mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-05 12:20:52 +02:00
Merge pull request #10456 from padelsbach/lms-xmss-sw-fallback-fix
Fix LMS and XMSS cryptocb software fallback
This commit is contained in:
@@ -1555,15 +1555,16 @@ int wc_LmsKey_SigsLeft(LmsKey* key)
|
||||
if (cbRet == 0) {
|
||||
return (sigsLeft != 0) ? 1 : 0;
|
||||
}
|
||||
/* The device owns the private state; no safe software fallback
|
||||
* exists because key->priv_raw does not reflect HSM state. */
|
||||
if (cbRet != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) {
|
||||
/* Device returned an actual error; the device owns the
|
||||
* private state so no safe software fallback exists. */
|
||||
WOLFSSL_MSG("PqcStatefulSigSigsLeft returned an error");
|
||||
return 0;
|
||||
}
|
||||
else {
|
||||
WOLFSSL_MSG("LMS SigsLeft not supported by device");
|
||||
}
|
||||
return 0;
|
||||
/* Cryptocb declined. priv_raw reflects software state from the
|
||||
* CRYPTOCB_UNAVAILABLE fall-through in MakeKey/Reload, so the
|
||||
* software check below is valid. */
|
||||
WOLFSSL_MSG("LMS SigsLeft not supported by device, using software");
|
||||
}
|
||||
#endif
|
||||
ret = wc_hss_sigsleft(key->params, key->priv_raw);
|
||||
|
||||
@@ -1521,15 +1521,16 @@ int wc_XmssKey_SigsLeft(XmssKey* key)
|
||||
if (cbRet == 0) {
|
||||
return (sigsLeft != 0) ? 1 : 0;
|
||||
}
|
||||
/* The device owns the private state; no safe software fallback
|
||||
* exists because key->sk does not reflect HSM state. */
|
||||
if (cbRet != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) {
|
||||
/* Device returned an actual error; the device owns the
|
||||
* private state so no safe software fallback exists. */
|
||||
WOLFSSL_MSG("PqcStatefulSigSigsLeft returned an error");
|
||||
return 0;
|
||||
}
|
||||
else {
|
||||
WOLFSSL_MSG("XMSS SigsLeft not supported by device");
|
||||
}
|
||||
return 0;
|
||||
/* Cryptocb declined. Fall through to the software path: state
|
||||
* reflects the CRYPTOCB_UNAVAILABLE fall-through in MakeKey/Reload,
|
||||
* and read_private_key can repopulate sk from NV storage. */
|
||||
WOLFSSL_MSG("XMSS SigsLeft not supported by device, using software");
|
||||
}
|
||||
#endif
|
||||
|
||||
|
||||
Reference in New Issue
Block a user