hsType = dilithium_level2_sa_algo;
                *hashAlgo = sha256_mac;
@@ -4612,9 +4611,8 @@ void DecodeSigAlg(const byte* input, byte* hashAlgo, byte* hsType)
                *hsType = dilithium_level5_sa_algo;
                *hashAlgo = sha512_mac;
            }
-    #endif /* HAVE_DILITHIUM */
            break;
-#endif
+    #endif /* HAVE_DILITHIUM */
        default:
            *hashAlgo = input[0];
            *hsType   = input[1];
--- a/src/tls13.c
+++ b/src/tls13.c
@@ -8015,9 +8015,8 @@ static WC_INLINE int DecodeTls13SigAlg(byte* input, byte* hashAlgo,
            else
                ret = INVALID_PARAMETER;
            break;
-#if defined(HAVE_FALCON) || defined(HAVE_DILITHIUM)
-        case PQC_SA_MAJOR:
 #if defined(HAVE_FALCON)
+        case FALCON_SA_MAJOR:
            if (input[1] == FALCON_LEVEL1_SA_MINOR) {
                *hsType = falcon_level1_sa_algo;
                /* Hash performed as part of sign/verify operation. */
@@ -8028,8 +8027,11 @@ static WC_INLINE int DecodeTls13SigAlg(byte* input, byte* hashAlgo,
                *hashAlgo = sha512_mac;
            }
            else
+                ret = INVALID_PARAMETER;
+            break;
 #endif /* HAVE_FALCON */
 #if defined(HAVE_DILITHIUM)
+        case DILITHIUM_SA_MAJOR:
            if (input[1] == DILITHIUM_LEVEL2_SA_MINOR) {
                *hsType = dilithium_level2_sa_algo;
                /* Hash performed as part of sign/verify operation. */
@@ -8044,12 +8046,11 @@ static WC_INLINE int DecodeTls13SigAlg(byte* input, byte* hashAlgo,
                *hashAlgo = sha512_mac;
            }
            else
-#endif /* HAVE_DILITHIUM */
            {
                ret = INVALID_PARAMETER;
            }
            break;
-#endif
+#endif /* HAVE_DILITHIUM */
        default:
            *hashAlgo = input[0];
            *hsType   = input[1];