Merge pull request #7566 from douzzer/20240521-fix-overshifts

20240521-fix-overshifts
2024-05-22 07:42:49 +10:00
parent caaa9feb64 c5ce984966
commit 32c5acca22
2 changed files with 5 additions and 2 deletions
--- a/src/ssl.c
+++ b/src/ssl.c
@ -21564,7 +21564,10 @@ int set_curves_list(WOLFSSL* ssl, WOLFSSL_CTX *ctx, const char* names,
    for (i = 0; i < groups_len; ++i) {
        /* Switch the bit to off and therefore is enabled. */
        curve = (word16)groups[i];
-        if (curve >= 32) {
+        if (curve >= 64) {
+            WC_DO_NOTHING;
+        }
+        else if (curve >= 32) {
            /* 0 is for invalid and 1-14 aren't used otherwise. */
            disabled &= ~(1U << (curve - 32));
        }
--- a/wolfcrypt/src/wc_xmss_impl.c
+++ b/wolfcrypt/src/wc_xmss_impl.c
@ -3926,7 +3926,7 @@ static int wc_xmssmt_sign_next_idx(XmssState* state, BdsState* bds, XmssIdx idx,
             * next leaf in alt state is not last. */
            if ((ret == 0) && (i > 0) && (updates > 0) &&
                    (idx_tree < ((XmssIdx)1 << (h - (hs * (i + 1))))) &&
-                    (bds[alt_i].next < ((word32)1 << h))) {
+                    (bds[alt_i].next < ((XmssIdx)1 << h))) {
                xmss_idx_set_addr_tree(idx_tree, state->addr);
                /* Update alternative BDS state. */
                wc_xmss_bds_update(state, &bds[alt_i], sk_seed, pk_seed,