diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 176e39c2fd..07846bdb69 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -9530,8 +9530,8 @@ int wc_GetKeyOID(byte* key, word32 keySz, const byte** curveOID, word32* oidSz, return MEMORY_E; if (wc_falcon_init(falcon) == 0) { - tmpIdx = 0; - if (wc_falcon_set_level(falcon, 1) == 0) { + if ((*algoID == 0) && (wc_falcon_set_level(falcon, 1) == 0)) { + tmpIdx = 0; if (wc_Falcon_PrivateKeyDecode(key, &tmpIdx, falcon, keySz) == 0) { *algoID = FALCON_LEVEL1k; @@ -9540,7 +9540,8 @@ int wc_GetKeyOID(byte* key, word32 keySz, const byte** curveOID, word32* oidSz, WOLFSSL_MSG("Not Falcon Level 1 DER key"); } } - else if (wc_falcon_set_level(falcon, 5) == 0) { + if ((*algoID == 0) && (wc_falcon_set_level(falcon, 5) == 0)) { + tmpIdx = 0; if (wc_Falcon_PrivateKeyDecode(key, &tmpIdx, falcon, keySz) == 0) { *algoID = FALCON_LEVEL5k; @@ -9549,8 +9550,8 @@ int wc_GetKeyOID(byte* key, word32 keySz, const byte** curveOID, word32* oidSz, WOLFSSL_MSG("Not Falcon Level 5 DER key"); } } - else { - WOLFSSL_MSG("GetKeyOID falcon initialization failed"); + if (*algoID == 0) { + WOLFSSL_MSG("GetKeyOID could not match Falcon DER key"); } wc_falcon_free(falcon); } diff --git a/wolfcrypt/src/falcon.c b/wolfcrypt/src/falcon.c index 9a9e1eeebb..17eb006f19 100644 --- a/wolfcrypt/src/falcon.c +++ b/wolfcrypt/src/falcon.c @@ -700,6 +700,14 @@ int wc_falcon_check_key(falcon_key* key) return BAD_FUNC_ARG; } + if ((key->level != 1) && (key->level != 5)) { + return BAD_FUNC_ARG; + } + + if (!key->pubKeySet || !key->prvKeySet) { + return PUBLIC_KEY_E; + } + /* The public key is also decoded and stored within the private key buffer * behind the private key. Hence, we can compare both stored public keys. */ if (key->level == 1) {