From c5ce984966e518ebb3c121c61cafe63eee302959 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Tue, 21 May 2024 13:57:40 -0500 Subject: [PATCH] wolfcrypt/src/wc_xmss_impl.c:wc_xmssmt_sign_next_idx(): use (XmssIdx)1, not (word32)1, for a shift-by-height operand; src/ssl.c:set_curves_list(): don't attempt to enable curves that are out-of-range for word32 disabled. --- src/ssl.c | 5 ++++- wolfcrypt/src/wc_xmss_impl.c | 2 +- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index f468dc5e0e..d027ef01b0 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -21564,7 +21564,10 @@ int set_curves_list(WOLFSSL* ssl, WOLFSSL_CTX *ctx, const char* names, for (i = 0; i < groups_len; ++i) { /* Switch the bit to off and therefore is enabled. */ curve = (word16)groups[i]; - if (curve >= 32) { + if (curve >= 64) { + WC_DO_NOTHING; + } + else if (curve >= 32) { /* 0 is for invalid and 1-14 aren't used otherwise. */ disabled &= ~(1U << (curve - 32)); } diff --git a/wolfcrypt/src/wc_xmss_impl.c b/wolfcrypt/src/wc_xmss_impl.c index 45daa704cd..5037854f2a 100644 --- a/wolfcrypt/src/wc_xmss_impl.c +++ b/wolfcrypt/src/wc_xmss_impl.c @@ -3926,7 +3926,7 @@ static int wc_xmssmt_sign_next_idx(XmssState* state, BdsState* bds, XmssIdx idx, * next leaf in alt state is not last. */ if ((ret == 0) && (i > 0) && (updates > 0) && (idx_tree < ((XmssIdx)1 << (h - (hs * (i + 1))))) && - (bds[alt_i].next < ((word32)1 << h))) { + (bds[alt_i].next < ((XmssIdx)1 << h))) { xmss_idx_set_addr_tree(idx_tree, state->addr); /* Update alternative BDS state. */ wc_xmss_bds_update(state, &bds[alt_i], sk_seed, pk_seed,