From 67528f91b3f022bee4c43c4bdb6938de4d5792a5 Mon Sep 17 00:00:00 2001
From: Sean Parkinson <sean@wolfssl.com>
Date: Mon, 23 Sep 2024 09:05:17 +1000
Subject: [PATCH] Dilithium: fixes

Fixes to hint error dectection.
Fix public key decode to fail when DER length is zero for the public key
data.
---
 wolfcrypt/src/dilithium.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/wolfcrypt/src/dilithium.c b/wolfcrypt/src/dilithium.c
index da465efcc3..8b29994b0c 100644
--- a/wolfcrypt/src/dilithium.c
+++ b/wolfcrypt/src/dilithium.c
@@ -3411,7 +3411,7 @@ static int dilithium_check_hint(const byte* h, byte k, byte omega)
             }
         }
         /* Ensure the last hint is less than the current hint. */
-        else if (h[i - 1] > h[i]) {
+        else if (h[i - 1] >= h[i]) {
             ret = SIG_VERIFY_E;
             break;
         }
@@ -9654,7 +9654,7 @@ int wc_Dilithium_PublicKeyDecode(const byte* input, word32* inOutIdx,
                 ret = dilitihium_get_der_length(input, &idx, &length, inSz);
             }
             if (ret == 0) {
-                if (input[idx] != 0) {
+                if ((input[idx] != 0) || (length == 0)) {
                     ret = ASN_PARSE_E;
                 }
                 idx++;