From ac87f6b3a36ee3beac9e806c33127269edb6ca20 Mon Sep 17 00:00:00 2001
From: slontis <shane.lontis@oracle.com>
Date: Mon, 14 Jul 2025 11:06:10 +1000
Subject: [PATCH] LMS: Coverity Fix 1659010 (Unused Value)

This was a false positive in a test.
The code has been reordered to make the flow clearer.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28030)
---
 test/lms_test.c | 35 ++++++++++++++++-------------------
 1 file changed, 16 insertions(+), 19 deletions(-)

diff --git a/test/lms_test.c b/test/lms_test.c
index dfd07a80052..46b42644302 100644
--- a/test/lms_test.c
+++ b/test/lms_test.c
@@ -504,29 +504,26 @@ static int lms_verify_bad_pub_sig_test(void)
         goto end;
 
     for (i = 0; i < (int)td->publen; i += step) {
-        if (i > 0) {
+        pub[i] ^= 1; /* corrupt a byte */
+        /* Corrupting the public key may cause the key load to fail */
+        pkey = lms_pubkey_from_data(pub, td->publen);
+        if (pkey != NULL) {
+            if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, NULL)))
+                goto end;
+            /* We expect the verify to fail */
+            if ((EVP_PKEY_verify_message_init(ctx, sig, NULL) == 1)
+                    && !TEST_int_eq(EVP_PKEY_verify(ctx, td->sig, td->siglen,
+                                                    td->msg, td->msglen), 0)) {
+                TEST_note("Incorrectly passed when byte %d of the public key"
+                          " was corrupted", i);
+                goto end;
+            }
             EVP_PKEY_free(pkey);
-            EVP_PKEY_CTX_free(ctx);
             pkey = NULL;
+            EVP_PKEY_CTX_free(ctx);
             ctx = NULL;
-            pub[i - step] ^= 1;
-        }
-        pub[i] ^= 1;
-        /* Corrupting the public key may cause the key load to fail */
-        pkey = lms_pubkey_from_data(pub, td->publen);
-        if (pkey == NULL)
-            continue;
-        if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, NULL)))
-            continue;
-        if (!TEST_int_eq(EVP_PKEY_verify_message_init(ctx, sig, NULL), 1))
-            continue;
-        /* We expect the verify to fail */
-        if (!TEST_int_eq(EVP_PKEY_verify(ctx, td->sig, td->siglen,
-                                         td->msg, td->msglen), 0)) {
-            TEST_note("Incorrectly passed when byte %d of the public key"
-                      " was corrupted", i);
-            goto end;
         }
+        pub[i] ^= 1; /* restore the corrupted byte */
     }
 
     ret = 1;
-- 
2.47.2