From f5a5231c7242480215de673560b9a33c033419f5 Mon Sep 17 00:00:00 2001 From: Joost Rijneveld Date: Wed, 28 Oct 2015 13:45:05 +0100 Subject: [PATCH] Do not perform bds_round for the last leaf --- xmss_fast.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/xmss_fast.c b/xmss_fast.c index 5aa8a04..62a6f48 100644 --- a/xmss_fast.c +++ b/xmss_fast.c @@ -690,7 +690,10 @@ int xmss_sign(unsigned char *sk, bds_state *state, unsigned char *sig_msg, unsig // the auth path was already computed during the previous round memcpy(sig_msg, state->auth, h*n); - bds_round(state, idx, sk_seed, params, (h - k) >> 1, pub_seed, ots_addr); + if (idx < (1 << h) - 1) { + bds_round(state, idx, sk_seed, params, (h - k) >> 1, pub_seed, ots_addr); + } + sig_msg += params->h*n; *sig_msg_len += params->h*n;