Dilithium: fix check hint

When all indeces are 0, then don't check hints against indeces.
wolfSSL · Aug 5, 2024 · fc19c36 · fc19c36
1 parent 039853c
commit fc19c36
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 2 deletions.
diff --git a/tests/api.c b/tests/api.c
@@ -32389,6 +32389,12 @@ static int test_wc_dilithium_verify(void)
             0);
         ExpectIntEQ(res, 0);
         sig[100] ^= 0x80;
+
+        /* Set all indeces to 0. */
+        XMEMSET(sig + sigLen - 4, 0, 4);
+        ExpectIntEQ(wc_dilithium_verify_msg(sig, sigLen, msg, 32, &res, key),
+            SIG_VERIFY_E);
+        ExpectIntEQ(res, 0);
     }
 #endif
 

diff --git a/wolfcrypt/src/dilithium.c b/wolfcrypt/src/dilithium.c
@@ -3183,11 +3183,11 @@ static int dilithium_check_hint(const byte* h, byte k, byte omega)
     unsigned int i;
 
     /* Skip polynomial index while count is 0. */
-    while ((h[omega + o] == 0) && (o < k)) {
+    while ((o < k) && (h[omega + o] == 0)) {
         o++;
     }
     /* Check all possible hints. */
-    for (i = 1; i < omega; i++) {
+    for (i = 1; (o < k) && (i < omega); i++) {
         /* Done with polynomial if index equals count of hints. */
         if (i == h[omega + o]) {
             /* Next polynomial index while count is index. */