From 1e9607b65ea4cc8f3e71c03a79e59a2d3f37e268 Mon Sep 17 00:00:00 2001
From: David Garske <david@wolfssl.com>
Date: Thu, 5 Dec 2024 08:34:58 -0800
Subject: [PATCH] Fixes for ML-DSA and LMS cast warnings and spelling errors.

---
 examples/client/client.c    |  4 ++--
 examples/server/server.c    |  2 +-
 tests/api.c                 | 10 +++++-----
 wolfcrypt/src/dilithium.c   |  4 ++--
 wolfcrypt/src/wc_lms_impl.c | 20 ++++++++++----------
 wolfssl/test.h              |  2 +-
 wolfssl/wolfcrypt/wc_port.h |  2 ++
 7 files changed, 23 insertions(+), 21 deletions(-)

diff --git a/examples/client/client.c b/examples/client/client.c
index f50f67fbb..cdc132b4b 100644
--- a/examples/client/client.c
+++ b/examples/client/client.c
@@ -2433,7 +2433,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
                 }
                 else if (XSTRCMP(myoptarg, "verifyInfo") == 0) {
                     printf("Verify should not override error\n");
-                    myVerifyAction = VERIFY_USE_PREVERFIY;
+                    myVerifyAction = VERIFY_USE_PREVERIFY;
                 }
                 else if (XSTRCMP(myoptarg, "useSupCurve") == 0) {
                     printf("Attempting to test use supported curve\n");
@@ -3506,7 +3506,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
     #endif
     }
     if (useVerifyCb || myVerifyAction == VERIFY_FORCE_FAIL ||
-            myVerifyAction == VERIFY_USE_PREVERFIY) {
+            myVerifyAction == VERIFY_USE_PREVERIFY) {
         wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER, myVerify);
     }
     else if (!usePsk && !useAnon && doPeerCheck == 0) {
diff --git a/examples/server/server.c b/examples/server/server.c
index bc3e1509f..087c2cd9a 100644
--- a/examples/server/server.c
+++ b/examples/server/server.c
@@ -1882,7 +1882,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
                 }
                 else if (XSTRCMP(myoptarg, "verifyInfo") == 0) {
                     printf("Verify should use preverify (just show info)\n");
-                    myVerifyAction = VERIFY_USE_PREVERFIY;
+                    myVerifyAction = VERIFY_USE_PREVERIFY;
                 }
                 else if (XSTRCMP(myoptarg, "loadSSL") == 0) {
                     printf("Also load cert/key into wolfSSL object\n");
diff --git a/tests/api.c b/tests/api.c
index c15e431b1..cd3b6320b 100644
--- a/tests/api.c
+++ b/tests/api.c
@@ -9472,7 +9472,7 @@ static int test_wolfSSL_CTX_verifyDepth_ServerClient_1_ctx_ready(
     WOLFSSL_CTX* ctx)
 {
     wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, myVerify);
-    myVerifyAction = VERIFY_USE_PREVERFIY;
+    myVerifyAction = VERIFY_USE_PREVERIFY;
     wolfSSL_CTX_set_verify_depth(ctx, 2);
     return TEST_SUCCESS;
 }
@@ -9552,7 +9552,7 @@ static int test_wolfSSL_CTX_verifyDepth_ServerClient_3_ctx_ready(
     WOLFSSL_CTX* ctx)
 {
     wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, myVerify);
-    myVerifyAction = VERIFY_USE_PREVERFIY;
+    myVerifyAction = VERIFY_USE_PREVERIFY;
     wolfSSL_CTX_set_verify_depth(ctx, 0);
     return TEST_SUCCESS;
 }
@@ -95334,7 +95334,7 @@ static int test_revoked_loaded_int_cert_ctx_ready1(WOLFSSL_CTX* ctx)
 {
     EXPECT_DECLS;
     wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER, myVerify);
-    myVerifyAction = VERIFY_USE_PREVERFIY;
+    myVerifyAction = VERIFY_USE_PREVERIFY;
     ExpectIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx,
             "./certs/ca-cert.pem", NULL, 0), WOLFSSL_SUCCESS);
     ExpectIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx,
@@ -95354,7 +95354,7 @@ static int test_revoked_loaded_int_cert_ctx_ready2(WOLFSSL_CTX* ctx)
 {
     EXPECT_DECLS;
     wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER, myVerify);
-    myVerifyAction = VERIFY_USE_PREVERFIY;
+    myVerifyAction = VERIFY_USE_PREVERIFY;
     ExpectIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx,
             "./certs/ca-cert.pem", NULL, 0), WOLFSSL_SUCCESS);
     ExpectIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx,
@@ -95391,7 +95391,7 @@ static int test_revoked_loaded_int_cert_ctx_ready3(WOLFSSL_CTX* ctx)
 {
     EXPECT_DECLS;
     wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER, myVerify);
-    myVerifyAction = VERIFY_USE_PREVERFIY;
+    myVerifyAction = VERIFY_USE_PREVERIFY;
     ExpectIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx,
             "./certs/ca-cert.pem", NULL, 0), WOLFSSL_SUCCESS);
     ExpectIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx,
diff --git a/wolfcrypt/src/dilithium.c b/wolfcrypt/src/dilithium.c
index ce01042c8..9d1bc0a45 100644
--- a/wolfcrypt/src/dilithium.c
+++ b/wolfcrypt/src/dilithium.c
@@ -2761,8 +2761,8 @@ static int dilithium_vec_expand_mask(wc_Shake* shake256, byte* seed,
         word16 n = kappa + r;
 
         /* Step 4: Append to seed and squeeze out data. */
-        seed[DILITHIUM_PRIV_RAND_SEED_SZ + 0] = n;
-        seed[DILITHIUM_PRIV_RAND_SEED_SZ + 1] = n >> 8;
+        seed[DILITHIUM_PRIV_RAND_SEED_SZ + 0] = (byte)n;
+        seed[DILITHIUM_PRIV_RAND_SEED_SZ + 1] = (byte)(n >> 8);
         ret = dilithium_squeeze256(shake256, seed, DILITHIUM_Y_SEED_SZ, v,
             DILITHIUM_MAX_V_BLOCKS);
         if (ret == 0) {
diff --git a/wolfcrypt/src/wc_lms_impl.c b/wolfcrypt/src/wc_lms_impl.c
index 49c13c165..5968f5c7f 100644
--- a/wolfcrypt/src/wc_lms_impl.c
+++ b/wolfcrypt/src/wc_lms_impl.c
@@ -104,7 +104,7 @@
 
 
 #ifdef WC_LMS_DEBUG_PRINT_DATA
-/* Print data when dubgging implementation.
+/* Print data when debugging implementation.
  *
  * @param [in] name  String to print before data.
  * @param [in] data  Array of bytes.
@@ -859,7 +859,7 @@ static int wc_lmots_msg_hash(LmsState* state, const byte* msg, word32 msgSz,
  *        }
  *        y[i] = tmp
  *      }
- * x[i] can be calculated on the fly using psueodo key generation in Appendix A.
+ * x[i] can be calculated on the fly using pseudo key generation in Appendix A.
  * Appendix A, The elements of the LM-OTS private keys are computed as:
  *   x_q[i] = H(I || u32str(q) || u16str(i) || u8str(0xff) || SEED).
  *
@@ -875,7 +875,7 @@ static int wc_lmots_compute_y_from_seed(LmsState* state, const byte* seed,
     const byte* msg, word32 msgSz, const byte* c, byte* y)
 {
     const LmsParams* params = state->params;
-    int ret = 0;
+    int ret;
     word16 i;
     byte q[LMS_MAX_NODE_LEN + LMS_CKSM_LEN];
 #ifdef WOLFSSL_SMALL_STACK
@@ -892,8 +892,8 @@ static int wc_lmots_compute_y_from_seed(LmsState* state, const byte* seed,
     ret = wc_lmots_msg_hash(state, msg, msgSz, c, q);
     if (ret == 0) {
         /* Calculate checksum list all coefficients. */
-        ret = wc_lmots_q_expand(q, params->hash_len, params->width, params->ls,
-             a);
+        ret = wc_lmots_q_expand(q, (word8)params->hash_len, params->width,
+            params->ls, a);
     }
 #ifndef WC_LMS_FULL_HASH
     if (ret == 0) {
@@ -1063,8 +1063,8 @@ static int wc_lmots_compute_kc_from_sig(LmsState* state, const byte* msg,
     }
     if (ret == 0) {
         /* Calculate checksum list all coefficients. */
-        ret = wc_lmots_q_expand(q, params->hash_len, params->width, params->ls,
-            a);
+        ret = wc_lmots_q_expand(q, (word8)params->hash_len, params->width,
+            params->ls, a);
     }
 #ifndef WC_LMS_FULL_HASH
     if (ret == 0) {
@@ -1178,7 +1178,7 @@ static int wc_lmots_compute_kc_from_sig(LmsState* state, const byte* msg,
  *      }
  *      K = H(I || u32str(q) || u16str(D_PBLC) || y[0] || ... || y[p-1])
  *   ...
- * x[i] can be calculated on the fly using psueodo key generation in Appendix A.
+ * x[i] can be calculated on the fly using pseudo key generation in Appendix A.
  * Appendix A, The elements of the LM-OTS private keys are computed as:
  *   x_q[i] = H(I || u32str(q) || u16str(i) || u8str(0xff) || SEED).
  *
@@ -3679,11 +3679,11 @@ int wc_hss_sigsleft(const LmsParams* params, const byte* priv_raw)
  *
  * @param [in, out] state  LMS state.
  * @param [in]      pub    HSS public key.
- * @param [in]      msg    Message to rifyn.
+ * @param [in]      msg    Message to verify.
  * @param [in]      msgSz  Length of message in bytes.
  * @param [in]      sig    Signature of message.
  * @return  0 on success.
- * @return  SIG_VERFIY_E on failure.
+ * @return  SIG_VERIFY_E on failure.
  */
 int wc_hss_verify(LmsState* state, const byte* pub, const byte* msg,
     word32 msgSz, const byte* sig)
diff --git a/wolfssl/test.h b/wolfssl/test.h
index bbe7d0fbe..fe69586cc 100644
--- a/wolfssl/test.h
+++ b/wolfssl/test.h
@@ -2397,7 +2397,7 @@ static WC_INLINE void OCSPRespFreeCb(void* ioCtx, unsigned char* response)
 enum {
     VERIFY_OVERRIDE_ERROR,
     VERIFY_FORCE_FAIL,
-    VERIFY_USE_PREVERFIY,
+    VERIFY_USE_PREVERIFY,
     VERIFY_OVERRIDE_DATE_ERR,
 };
 static THREAD_LS_T int myVerifyAction = VERIFY_OVERRIDE_ERROR;
diff --git a/wolfssl/wolfcrypt/wc_port.h b/wolfssl/wolfcrypt/wc_port.h
index 6dc7d2c92..f661d2b6a 100644
--- a/wolfssl/wolfcrypt/wc_port.h
+++ b/wolfssl/wolfcrypt/wc_port.h
@@ -947,9 +947,11 @@ WOLFSSL_ABI WOLFSSL_API int wolfCrypt_Cleanup(void);
 /* Windows API defines its own min() macro. */
 #if defined(USE_WINDOWS_API)
     #if defined(min) || defined(WOLFSSL_MYSQL_COMPATIBLE)
+        #undef  WOLFSSL_HAVE_MIN
         #define WOLFSSL_HAVE_MIN
     #endif /* min */
     #if defined(max) || defined(WOLFSSL_MYSQL_COMPATIBLE)
+        #undef  WOLFSSL_HAVE_MAX
         #define WOLFSSL_HAVE_MAX
     #endif /* max */
 #endif /* USE_WINDOWS_API */