Add crypto callbacks for LMS and XMSS#10380
Add crypto callbacks for LMS and XMSS#10380padelsbach wants to merge 1 commit intowolfSSL:masterfrom
Conversation
wolfSSL-Fenrir-bot
left a comment
wolfSSL-Fenrir-bot
left a comment
There was a problem hiding this comment.
Fenrir Automated Review — PR #10380
Scan targets checked: wolfcrypt-bugs, wolfcrypt-src
Findings: 1
1 finding(s) posted as inline comments (see file-level comments below)
This review was generated automatically by Fenrir. Findings are non-blocking.
| switch (key->params->hash) { | ||
| #ifdef WC_XMSS_SHA256 | ||
| case WC_HASH_TYPE_SHA256: | ||
| ret = wc_Hash(WC_HASH_TYPE_SHA256, msg, msgSz, hash, needSz); |
There was a problem hiding this comment.
🟠 [Medium] wc_XmssKey_HashMsg breaks for XMSS-SHA2_*_192 (SHA-256 truncated) · Logic errors
For XMSS-SHA2_*_192 variants params->n is 24 while params->hash is WC_HASH_TYPE_SHA256. wc_Hash rejects hash_len < 32 with BUFFER_E, so the helper always fails for the 192-bit profiles. The LMS counterpart hashes into a 32-byte stack buffer and copies needSz bytes; the XMSS path skips that step.
Fix: Hash into a WC_SHA256_DIGEST_SIZE stack buffer and XMEMCPY(hash, full, needSz), mirroring the LMS_SHA256_192 path.
2 participants
Description
Testing
How did you test?
Checklist