Merge pull request #10456 from padelsbach/lms-xmss-sw-fallback-fix

Fix LMS and XMSS cryptocb software fallback
This commit is contained in:
Sean Parkinson
2026-05-13 16:43:41 +10:00
committed by GitHub
2 changed files with 14 additions and 12 deletions
+7 -6
View File
@@ -1555,15 +1555,16 @@ int wc_LmsKey_SigsLeft(LmsKey* key)
if (cbRet == 0) {
return (sigsLeft != 0) ? 1 : 0;
}
/* The device owns the private state; no safe software fallback
* exists because key->priv_raw does not reflect HSM state. */
if (cbRet != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) {
/* Device returned an actual error; the device owns the
* private state so no safe software fallback exists. */
WOLFSSL_MSG("PqcStatefulSigSigsLeft returned an error");
return 0;
}
else {
WOLFSSL_MSG("LMS SigsLeft not supported by device");
}
return 0;
/* Cryptocb declined. priv_raw reflects software state from the
* CRYPTOCB_UNAVAILABLE fall-through in MakeKey/Reload, so the
* software check below is valid. */
WOLFSSL_MSG("LMS SigsLeft not supported by device, using software");
}
#endif
ret = wc_hss_sigsleft(key->params, key->priv_raw);
+7 -6
View File
@@ -1521,15 +1521,16 @@ int wc_XmssKey_SigsLeft(XmssKey* key)
if (cbRet == 0) {
return (sigsLeft != 0) ? 1 : 0;
}
/* The device owns the private state; no safe software fallback
* exists because key->sk does not reflect HSM state. */
if (cbRet != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) {
/* Device returned an actual error; the device owns the
* private state so no safe software fallback exists. */
WOLFSSL_MSG("PqcStatefulSigSigsLeft returned an error");
return 0;
}
else {
WOLFSSL_MSG("XMSS SigsLeft not supported by device");
}
return 0;
/* Cryptocb declined. Fall through to the software path: state
* reflects the CRYPTOCB_UNAVAILABLE fall-through in MakeKey/Reload,
* and read_private_key can repopulate sk from NV storage. */
WOLFSSL_MSG("XMSS SigsLeft not supported by device, using software");
}
#endif