diff --git a/wolfcrypt/src/wc_lms_impl.c b/wolfcrypt/src/wc_lms_impl.c
index 65454dfd8..7bbe692c8 100644
--- a/wolfcrypt/src/wc_lms_impl.c
+++ b/wolfcrypt/src/wc_lms_impl.c
@@ -2661,7 +2661,7 @@ static int wc_hss_expand_private_key(LmsState* state, byte* priv,
     word32 q32;
     byte* priv_q;
     byte* priv_seed_i;
-    int i;
+    word32 i;
 
     /* Get the 64-bit q value from the raw private key. */
     ato64(priv_raw, &q);
@@ -2685,7 +2685,7 @@ static int wc_hss_expand_private_key(LmsState* state, byte* priv,
     }
 
     /* Compute SEED and I for rest of levels. */
-    for (i = 1; (ret == 0) && (i < params->levels); i++) {
+    for (i = 1U; (ret == 0) && (i < params->levels); i++) {
         /* Don't skip calculating SEED and I. */
         int skip = 0;
 
@@ -2752,11 +2752,12 @@ static int wc_lms_next_subtree_init(LmsState* state, LmsPrivState* privState,
     priv += LMS_I_LEN;
 
     ato32(curr, &pq);
-    pq = (pq + 1) & (((word32)1 << params->height) - 1);
+    pq = (pq + 1U) & ((((word32)1U) << params->height) - (word32)1U);
     c32toa(pq, priv_q);
 
     privState->stack.offset = 0;
-    privState->leaf.idx = (word32)-((word32)1 << params->cacheBits);
+    /* No unary minus on unsigned; avoids MSVC C4146 and passes clang-tidy */
+    privState->leaf.idx = (word32)(0U - ((word32)1U << params->cacheBits));
     privState->leaf.offset = 0;
 
     /* Derive SEED and I for next tree. */
@@ -2789,7 +2790,7 @@ static int wc_hss_next_subtree_inc(LmsState* state, HssPrivKey* priv_key,
     w64wrapper p64 = q64;
     byte tmp_priv[LMS_PRIV_LEN(LMS_MAX_NODE_LEN)];
     int use_tmp = 0;
-    int lastQMax = 0;
+    word32 lastQMax = 0;
     w64wrapper p64_hi;
     w64wrapper q64_hi;
 
@@ -2807,7 +2808,7 @@ static int wc_hss_next_subtree_inc(LmsState* state, HssPrivKey* priv_key,
         cp64_hi = w64ShiftRight(p64, (params->levels - i - 1) * params->height);
         cq64_hi = w64ShiftRight(q64, (params->levels - i - 1) * params->height);
         /* Get the q for the child. */
-        ato32(curr + LMS_PRIV_LEN(params->hash_len), &qc);
+        ato32(curr + LMS_PRIV_LEN(params->hash_len), (unsigned int*)&qc);
 
         /* Compare index of parent node with previous value. */
         if (w64LT(p64_hi, q64_hi)) {
@@ -2842,7 +2843,7 @@ static int wc_hss_next_subtree_inc(LmsState* state, HssPrivKey* priv_key,
             XMEMCPY(tmp_priv, curr + LMS_PRIV_LEN(params->hash_len), LMS_Q_LEN);
         }
 
-        lastQMax = (qc == ((word32)1 << params->height) - 1);
+        lastQMax = (qc == (((word32)1U << params->height) - (word32)1U));
         curr += LMS_PRIV_LEN(params->hash_len);
         priv += LMS_PRIV_LEN(params->hash_len);
         p64_hi = cp64_hi;
@@ -3179,6 +3180,11 @@ int wc_hss_reload_key(LmsState* state, const byte* priv_raw,
 
     (void)pub_root;
 
+    /* Defend against undefined shifts; LmsParams* params = state->params */
+    if ((state->params->cacheBits >= 32U) || (state->params->height >= 32U)) {
+        return BAD_FUNC_ARG;
+    }
+
     wc_hss_priv_data_load(state->params, priv_key, priv_data);
 #ifndef WOLFSSL_WC_LMS_SMALL
     priv_key->inited = 0;