diff --git a/wolfcrypt/src/wc_xmss_impl.c b/wolfcrypt/src/wc_xmss_impl.c index 80ca9672e5..3ca62fcea9 100644 --- a/wolfcrypt/src/wc_xmss_impl.c +++ b/wolfcrypt/src/wc_xmss_impl.c @@ -2675,7 +2675,7 @@ static void wc_xmss_bds_state_free(BdsState* bds) * @param [out] bds BDS states. * @param [out] wots_sigs WOTS signatures when XMSS^MT. */ -static void wc_xmss_bds_state_load(const XmssState* state, byte* sk, +static int wc_xmss_bds_state_load(const XmssState* state, byte* sk, BdsState* bds, byte** wots_sigs) { const XmssParams* params = state->params; @@ -2689,6 +2689,9 @@ static void wc_xmss_bds_state_load(const XmssState* state, byte* sk, /* Skip past standard SK = idx || wots_sk || SK_PRF || root || SEED; */ sk += params->idx_len + 4 * n; + if (2 * (int)params->d - 1 < 0) + return WC_FAILURE; + for (i = 0; i < 2 * (int)params->d - 1; i++) { /* Set pointers into SK. */ bds[i].stack = sk; @@ -2715,6 +2718,8 @@ static void wc_xmss_bds_state_load(const XmssState* state, byte* sk, if (wots_sigs != NULL) { *wots_sigs = sk; } + + return 0; } /* Store the BDS state into the secret/private key. @@ -2723,7 +2728,7 @@ static void wc_xmss_bds_state_load(const XmssState* state, byte* sk, * @param [in, out] sk Secret/private key. * @param [in] bds BDS states. */ -static void wc_xmss_bds_state_store(const XmssState* state, byte* sk, +static int wc_xmss_bds_state_store(const XmssState* state, byte* sk, BdsState* bds) { int i; @@ -2743,15 +2748,20 @@ static void wc_xmss_bds_state_store(const XmssState* state, byte* sk, /* Ignore standard SK = idx || wots_sk || SK_PRF || root || SEED; */ sk += params->idx_len + 4 * n; + if (2 * (int)params->d - 1 < 0) + return WC_FAILURE; + for (i = 0; i < 2 * (int)params->d - 1; i++) { /* Skip pointers into sk. */ sk += skip; /* Save values - big-endian encoded. */ - c32to24(bds[i].next, sk); + c32to24(bds[i].next, sk); /* NOLINT(clang-analyzer-core.CallAndMessage) */ sk += 3; sk[0] = bds[i].offset; sk += 1; } + + return 0; } /******************************************** @@ -3297,6 +3307,10 @@ int wc_xmss_keygen(XmssState* state, const unsigned char* seed, if (ret == 0) #endif { + /* Setup pointers into sk - assumes sk is initialized to zeros. */ + ret = wc_xmss_bds_state_load(state, sk, bds, NULL); + } + if (ret == 0) { /* Offsets into seed. */ const byte* seed_priv = seed; const byte* seed_pub = seed + 2 * n; @@ -3306,9 +3320,6 @@ int wc_xmss_keygen(XmssState* state, const unsigned char* seed, /* Offsets into public key. */ byte* pk_seed = pk + n; - /* Setup pointers into sk - assumes sk is initialized to zeros. */ - wc_xmss_bds_state_load(state, sk, bds, NULL); - /* Set first index to 0 in private key. idx_len always 4. */ *sk_idx = 0; /* Set private key seed and private key for PRF in to private key. */ @@ -3333,7 +3344,7 @@ int wc_xmss_keygen(XmssState* state, const unsigned char* seed, XMEMCPY(sk_root, pk_root, 2 * n); /* Store BDS state back into secret/private key. */ - wc_xmss_bds_state_store(state, sk, bds); + ret = wc_xmss_bds_state_store(state, sk, bds); } #ifdef WOLFSSL_SMALL_STACK @@ -3412,8 +3423,9 @@ int wc_xmss_sign(XmssState* state, const unsigned char* m, word32 mlen, #endif { /* Load the BDS state from secret/private key. */ - wc_xmss_bds_state_load(state, sk, bds, NULL); - + ret = wc_xmss_bds_state_load(state, sk, bds, NULL); + } + if (ret == 0) { /* Copy the index into the signature data: Sig = idx_sig || ... */ *((word32*)sig) = *((word32*)sk); /* Read index from the secret key. */ @@ -3468,7 +3480,7 @@ int wc_xmss_sign(XmssState* state, const unsigned char* m, word32 mlen, if (ret == 0) { sig += params->wots_sig_len; /* Add authentication path (auth) and calc new root. */ - XMEMCPY(sig, bds->authPath, h * n); + XMEMCPY(sig, bds->authPath, h * n); /* NOLINT(clang-analyzer-core.CallAndMessage) */ ret = state->ret; } @@ -3490,7 +3502,7 @@ int wc_xmss_sign(XmssState* state, const unsigned char* m, word32 mlen, } if (ret == 0) { /* Store BDS state back into secret/private key. */ - wc_xmss_bds_state_store(state, sk, bds); + ret = wc_xmss_bds_state_store(state, sk, bds); } #ifdef WOLFSSL_SMALL_STACK @@ -3580,14 +3592,15 @@ int wc_xmssmt_keygen(XmssState* state, const unsigned char* seed, /* Allocate memory for BDS states and tree hash instances. */ ret = wc_xmss_bds_state_alloc(params, &bds); + if (ret == 0) { + /* Load the BDS state from secret/private key. */ + ret = wc_xmss_bds_state_load(state, sk, bds, &wots_sigs); + } if (ret == 0) { /* Offsets into seed. */ const byte* seed_priv = seed; const byte* seed_pub = seed + 2 * params->n; - /* Load the BDS state from secret/private key. */ - wc_xmss_bds_state_load(state, sk, bds, &wots_sigs); - /* Set first index to 0 in private key. */ XMEMSET(sk, 0, params->idx_len); /* Set private key seed and private key for PRF in to private key. */ @@ -3630,7 +3643,7 @@ int wc_xmssmt_keygen(XmssState* state, const unsigned char* seed, XMEMCPY(sk_root, pk_root, 2 * n); /* Store BDS state back into secret/private key. */ - wc_xmss_bds_state_store(state, sk, bds); + ret = wc_xmss_bds_state_store(state, sk, bds); } /* Dispose of allocated data of BDS states. */ @@ -4000,8 +4013,9 @@ int wc_xmssmt_sign(XmssState* state, const unsigned char* m, word32 mlen, ret = wc_xmss_bds_state_alloc(params, &bds); if (ret == 0) { /* Load the BDS state from secret/private key. */ - wc_xmss_bds_state_load(state, sk, bds, &wots_sigs); - + ret = wc_xmss_bds_state_load(state, sk, bds, &wots_sigs); + } + if (ret == 0) { /* Copy the index into the signature data: Sig_MT = idx_sig. */ XMEMCPY(sig_mt, sk, idx_len); @@ -4032,7 +4046,7 @@ int wc_xmssmt_sign(XmssState* state, const unsigned char* m, word32 mlen, if (ret == 0) { /* Store BDS state back into secret/private key. */ - wc_xmss_bds_state_store(state, sk, bds); + ret = wc_xmss_bds_state_store(state, sk, bds); } /* Dispose of allocated data of BDS states. */