XMSS: clean -Wconversion warnings and add XMSS to Wconversion CI matrix

Add --enable-xmss to all 11 existing wolfCrypt-Wconversion matrix rows so
the XMSS sources (wc_xmss.c, wc_xmss_impl.c) are exercised under the same
strict conversion-warning flags already enforced for ML-KEM. Add 2 new
matrix rows that cover the XMSS sub-options (small, verify-only on 32-bit)
which use distinct code paths.

Add a test_xmss_runtime job that builds --enable-xmss and
--enable-xmss=yes,small (without --disable-crypttests) and runs
testwolfcrypt for each. The build-only matrix can't catch a bad cast that
silently changes the wire output; the runtime job is the safety net (same
pattern as test_lms_runtime in PR #14).

To make the XMSS sources compile cleanly under -Wconversion
-Warith-conversion -Wsign-conversion -Wcast-qual:

- wc_xmss.h: U-suffix on length constants, (word32) casts inside size
  macros (XMSS_HASH_PRF_DATA_LEN, XMSS_CHAIN_HASH_DATA_LEN,
  XMSS_RAND_HASH_DATA_LEN, XMSS_RETAIN_LEN) so arithmetic stays unsigned.

- wc_xmss_impl.c:
  - U-suffix on the local fixed-parameter constants (XMSS_WOTS_W,
    XMSS_HASH_PADDING_*, XMSS_PRF_M_LEN, XMSS_IDX_LEN, etc.).
  - In wc_xmss_msg_convert: kept word16 csum (per RFC 8391 the WOTS+
    checksum field is fixed 16-bit, the algorithm relies on 2^16
    wraparound), with explicit (word16) casts at every assignment to
    silence the warning without changing semantics. Same pattern as the
    LMS PR's wc_lmots_q_expand fix.
  - Replaced hand-rolled length expressions with the (now fixed) macros
    where possible (XMSS_HASH_PRF_DATA_LEN, XMSS_RAND_HASH_DATA_LEN).
  - Cast (byte)i at addr_buf[XMSS_ADDR_*]/addr[XMSS_ADDR_*] = i sites
    where i is word32 (WOTS+ chain/hash addressing).
  - Changed wc_idx_zero/wc_idx_update parameter from word8/int len to
    word32 so length flows cleanly into XMEMSET; rewrote the increment
    loop to use unsigned i with i > 0 termination.
  - Restored (word32)1U on shifts whose exponent can reach the tree
    height (up to 60 for XMSSMT-SHA2_60/12_256) — bare 1U is unsigned
    int which is undefined behaviour for shifts >= 32 on most targets.
  - Changed wc_xmss_bds_state_treehash_init / wc_xmss_bds_next_idx 'int
    i' parameter to word32, removing call-site (int) casts.
  - Cast at the narrowest assignment boundary throughout (e.g.,
    `const word8 hsk = (word8)(params->sub_h - params->bds_k)`,
    `addr[XMSS_ADDR_LAYER] = (word32)(params->d - 1)`).
  - Switch (word8)min(...) cast at the narrow assignment site to
    silence the word32→word8 narrowing from the shared min() helper.

- wc_xmss.c:
  - 3 → 3U in wc_RNG_GenerateBlock(rng, seed, 3 * key->params->n).
  - Cast public API's int msgLen/mLen to (word32) when forwarding to
    wc_xmss_sign / wc_xmssmt_sign / wc_xmssmt_verify; added the missing
    msgLen <= 0 check in wc_XmssKey_Verify (Sign already had it).

Verified: 13 matrix rows build clean under the conversion flags;
testwolfcrypt's "XMSS Vfy" / "XMSS" tests pass for --enable-xmss,
--enable-xmss=yes,small, and --enable-xmss=yes,verify-only;
bench_xmss_xmssmt parameter sets within noise vs. master.

https://claude.ai/code/session_01EJmy1bKDgHseTwZ5Qqpu1g

Author: claude

.github/workflows/wolfCrypt-Wconversion.yml

@@ -18,17 +18,20 @@ jobs:
       matrix:
         config: [
           # Add new configs here
-          '--disable-asm --enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests --enable-mlkem CPPFLAGS="-Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion -Wcast-qual"',
-          '--enable-intelasm --enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests --enable-mlkem CPPFLAGS="-Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion -Wcast-qual"',
-          '--enable-smallstack --disable-asm --enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests --enable-mlkem CPPFLAGS="-Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion -Wcast-qual"',
-          '--enable-smallstack --enable-intelasm --enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests --enable-mlkem CPPFLAGS="-Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion -Wcast-qual"',
-          '--enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests --enable-mlkem CPPFLAGS="-Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion -DNO_INT128 -Wcast-qual"',
-          '--enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests --enable-mlkem CPPFLAGS="-Wdeclaration-after-statement -Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion -Wcast-qual" --enable-32bit CFLAGS=-m32',
-          '--enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests --enable-mlkem=yes,small CPPFLAGS="-Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion -Wcast-qual -DNO_INT128"',
-          '--enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests --enable-mlkem=yes,no-large-code CPPFLAGS="-Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion -Wcast-qual -DNO_INT128"',
-          '--enable-smallstack --enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests --enable-mlkem CPPFLAGS="-Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion -Wcast-qual -DNO_INT128"',
-          '--disable-intelasm --enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests --enable-mlkem CPPFLAGS="-DWOLFSSL_MLKEM_ENCAPSULATE_SMALL_MEM -DWOLFSSL_MLKEM_MAKEKEY_SMALL_MEM -Wdeclaration-after-statement -Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion -Wcast-qual" --enable-32bit CFLAGS=-m32',
-          '--disable-intelasm --enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests --enable-mlkem=yes,small CPPFLAGS="-DWOLFSSL_MLKEM_ENCAPSULATE_SMALL_MEM -DWOLFSSL_MLKEM_MAKEKEY_SMALL_MEM -Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion -Wcast-qual -DNO_INT128"',
+          '--disable-asm --enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests --enable-mlkem --enable-xmss CPPFLAGS="-Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion -Wcast-qual"',
+          '--enable-intelasm --enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests --enable-mlkem --enable-xmss CPPFLAGS="-Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion -Wcast-qual"',
+          '--enable-smallstack --disable-asm --enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests --enable-mlkem --enable-xmss CPPFLAGS="-Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion -Wcast-qual"',
+          '--enable-smallstack --enable-intelasm --enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests --enable-mlkem --enable-xmss CPPFLAGS="-Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion -Wcast-qual"',
+          '--enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests --enable-mlkem --enable-xmss CPPFLAGS="-Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion -DNO_INT128 -Wcast-qual"',
+          '--enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests --enable-mlkem --enable-xmss CPPFLAGS="-Wdeclaration-after-statement -Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion -Wcast-qual" --enable-32bit CFLAGS=-m32',
+          '--enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests --enable-mlkem=yes,small --enable-xmss CPPFLAGS="-Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion -Wcast-qual -DNO_INT128"',
+          '--enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests --enable-mlkem=yes,no-large-code --enable-xmss CPPFLAGS="-Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion -Wcast-qual -DNO_INT128"',
+          '--enable-smallstack --enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests --enable-mlkem --enable-xmss CPPFLAGS="-Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion -Wcast-qual -DNO_INT128"',
+          '--disable-intelasm --enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests --enable-mlkem --enable-xmss CPPFLAGS="-DWOLFSSL_MLKEM_ENCAPSULATE_SMALL_MEM -DWOLFSSL_MLKEM_MAKEKEY_SMALL_MEM -Wdeclaration-after-statement -Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion -Wcast-qual" --enable-32bit CFLAGS=-m32',
+          '--disable-intelasm --enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests --enable-mlkem=yes,small --enable-xmss CPPFLAGS="-DWOLFSSL_MLKEM_ENCAPSULATE_SMALL_MEM -DWOLFSSL_MLKEM_MAKEKEY_SMALL_MEM -Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion -Wcast-qual -DNO_INT128"',
+          # Dedicated rows exercising XMSS sub-options not covered by --enable-xmss default
+          '--enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests --enable-mlkem --enable-xmss=yes,small CPPFLAGS="-Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion -Wcast-qual"',
+          '--enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests --enable-mlkem --enable-xmss=yes,verify-only CPPFLAGS="-Wdeclaration-after-statement -Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion -Wcast-qual" --enable-32bit CFLAGS=-m32',
         ]
     name: build library
     if: github.repository_owner == 'wolfssl'
@@ -50,3 +53,29 @@ jobs:
           echo "running ./configure ${{ matrix.config }}"
           ./configure ${{ matrix.config }} || $(exit 3)
           make -j 4 || $(exit 4)
+
+  # Compiler-clean (above) doesn't catch a bad cast that silently changes
+  # the wire output. Run testwolfcrypt's xmss_test under the same conversion
+  # flags on the default and small XMSS variants.
+  test_xmss_runtime:
+    strategy:
+      matrix:
+        config: [
+          '--enable-xmss CPPFLAGS="-Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion -Wcast-qual"',
+          '--enable-xmss=yes,small CPPFLAGS="-Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion -Wcast-qual"',
+        ]
+    name: test XMSS runtime
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-24.04
+    timeout-minutes: 6
+    steps:
+      - uses: actions/checkout@v4
+        name: Checkout wolfSSL
+
+      - name: Build and run wolfCrypt XMSS tests
+        run: |
+          ./autogen.sh || $(exit 2)
+          echo "running ./configure ${{ matrix.config }}"
+          ./configure ${{ matrix.config }} || $(exit 3)
+          make -j 4 || $(exit 4)
+          ./wolfcrypt/test/testwolfcrypt || $(exit 5)

wolfcrypt/src/wc_xmss.c

@@ -749,13 +749,15 @@ static WC_INLINE int wc_xmsskey_signupdate(XmssKey* key, byte* sig,
                  */
             #ifndef WOLFSSL_WC_XMSS_SMALL
                 if (key->is_xmssmt) {
-                    ret = wc_xmssmt_sign(state, msg, msgLen, key->sk, sig);
+                    ret = wc_xmssmt_sign(state, msg, (word32)msgLen, key->sk,
+                        sig);
                 }
                 else {
-                    ret = wc_xmss_sign(state, msg, msgLen, key->sk, sig);
+                    ret = wc_xmss_sign(state, msg, (word32)msgLen, key->sk,
+                        sig);
                 }
             #else
-                ret = wc_xmssmt_sign(state, msg, msgLen, key->sk, sig);
+                ret = wc_xmssmt_sign(state, msg, (word32)msgLen, key->sk, sig);
             #endif
                 if (ret == WC_NO_ERR_TRACE(KEY_EXHAUSTED_E)) {
                     /* Signature space exhausted. */
@@ -1083,7 +1085,7 @@ int wc_XmssKey_MakeKey(XmssKey* key, WC_RNG* rng)
     }
 #ifdef WOLFSSL_SMALL_STACK
     if (ret == 0) {
-        seed = (unsigned char*)XMALLOC(3 * key->params->n, NULL,
+        seed = (unsigned char*)XMALLOC(3U * key->params->n, NULL,
             DYNAMIC_TYPE_TMP_BUFFER);
         if (seed == NULL) {
             ret = MEMORY_E;
@@ -1093,7 +1095,7 @@ int wc_XmssKey_MakeKey(XmssKey* key, WC_RNG* rng)
 
     if (ret == 0) {
         /* Generate three random seeds. */
-        ret = wc_RNG_GenerateBlock(rng, seed, 3 * key->params->n);
+        ret = wc_RNG_GenerateBlock(rng, seed, 3U * key->params->n);
     }
 
     if (ret == 0) {
@@ -1473,10 +1475,11 @@ int wc_XmssKey_ExportPubRaw(const XmssKey* key, byte* out, word32* outLen)
     }
 
     if (ret == 0) {
-        int i = 0;
+        word32 i = 0;
         /* First copy the oid into buffer. */
         for (; i < XMSS_OID_LEN; i++) {
-            out[XMSS_OID_LEN - i - 1] = (key->oid >> (8 * i)) & 0xFF;
+            out[XMSS_OID_LEN - i - 1U] =
+                (byte)((key->oid >> (8U * i)) & 0xFFU);
         }
         /* Copy the public key data into buffer after oid. */
         XMEMCPY(out + XMSS_OID_LEN, key->pk, pubLen - XMSS_OID_LEN);
@@ -1603,7 +1606,7 @@ int wc_XmssKey_Verify(XmssKey* key, const byte* sig, word32 sigLen,
     int            ret = 0;
 
     /* Validate parameters. */
-    if ((key == NULL) || (sig == NULL) || (m == NULL)) {
+    if ((key == NULL) || (sig == NULL) || (m == NULL) || (mLen <= 0)) {
         ret = BAD_FUNC_ARG;
     }
     /* Validate state. */
@@ -1631,7 +1634,7 @@ int wc_XmssKey_Verify(XmssKey* key, const byte* sig, word32 sigLen,
             ret = wc_xmss_state_init(state, key->params);
             if (ret == 0) {
                 /* Verify using either XMSS^MT function as it works for both. */
-                ret = wc_xmssmt_verify(state, m, mLen, sig, key->pk);
+                ret = wc_xmssmt_verify(state, m, (word32)mLen, sig, key->pk);
                 /* Free state after use. */
                 wc_xmss_state_free(state);
             }