wolfSSL
diff --git a/‎doc/LMS_XMSS_CryptoCb.md‎
Lines changed: 0 additions & 186 deletions b/‎doc/LMS_XMSS_CryptoCb.md‎
Lines changed: 0 additions & 186 deletions
diff --git a/‎wolfcrypt/src/wc_lms.c‎
Lines changed: 61 additions & 79 deletions b/‎wolfcrypt/src/wc_lms.c‎
Lines changed: 61 additions & 79 deletions
@@ -41,73 +41,6 @@
     #include <wolfssl/wolfcrypt/cryptocb.h>
 #endif
 
-/* Compute the digest of msg using the hash function dictated by the LMS
- * parameter set. Crypto-callback / HSM backends that follow PKCS#11 v3.2
- * CKM_HSS semantics (pre-computed digest input) can call this from within
- * their callback; backends that take the raw message (e.g. wolfHSM) can
- * ignore it. *hashSz is in/out: it must be at least params->hash_len on
- * entry and is set to the actual digest length on success.
- *
- * @param [in]      key     LMS key (must have a parameter set bound).
- * @param [in]      msg     Message to hash.
- * @param [in]      msgSz   Length of msg in bytes.
- * @param [out]     hash    Buffer receiving the digest.
- * @param [in,out]  hashSz  On entry, size of hash buffer. On success,
- *                          the digest length.
- * @return  0 on success.
- * @return  BAD_FUNC_ARG when an argument is NULL or the buffer is too
- *          small for the digest.
- * @return  NOT_COMPILED_IN when the param set's hash family is disabled.
- */
-int wc_LmsKey_HashMsg(const LmsKey* key, const byte* msg, word32 msgSz,
-    byte* hash, word32* hashSz)
-{
-    int ret = 0;
-    word32 needSz;
-
-    if ((key == NULL) || (msg == NULL) || (hash == NULL) || (hashSz == NULL))
-        return BAD_FUNC_ARG;
-    if (key->params == NULL)
-        return BAD_FUNC_ARG;
-    needSz = (word32)key->params->hash_len;
-    if (*hashSz < needSz)
-        return BAD_FUNC_ARG;
-
-    switch (key->params->lmsType & 0xF000) {
-        case LMS_SHA256:      /* 32-byte SHA-256 */
-        case LMS_SHA256_192:  /* SHA-256 truncated to 24 bytes */ {
-            byte full[WC_SHA256_DIGEST_SIZE];
-            ret = wc_Sha256Hash(msg, msgSz, full);
-            if (ret == 0)
-                XMEMCPY(hash, full, needSz);
-            break;
-        }
-    #ifdef WOLFSSL_LMS_SHAKE256
-        case LMS_SHAKE256:      /* SHAKE256 with 32-byte output */
-        case LMS_SHAKE256_192:  /* SHAKE256 with 24-byte output */ {
-            wc_Shake shake;
-            ret = wc_InitShake256(&shake, NULL, INVALID_DEVID);
-            if (ret == 0) {
-                ret = wc_Shake256_Update(&shake, msg, msgSz);
-                if (ret == 0)
-                    ret = wc_Shake256_Final(&shake, hash, needSz);
-                wc_Shake256_Free(&shake);
-            }
-            break;
-        }
-    #endif
-        default:
-            WOLFSSL_MSG("LMS: unsupported hash family for HashMsg");
-            ret = NOT_COMPILED_IN;
-            break;
-    }
-
-    if (ret == 0)
-        *hashSz = needSz;
-
-    return ret;
-}
-
 
 /* Calculate u. Appendix B. Works for w of 1, 2, 4, or 8.
  *
@@ -1134,10 +1067,6 @@ int wc_LmsKey_MakeKey(LmsKey* key, WC_RNG* rng)
         WOLFSSL_MSG("error: LmsKey write callback is not set");
         ret = BAD_FUNC_ARG;
     }
-    /* Callback context is opaque to wolfCrypt and may legitimately be NULL
-     * (e.g. callbacks that read/write a static buffer or HSM-backed keys
-     * with stub callbacks); no check needed here. */
-
     if (ret == 0) {
         const LmsParams* params = key->params;
         priv_data_len = LMS_PRIV_DATA_LEN(params->levels, params->height,
@@ -1250,7 +1179,6 @@ int wc_LmsKey_Reload(LmsKey* key)
         WOLFSSL_MSG("error: LmsKey read callback is not set");
         ret = BAD_FUNC_ARG;
     }
-    /* Callback context is opaque; NULL is allowed. */
 
     if (ret == 0) {
         const LmsParams* params = key->params;
@@ -1354,6 +1282,66 @@ int wc_LmsKey_GetPrivLen(const LmsKey* key, word32* len)
     return ret;
 }
 
+/* Compute the digest of msg using the hash function dictated by the LMS
+ * parameter set. Crypto-callback / HSM backends that follow PKCS#11 v3.2
+ * CKM_HSS semantics (pre-computed digest input) can call this from within
+ * their callback; backends that take the raw message (e.g. wolfHSM) can
+ * ignore it. *hashSz is in/out: it must be at least params->hash_len on
+ * entry and is set to the actual digest length on success.
+ *
+ * @param [in]      key     LMS key (must have a parameter set bound).
+ * @param [in]      msg     Message to hash.
+ * @param [in]      msgSz   Length of msg in bytes.
+ * @param [out]     hash    Buffer receiving the digest.
+ * @param [in,out]  hashSz  On entry, size of hash buffer. On success,
+ *                          the digest length.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when an argument is NULL or the buffer is too
+ *          small for the digest.
+ * @return  NOT_COMPILED_IN when the param set's hash family is disabled.
+ */
+int wc_LmsKey_HashMsg(const LmsKey* key, const byte* msg, word32 msgSz,
+    byte* hash, word32* hashSz)
+{
+    int ret = 0;
+    word32 needSz;
+
+    if ((key == NULL) || (msg == NULL) || (hash == NULL) || (hashSz == NULL))
+        return BAD_FUNC_ARG;
+    if (key->params == NULL)
+        return BAD_FUNC_ARG;
+    needSz = (word32)key->params->hash_len;
+    if (*hashSz < needSz)
+        return BAD_FUNC_ARG;
+
+    switch (key->params->lmsType & LMS_HASH_MASK) {
+        case LMS_SHA256:      /* 32-byte SHA-256 */
+        case LMS_SHA256_192:  /* SHA-256 truncated to 24 bytes */ {
+            byte full[WC_SHA256_DIGEST_SIZE];
+            ret = wc_Sha256Hash(msg, msgSz, full);
+            if (ret == 0)
+                XMEMCPY(hash, full, needSz);
+            break;
+        }
+    #ifdef WOLFSSL_LMS_SHAKE256
+        case LMS_SHAKE256:      /* SHAKE256 with 32-byte output */
+        case LMS_SHAKE256_192:  /* SHAKE256 with 24-byte output */ {
+            ret = wc_Shake256Hash(msg, msgSz, hash, needSz);
+            break;
+        }
+    #endif
+        default:
+            WOLFSSL_MSG("LMS: unsupported hash family for HashMsg");
+            ret = NOT_COMPILED_IN;
+            break;
+    }
+
+    if (ret == 0)
+        *hashSz = needSz;
+
+    return ret;
+}
+
 /* Sign a message.
  *
  * @param [in, out] key    LMS key to sign with.
@@ -1419,7 +1407,6 @@ int wc_LmsKey_Sign(LmsKey* key, byte* sig, word32* sigSz, const byte* msg,
         WOLFSSL_MSG("error: LmsKey write/read callbacks are not set");
         ret = BAD_FUNC_ARG;
     }
-    /* Callback context is opaque; NULL is allowed. */
 
     if (ret == 0) {
         WC_DECLARE_VAR(state, LmsState, 1, 0);
@@ -1493,9 +1480,7 @@ int wc_LmsKey_SigsLeft(LmsKey* key)
             int cbRet = wc_CryptoCb_PqcStatefulSigSigsLeft(
                 WC_PQC_STATEFUL_SIG_TYPE_LMS, key, &sigsLeft);
             if (cbRet == 0) {
-                /* Clamp to int range; callers treat 0 as "exhausted". */
-                return (sigsLeft > (word32)0x7FFFFFFF)
-                    ? 0x7FFFFFFF : (int)sigsLeft;
+                return (sigsLeft != 0) ? 1 : 0;
             }
             /* The device owns the private state; no safe software fallback
              * exists because key->priv_raw does not reflect HSM state. */
@@ -1734,9 +1719,6 @@ int wc_LmsKey_Verify(LmsKey* key, const byte* sig, word32 sigSz,
     if ((key == NULL) || (sig == NULL) || (msg == NULL)) {
         ret = BAD_FUNC_ARG;
     }
-    if ((ret == 0) && (msgSz <= 0)) {
-        ret = BAD_FUNC_ARG;
-    }
     /* Check state. */
     if ((ret == 0) && (key->state != WC_LMS_STATE_OK) &&
             (key->state != WC_LMS_STATE_VERIFYONLY)) {