Skip to content

Commit

Permalink
Fix windows-x86 and arm compiling error. (#1634)
Browse files Browse the repository at this point in the history
* Fix windows-x86 and arm compiling error.

---------

Co-authored-by: Norman Ashley <[email protected]>
  • Loading branch information
2 people authored and SWilson4 committed Apr 12, 2024
1 parent c3e84cd commit 86b39cf
Show file tree
Hide file tree
Showing 11 changed files with 132 additions and 107 deletions.
2 changes: 1 addition & 1 deletion CMakeLists.txt
Original file line number Diff line number Diff line change
Expand Up @@ -196,13 +196,13 @@ endif()
if(OQS_ENABLE_SIG_SPHINCS)
set(PUBLIC_HEADERS ${PUBLIC_HEADERS} ${PROJECT_SOURCE_DIR}/src/sig/sphincs/sig_sphincs.h)
endif()
##### OQS_COPY_FROM_UPSTREAM_FRAGMENT_INCLUDE_HEADERS_END
if(OQS_ENABLE_SIG_STFL_XMSS)
set(PUBLIC_HEADERS ${PUBLIC_HEADERS} ${PROJECT_SOURCE_DIR}/src/sig_stfl/xmss/sig_stfl_xmss.h)
endif()
if(OQS_ENABLE_SIG_STFL_LMS)
set(PUBLIC_HEADERS ${PUBLIC_HEADERS} ${PROJECT_SOURCE_DIR}/src/sig_stfl/lms/sig_stfl_lms.h)
endif()
##### OQS_COPY_FROM_UPSTREAM_FRAGMENT_INCLUDE_HEADERS_END
execute_process(COMMAND ${CMAKE_COMMAND} -E make_directory ${PROJECT_BINARY_DIR}/include/oqs)
execute_process(COMMAND ${CMAKE_COMMAND} -E copy ${PUBLIC_HEADERS} ${PROJECT_BINARY_DIR}/include/oqs)
execute_process(COMMAND ${CMAKE_COMMAND} -E copy ${INTERNAL_HEADERS} ${PROJECT_BINARY_DIR}/include/oqs)
Expand Down
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -68,9 +68,9 @@ All names other than `ML-KEM` and `ML-DSA` are subject to change. `liboqs` makes
- **ML-DSA**: ML-DSA-44-ipd (alias: ML-DSA-44), ML-DSA-65-ipd (alias: ML-DSA-65), ML-DSA-87-ipd (alias: ML-DSA-87)
- **SPHINCS+-SHA2**: SPHINCS+-SHA2-128f-simple, SPHINCS+-SHA2-128s-simple, SPHINCS+-SHA2-192f-simple, SPHINCS+-SHA2-192s-simple, SPHINCS+-SHA2-256f-simple, SPHINCS+-SHA2-256s-simple
- **SPHINCS+-SHAKE**: SPHINCS+-SHAKE-128f-simple, SPHINCS+-SHAKE-128s-simple, SPHINCS+-SHAKE-192f-simple, SPHINCS+-SHAKE-192s-simple, SPHINCS+-SHAKE-256f-simple, SPHINCS+-SHAKE-256s-simple
<!--- OQS_TEMPLATE_FRAGMENT_LIST_SIGS_END -->
- **XMSS**: XMSS-SHA2_10_256, XMSS-SHA2_16_256, XMSS-SHA2_20_256, XMSS-SHAKE_10_256, XMSS-SHAKE_16_256, XMSS-SHAKE_20_256, XMSS-SHA2_10_512, XMSS-SHA2_16_512, XMSS-SHA2_20_512, XMSS-SHAKE_10_512, XMSS-SHAKE_16_512, XMSS-SHAKE_20_512, XMSSMT-SHA2_20/2_256, XMSSMT-SHA2_20/4_256, XMSSMT-SHA2_40/2_256, XMSSMT-SHA2_40/4_256, XMSSMT-SHA2_40/8_256, XMSSMT-SHA2_60/3_256, XMSSMT-SHA2_60/6_256, XMSSMT-SHA2_60/12_256, XMSSMT-SHAKE_20/2_256, XMSSMT-SHAKE_20/4_256, XMSSMT-SHAKE_40/2_256, XMSSMT-SHAKE_40/4_256, XMSSMT-SHAKE_40/8_256, XMSSMT-SHAKE_60/3_256, XMSSMT-SHAKE_60/6_256, XMSSMT-SHAKE_60/12_256
- **LMS**: LMS_SHA256_H5_W1, LMS_SHA256_H5_W2, LMS_SHA256_H5_W4, LMS_SHA256_H5_W8, LMS_SHA256_H10_W1, LMS_SHA256_H10_W2, LMS_SHA256_H10_W4, LMS_SHA256_H10_W8, LMS_SHA256_H15_W1, LMS_SHA256_H15_W2, LMS_SHA256_H15_W4, LMS_SHA256_H15_W8, LMS_SHA256_H20_W1, LMS_SHA256_H20_W2, LMS_SHA256_H20_W4, LMS_SHA256_H20_W8, LMS_SHA256_H25_W1, LMS_SHA256_H25_W2, LMS_SHA256_H25_W4, LMS_SHA256_H25_W8, LMS_SHA256_H5_W8_H5_W8, LMS_SHA256_H10_W4_H5_W8, LMS_SHA256_H10_W8_H5_W8, LMS_SHA256_H10_W2_H10_W2, LMS_SHA256_H10_W4_H10_W4, LMS_SHA256_H10_W8_H10_W8, LMS_SHA256_H15_W8_H5_W8, LMS_SHA256_H15_W8_H10_W8, LMS_SHA256_H15_W8_H15_W8, LMS_SHA256_H20_W8_H5_W8, LMS_SHA256_H20_W8_H10_W8, LMS_SHA256_H20_W8_H15_W8, LMS_SHA256_H20_W8_H20_W8
<!--- OQS_TEMPLATE_FRAGMENT_LIST_SIGS_END -->

Note that for algorithms marked with a dagger (†), liboqs contains at least one implementation that uses a large amount of stack space; this may cause failures when run in threads or in constrained environments. For more information, consult the algorithm information sheets in the [docs/algorithms](https://github.com/open-quantum-safe/liboqs/tree/main/docs/algorithms) folder.

Expand Down
2 changes: 1 addition & 1 deletion scripts/copy_from_upstream/copy_from_upstream.py
Original file line number Diff line number Diff line change
Expand Up @@ -642,7 +642,7 @@ def verify_from_upstream():
'{}_{}_{}'.format(impl['upstream']['name'], scheme['pqclean_scheme'], impl))
verifydir = os.path.join(basedir, 'src', family['type'], family['name'],
'{}_{}_{}'.format(impl['upstream']['name'], scheme['pqclean_scheme'], impl))
if not os.path.isdir(oqsdir) and os.path.isdir(erifydir):
if not os.path.isdir(oqsdir) and os.path.isdir(verifydir):
print('Available implementation in upstream that isn\'t integrated into LIBOQS: {}_{}_{}'.format(impl['upstream']['name'],
scheme['pqclean_scheme'], impl))
else:
Expand Down
110 changes: 54 additions & 56 deletions src/common/sha2/sha2_armv8.c
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,6 @@
* from http://bench.cr.yp.to/supercop.html
* by D. J. Bernstein */


static uint64_t load_bigendian_64(const uint8_t *x) {
return (uint64_t)(x[7]) | (((uint64_t)(x[6])) << 8) |
(((uint64_t)(x[5])) << 16) | (((uint64_t)(x[4])) << 24) |
Expand All @@ -24,21 +23,21 @@ static uint64_t load_bigendian_64(const uint8_t *x) {
}

static void store_bigendian_64(uint8_t *x, uint64_t u) {
x[7] = (uint8_t) u;
x[7] = (uint8_t)u;
u >>= 8;
x[6] = (uint8_t) u;
x[6] = (uint8_t)u;
u >>= 8;
x[5] = (uint8_t) u;
x[5] = (uint8_t)u;
u >>= 8;
x[4] = (uint8_t) u;
x[4] = (uint8_t)u;
u >>= 8;
x[3] = (uint8_t) u;
x[3] = (uint8_t)u;
u >>= 8;
x[2] = (uint8_t) u;
x[2] = (uint8_t)u;
u >>= 8;
x[1] = (uint8_t) u;
x[1] = (uint8_t)u;
u >>= 8;
x[0] = (uint8_t) u;
x[0] = (uint8_t)u;
}

static size_t crypto_hashblocks_sha256_armv8(uint8_t *statebytes,
Expand All @@ -63,9 +62,9 @@ static size_t crypto_hashblocks_sha256_armv8(uint8_t *statebytes,
};
unsigned long long pos = 0;
/* load constants */
uint32x4_t c0 = vld1q_u32(s256cst + 0);
uint32x4_t c1 = vld1q_u32(s256cst + 4);
uint32x4_t c2 = vld1q_u32(s256cst + 8);
uint32x4_t c0 = vld1q_u32(s256cst + 0);
uint32x4_t c1 = vld1q_u32(s256cst + 4);
uint32x4_t c2 = vld1q_u32(s256cst + 8);
uint32x4_t c3 = vld1q_u32(s256cst + 12);
uint32x4_t c4 = vld1q_u32(s256cst + 16);
uint32x4_t c5 = vld1q_u32(s256cst + 20);
Expand All @@ -80,13 +79,13 @@ static size_t crypto_hashblocks_sha256_armv8(uint8_t *statebytes,
uint32x4_t ce = vld1q_u32(s256cst + 56);
uint32x4_t cf = vld1q_u32(s256cst + 60);
/* load state */
uint32x4_t d0 = vld1q_u32((uint32_t *)(statebytes + 0));
uint32x4_t d0 = vld1q_u32((uint32_t *)(statebytes + 0));
uint32x4_t d1 = vld1q_u32((uint32_t *)(statebytes + 16));
uint32x4_t s0, s1, h0, h1;
/* make state big-endian */
d0 = vreinterpretq_u32_u8(vrev32q_u8(vreinterpretq_u8_u32(d0)));
d1 = vreinterpretq_u32_u8(vrev32q_u8(vreinterpretq_u8_u32(d1)));
while (length >= 64) {
while (length >= 64) {
/* load one block */
uint32x4_t i0 = vld1q_u32((const uint32_t *)(data + pos + 0));
uint32x4_t i1 = vld1q_u32((const uint32_t *)(data + pos + 16));
Expand All @@ -110,33 +109,33 @@ static size_t crypto_hashblocks_sha256_armv8(uint8_t *statebytes,
* using 16 constants in c0..c3
* we need h0,h1,x0,x1 as scratch
*/
#define DO16ROUNDS(i0, i1, i2, i3, c0, c1, c2, c3) \
h0 = vaddq_u32(i0, c0); \
x0 = vsha256hq_u32(s0, s1, h0); \
x1 = vsha256h2q_u32(s1, s0, h0); \
h1 = vaddq_u32(i1, c1); \
s0 = vsha256hq_u32(x0, x1, h1); \
s1 = vsha256h2q_u32(x1, x0, h1); \
h0 = vaddq_u32(i2, c2); \
x0 = vsha256hq_u32(s0, s1, h0); \
x1 = vsha256h2q_u32(s1, s0, h0); \
h1 = vaddq_u32(i3, c3); \
s0 = vsha256hq_u32(x0, x1, h1); \
s1 = vsha256h2q_u32(x1, x0, h1)
#define DO16ROUNDS(i0, i1, i2, i3, c0, c1, c2, c3) \
h0 = vaddq_u32(i0, c0); \
x0 = vsha256hq_u32(s0, s1, h0); \
x1 = vsha256h2q_u32(s1, s0, h0); \
h1 = vaddq_u32(i1, c1); \
s0 = vsha256hq_u32(x0, x1, h1); \
s1 = vsha256h2q_u32(x1, x0, h1); \
h0 = vaddq_u32(i2, c2); \
x0 = vsha256hq_u32(s0, s1, h0); \
x1 = vsha256h2q_u32(s1, s0, h0); \
h1 = vaddq_u32(i3, c3); \
s0 = vsha256hq_u32(x0, x1, h1); \
s1 = vsha256h2q_u32(x1, x0, h1)

/*
* this expands the block (or previously
* expanded) in i0..i3 to j0..j3
*/
#define DO16EXPANDS(i0, i1, i2, i3, j0, j1, j2, j3) \
j0 = vsha256su0q_u32(i0, i1); \
j0 = vsha256su1q_u32(j0, i2, i3); \
j1 = vsha256su0q_u32(i1, i2); \
j1 = vsha256su1q_u32(j1, i3, j0); \
j2 = vsha256su0q_u32(i2, i3); \
j2 = vsha256su1q_u32(j2, j0, j1); \
j3 = vsha256su0q_u32(i3, j0); \
j3 = vsha256su1q_u32(j3, j1, j2)
j0 = vsha256su0q_u32(i0, i1); \
j0 = vsha256su1q_u32(j0, i2, i3); \
j1 = vsha256su0q_u32(i1, i2); \
j1 = vsha256su1q_u32(j1, i3, j0); \
j2 = vsha256su0q_u32(i2, i3); \
j2 = vsha256su1q_u32(j2, j0, j1); \
j3 = vsha256su0q_u32(i3, j0); \
j3 = vsha256su1q_u32(j3, j1, j2)

DO16ROUNDS(i0, i1, i2, i3, c0, c1, c2, c3);

Expand All @@ -163,11 +162,10 @@ static size_t crypto_hashblocks_sha256_armv8(uint8_t *statebytes,
/* store back to little-endian */
d0 = vreinterpretq_u32_u8(vrev32q_u8(vreinterpretq_u8_u32(d0)));
d1 = vreinterpretq_u32_u8(vrev32q_u8(vreinterpretq_u8_u32(d1)));
vst1q_u32((uint32_t *)(statebytes + 0), d0);
vst1q_u32((uint32_t *)(statebytes + 0), d0);
vst1q_u32((uint32_t *)(statebytes + 16), d1);

return length;

}

void oqs_sha2_sha256_inc_finalize_armv8(uint8_t *out, sha256ctx *state, const uint8_t *in, size_t inlen) {
Expand All @@ -180,7 +178,8 @@ void oqs_sha2_sha256_inc_finalize_armv8(uint8_t *out, sha256ctx *state, const ui

if (new_inlen == inlen) {
new_in = in;
} else { //Combine incremental data with final input
} else {
// Combine incremental data with final input
tmp_in = malloc(tmp_len);
if (tmp_in == NULL) {
exit(111);
Expand All @@ -201,7 +200,6 @@ void oqs_sha2_sha256_inc_finalize_armv8(uint8_t *out, sha256ctx *state, const ui
new_inlen &= 63;
new_in -= new_inlen;


for (size_t i = 0; i < new_inlen; ++i) {
padded[i] = new_in[i];
}
Expand All @@ -211,27 +209,27 @@ void oqs_sha2_sha256_inc_finalize_armv8(uint8_t *out, sha256ctx *state, const ui
for (size_t i = new_inlen + 1; i < 56; ++i) {
padded[i] = 0;
}
padded[56] = (uint8_t) (bytes >> 53);
padded[57] = (uint8_t) (bytes >> 45);
padded[58] = (uint8_t) (bytes >> 37);
padded[59] = (uint8_t) (bytes >> 29);
padded[60] = (uint8_t) (bytes >> 21);
padded[61] = (uint8_t) (bytes >> 13);
padded[62] = (uint8_t) (bytes >> 5);
padded[63] = (uint8_t) (bytes << 3);
padded[56] = (uint8_t)(bytes >> 53);
padded[57] = (uint8_t)(bytes >> 45);
padded[58] = (uint8_t)(bytes >> 37);
padded[59] = (uint8_t)(bytes >> 29);
padded[60] = (uint8_t)(bytes >> 21);
padded[61] = (uint8_t)(bytes >> 13);
padded[62] = (uint8_t)(bytes >> 5);
padded[63] = (uint8_t)(bytes << 3);
crypto_hashblocks_sha256_armv8(state->ctx, padded, 64);
} else {
for (size_t i = new_inlen + 1; i < 120; ++i) {
padded[i] = 0;
}
padded[120] = (uint8_t) (bytes >> 53);
padded[121] = (uint8_t) (bytes >> 45);
padded[122] = (uint8_t) (bytes >> 37);
padded[123] = (uint8_t) (bytes >> 29);
padded[124] = (uint8_t) (bytes >> 21);
padded[125] = (uint8_t) (bytes >> 13);
padded[126] = (uint8_t) (bytes >> 5);
padded[127] = (uint8_t) (bytes << 3);
padded[120] = (uint8_t)(bytes >> 53);
padded[121] = (uint8_t)(bytes >> 45);
padded[122] = (uint8_t)(bytes >> 37);
padded[123] = (uint8_t)(bytes >> 29);
padded[124] = (uint8_t)(bytes >> 21);
padded[125] = (uint8_t)(bytes >> 13);
padded[126] = (uint8_t)(bytes >> 5);
padded[127] = (uint8_t)(bytes << 3);
crypto_hashblocks_sha256_armv8(state->ctx, padded, 128);
}

Expand Down Expand Up @@ -314,7 +312,7 @@ void oqs_sha2_sha256_inc_armv8(sha256ctx *state, const uint8_t *in, size_t len)
}

void oqs_sha2_sha224_inc_blocks_armv8(sha224ctx *state, const uint8_t *in, size_t inblocks) {
oqs_sha2_sha256_inc_blocks_armv8((sha256ctx *) state, in, inblocks);
oqs_sha2_sha256_inc_blocks_armv8((sha256ctx *)state, in, inblocks);
}

void oqs_sha2_sha256_armv8(uint8_t *out, const uint8_t *in, size_t inlen) {
Expand Down
2 changes: 2 additions & 0 deletions src/oqsconfig.h.cmake
Original file line number Diff line number Diff line change
Expand Up @@ -221,6 +221,7 @@
#cmakedefine OQS_ENABLE_SIG_STFL_xmssmt_shake128_h60_6 1
#cmakedefine OQS_ENABLE_SIG_STFL_xmssmt_shake128_h60_12 1


#cmakedefine OQS_ENABLE_SIG_STFL_LMS 1
#cmakedefine OQS_ENABLE_SIG_STFL_lms_sha256_h5_w1 1
#cmakedefine OQS_ENABLE_SIG_STFL_lms_sha256_h5_w2 1
Expand All @@ -235,3 +236,4 @@
#cmakedefine OQS_ENABLE_SIG_STFL_lms_sha256_h15_w4 1
#cmakedefine OQS_ENABLE_SIG_STFL_lms_sha256_h5_w8_h5_w8 1
#cmakedefine OQS_ENABLE_SIG_STFL_lms_sha256_h10_w4_h5_w8 1

4 changes: 2 additions & 2 deletions src/sig_stfl/lms/sig_stfl_lms.h
Original file line number Diff line number Diff line change
Expand Up @@ -251,8 +251,8 @@ OQS_API OQS_SIG_STFL *OQS_SIG_STFL_alg_lms_sha256_h25_w4_new(void);
OQS_API OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_LMS_SHA256_H25_W8_new(void);
OQS_API OQS_SIG_STFL *OQS_SIG_STFL_alg_lms_sha256_h25_w8_new(void);

OQS_API OQS_API OQS_STATUS OQS_SIG_STFL_lms_sigs_left(unsigned long long *remain, const OQS_SIG_STFL_SECRET_KEY *secret_key);
OQS_API OQS_API OQS_STATUS OQS_SIG_STFL_lms_sigs_total(unsigned long long *totaln, const OQS_SIG_STFL_SECRET_KEY *secret_key);
OQS_API OQS_STATUS OQS_SIG_STFL_lms_sigs_left(unsigned long long *remain, const OQS_SIG_STFL_SECRET_KEY *secret_key);
OQS_API OQS_STATUS OQS_SIG_STFL_lms_sigs_total(unsigned long long *totaln, const OQS_SIG_STFL_SECRET_KEY *secret_key);

void OQS_SECRET_KEY_LMS_free(OQS_SIG_STFL_SECRET_KEY *sk);

Expand Down
14 changes: 7 additions & 7 deletions src/sig_stfl/sig_stfl.h
Original file line number Diff line number Diff line change
Expand Up @@ -485,7 +485,7 @@ OQS_API void OQS_SIG_STFL_SECRET_KEY_free(OQS_SIG_STFL_SECRET_KEY *sk);
* @param[in] lock function pointer
*
*/
void OQS_SIG_STFL_SECRET_KEY_SET_lock(OQS_SIG_STFL_SECRET_KEY *sk, lock_key lock);
OQS_API void OQS_SIG_STFL_SECRET_KEY_SET_lock(OQS_SIG_STFL_SECRET_KEY *sk, lock_key lock);

/**
* OQS_SIG_STFL_SECRET_KEY_SET_unlock .
Expand All @@ -496,7 +496,7 @@ void OQS_SIG_STFL_SECRET_KEY_SET_lock(OQS_SIG_STFL_SECRET_KEY *sk, lock_key lock
* @param[in] unlock function pointer
*
*/
void OQS_SIG_STFL_SECRET_KEY_SET_unlock(OQS_SIG_STFL_SECRET_KEY *sk, unlock_key unlock);
OQS_API void OQS_SIG_STFL_SECRET_KEY_SET_unlock(OQS_SIG_STFL_SECRET_KEY *sk, unlock_key unlock);

/**
* OQS_SIG_STFL_SECRET_KEY_SET_mutex .
Expand All @@ -507,7 +507,7 @@ void OQS_SIG_STFL_SECRET_KEY_SET_unlock(OQS_SIG_STFL_SECRET_KEY *sk, unlock_key
* @param[in] mutex function pointer
*
*/
void OQS_SIG_STFL_SECRET_KEY_SET_mutex(OQS_SIG_STFL_SECRET_KEY *sk, void *mutex);
OQS_API void OQS_SIG_STFL_SECRET_KEY_SET_mutex(OQS_SIG_STFL_SECRET_KEY *sk, void *mutex);

/**
* OQS_SIG_STFL_SECRET_KEY_lock .
Expand All @@ -518,7 +518,7 @@ void OQS_SIG_STFL_SECRET_KEY_SET_mutex(OQS_SIG_STFL_SECRET_KEY *sk, void *mutex)
* @return OQS_SUCCESS if successful, or OQS_ERROR if the object fails to apply the lock
*
*/
OQS_STATUS OQS_SIG_STFL_SECRET_KEY_lock(OQS_SIG_STFL_SECRET_KEY *sk);
OQS_API OQS_STATUS OQS_SIG_STFL_SECRET_KEY_lock(OQS_SIG_STFL_SECRET_KEY *sk);

/**
* OQS_SIG_STFL_SECRET_KEY_unlock .
Expand All @@ -529,7 +529,7 @@ OQS_STATUS OQS_SIG_STFL_SECRET_KEY_lock(OQS_SIG_STFL_SECRET_KEY *sk);
* @return OQS_SUCCESS if successful, or OQS_ERROR if the object fails to release the lock
*
*/
OQS_STATUS OQS_SIG_STFL_SECRET_KEY_unlock(OQS_SIG_STFL_SECRET_KEY *sk);
OQS_API OQS_STATUS OQS_SIG_STFL_SECRET_KEY_unlock(OQS_SIG_STFL_SECRET_KEY *sk);

/**
* OQS_SIG_STFL_SECRET_KEY_SET_store_cb .
Expand All @@ -543,7 +543,7 @@ OQS_STATUS OQS_SIG_STFL_SECRET_KEY_unlock(OQS_SIG_STFL_SECRET_KEY *sk);
* Applications allocates, tracks, deallocates this. Signature generation fails without this set.
*
*/
void OQS_SIG_STFL_SECRET_KEY_SET_store_cb(OQS_SIG_STFL_SECRET_KEY *sk, secure_store_sk store_cb, void *context);
OQS_API void OQS_SIG_STFL_SECRET_KEY_SET_store_cb(OQS_SIG_STFL_SECRET_KEY *sk, secure_store_sk store_cb, void *context);

/**
* OQS_SECRET_KEY_STFL_serialize_key .
Expand Down Expand Up @@ -572,7 +572,7 @@ OQS_API OQS_STATUS OQS_SECRET_KEY_STFL_serialize_key(uint8_t **sk_buf_ptr, size_
OQS_API OQS_STATUS OQS_SECRET_KEY_STFL_deserialize_key(OQS_SIG_STFL_SECRET_KEY *sk, size_t key_len, const uint8_t *sk_buf, void *context);

#if defined(__cplusplus)
} // extern "C"
// extern "C"
#endif

#endif /* OQS_SIG_STATEFUL_H */
14 changes: 10 additions & 4 deletions src/sig_stfl/xmss/external/xmss_commons.c
Original file line number Diff line number Diff line change
Expand Up @@ -151,8 +151,8 @@ int xmssmt_core_sign_open(const xmss_params *params,
unsigned char *root = leaf + params->n;

unsigned long long prefix_length = params->padding_len + 3*params->n;
unsigned char m_with_prefix[mlen + prefix_length];

unsigned long long m_with_prefix_len = mlen + prefix_length;
unsigned char *m_with_prefix = NULL;
unsigned char *mhash = root;
unsigned long long idx = 0;
unsigned int i, ret;
Expand All @@ -169,13 +169,18 @@ int xmssmt_core_sign_open(const xmss_params *params,
// Unused since smlen is a constant
(void) smlen;

if ((m_with_prefix_len == 0) || (m_with_prefix = malloc(m_with_prefix_len)) == NULL){
ret = -1;
goto fail;
}

/* Convert the index bytes from the signature to an integer. */
idx = bytes_to_ull(sm, params->index_bytes);

/* Put the message at the m_with_prefix buffer, so that we can
* prepend the required other inputs for the hash function. */
memcpy(m_with_prefix, sm + params->sig_bytes - prefix_length, prefix_length);
memcpy(m_with_prefix + prefix_length, m, mlen);
memcpy(m_with_prefix, sm + params->sig_bytes - prefix_length, (size_t)prefix_length);
memcpy(m_with_prefix + prefix_length, m, (size_t)mlen);

/* Compute the message hash. */
hash_message(params, mhash, sm + params->index_bytes, pk, idx,
Expand Down Expand Up @@ -221,6 +226,7 @@ int xmssmt_core_sign_open(const xmss_params *params,
ret = 0;
fail:
OQS_MEM_insecure_free(tmp);
OQS_MEM_insecure_free(m_with_prefix);
return ret;

}
Loading

0 comments on commit 86b39cf

Please sign in to comment.