SLH-DSA coverity fixes.

Fixes 1643092 and 1643093

Neither of these are major issues, but fixed anyway..

i.e. 1<<hm is bounded by the parameter set so this is not an issue
Not checking an error from WPACKET_memcpy() would also not cause an
issue.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/26835)

diff --git a/crypto/slh_dsa/slh_dsa.c b/crypto/slh_dsa/slh_dsa.c
index c961883537f4807b80aad50305bca6e9bf10d1b5..a85ca3d4ac2aef7af5b319330fec423a27ec028a 100644 (file)
--- a/crypto/slh_dsa/slh_dsa.c
+++ b/crypto/slh_dsa/slh_dsa.c
@@ -354,7 +354,7 @@ static int get_tree_ids(PACKET *rpkt, const SLH_DSA_PARAMS *params,
      * i.e. A & (0xFFFF_FFFF_FFFF_FFFF >> (64 - X))
      */
     tree_id_mask = (~(uint64_t)0) >> (64 - (params->h - params->hm));
-    leaf_id_mask = (1 << params->hm) - 1; /* max value is 0x1FF when hm = 9 */
+    leaf_id_mask = ((uint64_t)1 << params->hm) - 1; /* max value is 0x1FF when hm = 9 */
     *tree_id = bytes_to_u64_be(tree_id_bytes, tree_id_len) & tree_id_mask;
     *leaf_id = (uint32_t)(bytes_to_u64_be(leaf_id_bytes, leaf_id_len) & leaf_id_mask);
     return 1;

diff --git a/crypto/slh_dsa/slh_fors.c b/crypto/slh_dsa/slh_fors.c
index 49fb67a8628531e050d61055cc6f964d3bf52b5a..f3a557739e0c1435e6767d71a8aea353cb668848 100644 (file)
--- a/crypto/slh_dsa/slh_fors.c
+++ b/crypto/slh_dsa/slh_fors.c
@@ -181,7 +181,8 @@ int ossl_slh_fors_sign(SLH_DSA_HASH_CTX *ctx, const uint8_t *md,
                 return 0;
             node_id >>= 1; /* Get the parent node id */
             tree_offset >>= 1; /* Each layer up has half as many nodes */
-            WPACKET_memcpy(sig_wpkt, out, n);
+            if (!WPACKET_memcpy(sig_wpkt, out, n))
+                return 0;
         }
         tree_id_times_two_power_a += two_power_a;
     }