From ec552bfd2f7ad2647b2e778b59c3a16ae4a941e5 Mon Sep 17 00:00:00 2001
From: Sean Parkinson <sean@wolfssl.com>
Date: Wed, 22 May 2024 07:42:49 +1000
Subject: [PATCH] Merge pull request #7566 from douzzer/20240521-fix-overshifts

20240521-fix-overshifts
---
 src/ssl.c                    | 5 ++++-
 wolfcrypt/src/wc_xmss_impl.c | 2 +-
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/src/ssl.c b/src/ssl.c
index f468dc5e0e..d027ef01b0 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -21564,7 +21564,10 @@ int set_curves_list(WOLFSSL* ssl, WOLFSSL_CTX *ctx, const char* names,
     for (i = 0; i < groups_len; ++i) {
         /* Switch the bit to off and therefore is enabled. */
         curve = (word16)groups[i];
-        if (curve >= 32) {
+        if (curve >= 64) {
+            WC_DO_NOTHING;
+        }
+        else if (curve >= 32) {
             /* 0 is for invalid and 1-14 aren't used otherwise. */
             disabled &= ~(1U << (curve - 32));
         }
diff --git a/wolfcrypt/src/wc_xmss_impl.c b/wolfcrypt/src/wc_xmss_impl.c
index 45daa704cd..5037854f2a 100644
--- a/wolfcrypt/src/wc_xmss_impl.c
+++ b/wolfcrypt/src/wc_xmss_impl.c
@@ -3926,7 +3926,7 @@ static int wc_xmssmt_sign_next_idx(XmssState* state, BdsState* bds, XmssIdx idx,
              * next leaf in alt state is not last. */
             if ((ret == 0) && (i > 0) && (updates > 0) &&
                     (idx_tree < ((XmssIdx)1 << (h - (hs * (i + 1))))) &&
-                    (bds[alt_i].next < ((word32)1 << h))) {
+                    (bds[alt_i].next < ((XmssIdx)1 << h))) {
                 xmss_idx_set_addr_tree(idx_tree, state->addr);
                 /* Update alternative BDS state. */
                 wc_xmss_bds_update(state, &bds[alt_i], sk_seed, pk_seed,