From 7b68e60c37f8ad24faf91c00fd1d67f405a49082 Mon Sep 17 00:00:00 2001
From: Wolfgang Wallner <wolfgang.wallner@br-automation.com>
Date: Thu, 30 Oct 2025 16:15:53 +0100
Subject: [PATCH 1/3] hss_param: Fix missing include

The function hss_get_parameter_set() in hss_param.c uses printf, but
does not include stdio.h. Fix this by adding the missing include.

Signed-off-by: Wolfgang Wallner <wolfgang.wallner@br-automation.com>
---
 lms-hash-sigs/hss_param.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lms-hash-sigs/hss_param.c b/lms-hash-sigs/hss_param.c
index 7a2abd6..c1f14fc 100755
--- a/lms-hash-sigs/hss_param.c
+++ b/lms-hash-sigs/hss_param.c
@@ -1,4 +1,5 @@
 #include <string.h>
+#include <stdio.h>
 #include "hss.h"
 #include "hss_internal.h"
 #include "endian.h"

From b7bb97435dcddfe277a6832f0976f2d6a425a632 Mon Sep 17 00:00:00 2001
From: Wolfgang Wallner <wolfgang.wallner@br-automation.com>
Date: Thu, 30 Oct 2025 16:14:39 +0100
Subject: [PATCH 2/3] authkeys: Avoid double free

If any code after the first fclose(f) in Key::Parse() throws
an exception, the exception handler will unconditionally
call fclose(f) again.

Fix this by setting f to NULL after the first fclose, and
checking the value of f against NULL in the excepton handler.

Signed-off-by: Wolfgang Wallner <wolfgang.wallner@br-automtion.com>
---
 common/src/authkeys.cpp | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/common/src/authkeys.cpp b/common/src/authkeys.cpp
index 84a07a7..524870e 100755
--- a/common/src/authkeys.cpp
+++ b/common/src/authkeys.cpp
@@ -170,6 +170,7 @@ void Key::Parse(const std::string& filename, bool isSecret0)
             LOG_ERROR("Unsupported key file - %s\n           Supported key formats: AMD Format & OpenSSL format", basefile.c_str());
         }
         fclose(f);
+        f = NULL;
 
         if(errCode != 0)
         {
@@ -195,7 +196,10 @@ void Key::Parse(const std::string& filename, bool isSecret0)
     }
     catch(...) 
     {
-        fclose(f);
+        if (f!=NULL)
+        {
+            fclose(f);
+        }
         throw;
     }
 }

From 03d0b6f3120848a396287e4aa2dbf28e97c66f52 Mon Sep 17 00:00:00 2001
From: Wolfgang Wallner <wolfgang.wallner@br-automation.com>
Date: Thu, 30 Oct 2025 16:13:16 +0100
Subject: [PATCH 3/3] xil-bignum.h: Add fix for change of struct in openSSL >=
 3.6.0

The layout of struct bn_mont_ctx_st was changed in openSSL commit 3f540b6d.

Signed-off-by: Wolfgang Wallner <wolfgang.wallner@br-automation.com>
---
 common/include/xil-bignum.h | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/common/include/xil-bignum.h b/common/include/xil-bignum.h
index adc1b87..ac622bf 100755
--- a/common/include/xil-bignum.h
+++ b/common/include/xil-bignum.h
@@ -26,6 +26,22 @@ struct bignum_st {
 };
 
 /* Used for montgomery multiplication */
+/*
+ * The layout of this structure was changed in openSSL commit 3f540b6d.
+ */
+#if OPENSSL_VERSION_NUMBER >= 0x30600000L
+struct bn_mont_ctx_st {
+    BIGNUM RR;                  /* used to convert to montgomery form */
+    BIGNUM N;                   /* The modulus */
+    BIGNUM Ni;                  /* R*(1/R mod N) - N*Ni = 1 (Ni is only
+                                 * stored for bignum algorithm) */
+    BN_ULONG n0[2];             /* least significant word(s) of Ni; (type
+                                 * changed with 0.9.9, was "BN_ULONG n0;"
+                                 * before) */
+    int ri;                     /* number of bits in R */
+    int flags;
+};
+#else
 struct bn_mont_ctx_st {
     int ri;                     /* number of bits in R */
     BIGNUM RR;                  /* used to convert to montgomery form */
@@ -37,5 +53,6 @@ struct bn_mont_ctx_st {
                                  * before) */
     int flags;
 };
+#endif
 
 #endif
\ No newline at end of file