Skip to content

Commit d393577

Browse files
danielinuxdanielinux
committed
Fix header size in hybrid mode
1 parent a31ddfc commit d393577

File tree

1 file changed

+14
-9
lines changed

1 file changed

+14
-9
lines changed

tools/keytools/sign.c

Lines changed: 14 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -364,7 +364,7 @@ static uint16_t sign_tool_find_header(uint8_t *haystack, uint16_t type, uint8_t
364364
}
365365

366366
static int load_key_ecc(int sign_type, uint32_t curve_sz, int curve_id,
367-
int header_sz,
367+
uint32_t header_sz,
368368
uint8_t **key_buffer, uint32_t *key_buffer_sz,
369369
uint8_t **pubkey, uint32_t *pubkey_sz, int secondary)
370370
{
@@ -449,7 +449,8 @@ static int load_key_ecc(int sign_type, uint32_t curve_sz, int curve_id,
449449
free(*pubkey);
450450

451451
if (ret == 0 || CMD.sign != SIGN_AUTO) {
452-
CMD.header_sz = header_sz;
452+
if (CMD.header_sz < header_sz)
453+
CMD.header_sz = header_sz;
453454
if (secondary) {
454455
CMD.secondary_sign = sign_type;
455456
CMD.secondary_signature_sz = (curve_sz * 2);
@@ -464,7 +465,7 @@ static int load_key_ecc(int sign_type, uint32_t curve_sz, int curve_id,
464465
}
465466

466467
static int load_key_rsa(int sign_type, uint32_t rsa_keysz, uint32_t rsa_pubkeysz,
467-
int header_sz,
468+
uint32_t header_sz,
468469
uint8_t **key_buffer, uint32_t *key_buffer_sz,
469470
uint8_t **pubkey, uint32_t *pubkey_sz, int secondary)
470471
{
@@ -523,7 +524,8 @@ static int load_key_rsa(int sign_type, uint32_t rsa_keysz, uint32_t rsa_pubkeysz
523524
}
524525

525526
if (ret == 0 || CMD.sign != SIGN_AUTO) {
526-
CMD.header_sz = header_sz;
527+
if (CMD.header_sz < header_sz)
528+
CMD.header_sz = header_sz;
527529
if (CMD.policy_sign) {
528530
CMD.header_sz += 512;
529531
}
@@ -2193,7 +2195,8 @@ static void set_signature_sizes(int secondary)
21932195

21942196
DEBUG_PRINT("info: LMS signature size: %d\n", sig_sz);
21952197

2196-
CMD.header_sz = 2 * sig_sz;
2198+
if (CMD.header_sz < 2 * sig_sz)
2199+
CMD.header_sz = 2 * sig_sz;
21972200
*sz = sig_sz;
21982201
}
21992202
#endif /* WOLFSSL_HAVE_LMS */
@@ -2226,14 +2229,15 @@ static void set_signature_sizes(int secondary)
22262229

22272230
DEBUG_PRINT("info: XMSS signature size: %d\n", sig_sz);
22282231

2229-
CMD.header_sz = 2 * sig_sz;
2232+
if (CMD.header_sz < 2 * sig_sz)
2233+
CMD.header_sz = 2 * sig_sz;
22302234
*sz = sig_sz;
22312235
}
22322236
#endif /* WOLFSSL_HAVE_XMSS */
22332237
#ifdef WOLFSSL_WC_DILITHIUM
22342238
else if (*sign == SIGN_ML_DSA) {
22352239
int ml_dsa_ret = 0;
2236-
int sig_sz = 0;
2240+
uint32_t sig_sz = 0;
22372241

22382242
ml_dsa_ret = wc_MlDsaKey_Init(&key.ml_dsa, NULL, INVALID_DEVID);
22392243
if (ml_dsa_ret != 0) {
@@ -2250,7 +2254,7 @@ static void set_signature_sizes(int secondary)
22502254

22512255
printf("info: using ML-DSA parameters: %d\n", ML_DSA_LEVEL);
22522256

2253-
ml_dsa_ret = wc_MlDsaKey_GetSigLen(&key.ml_dsa, &sig_sz);
2257+
ml_dsa_ret = wc_MlDsaKey_GetSigLen(&key.ml_dsa, (int *)&sig_sz);
22542258
if (ml_dsa_ret != 0) {
22552259
fprintf(stderr, "error: wc_MlDsaKey_GetSigLen returned %d\n",
22562260
ml_dsa_ret);
@@ -2259,7 +2263,8 @@ static void set_signature_sizes(int secondary)
22592263

22602264
DEBUG_PRINT("info: ML-DSA signature size: %d\n", sig_sz);
22612265

2262-
CMD.header_sz = 2 * sig_sz;
2266+
if (CMD.header_sz < 2 * sig_sz)
2267+
CMD.header_sz = 2 * sig_sz;
22632268
*sz = sig_sz;
22642269
}
22652270
#endif /* WOLFSSL_WC_DILITHIUM */

0 commit comments

Comments
 (0)