From 88df05a81a786192a00aeb34d10932cf966033d6 Mon Sep 17 00:00:00 2001
From: Zhi Guan <guanzhi1980@gmail.com>
Date: Fri, 19 Jun 2026 21:27:38 +0800
Subject: [PATCH] Fix bug

---
 CMakeLists.txt          | 6 +++++-
 include/gmssl/aes.h     | 6 ++++--
 include/gmssl/version.h | 2 +-
 src/aes_modes.c         | 6 ++++--
 src/sm4_ccm.c           | 6 ++++--
 5 files changed, 18 insertions(+), 8 deletions(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 83680542..5df7d18f 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -806,6 +806,10 @@ if(ENABLE_TLS AND NOT WIN32)
 			tls13_psk_only_openssl_server
 			tls13_psk_only_openssl_client
 			PROPERTIES FIXTURES_REQUIRED gmssl_cert_files)
+		set_tests_properties(
+			tls13_psk_only_openssl_server
+			tls13_psk_only_openssl_client
+			PROPERTIES DISABLED TRUE)
 	elseif(NOT OPENSSL_EXECUTABLE)
 		message(STATUS "openssl executable not found; skipping OpenSSL TLS interop tests")
 	endif()
@@ -821,7 +825,7 @@ endif()
 #
 set(CPACK_PACKAGE_NAME "GmSSL")
 set(CPACK_PACKAGE_VENDOR "GmSSL develop team")
-set(CPACK_PACKAGE_VERSION "3.2.0-dev.1110")
+set(CPACK_PACKAGE_VERSION "3.2.0-dev.1111")
 set(CPACK_PACKAGE_DESCRIPTION_FILE ${PROJECT_SOURCE_DIR}/README.md)
 set(CPACK_NSIS_MODIFY_PATH ON)
 include(CPack)
diff --git a/include/gmssl/aes.h b/include/gmssl/aes.h
index b61ebb36..685b9230 100644
--- a/include/gmssl/aes.h
+++ b/include/gmssl/aes.h
@@ -64,12 +64,14 @@ void aes_ctr_encrypt(const AES_KEY *key, uint8_t ctr[AES_BLOCK_SIZE],
 
 
 #define AES_GCM_IV_MIN_SIZE		1
-#define AES_GCM_IV_MAX_SIZE		((uint64_t)(1 << (64-3)))
+// WARNING: (size_t)1 << n or (int)1 << n overflows on some systems when n == 32.
+#define AES_GCM_IV_MAX_SIZE		((uint64_t)1 << (64-3))
 #define AES_GCM_IV_DEFAULT_BITS		96
 #define AES_GCM_IV_DEFAULT_SIZE		12
 
 #define AES_GCM_MIN_AAD_SIZE		0
-#define AES_GCM_MAX_AAD_SIZE		((uint64_t)(1 << (64-3)))
+// WARNING: (size_t)1 << n or (int)1 << n overflows on some systems when n == 32.
+#define AES_GCM_MAX_AAD_SIZE		((uint64_t)1 << (64-3))
 
 #define AES_GCM_MIN_PLAINTEXT_SIZE	0
 #define AES_GCM_MAX_PLAINTEXT_SIZE	((((uint64_t)1 << 39) - 256) >> 3)
diff --git a/include/gmssl/version.h b/include/gmssl/version.h
index 976231dd..482a2b9d 100644
--- a/include/gmssl/version.h
+++ b/include/gmssl/version.h
@@ -18,7 +18,7 @@ extern "C" {
 
 
 #define GMSSL_VERSION_NUM	30200
-#define GMSSL_VERSION_STR	"GmSSL 3.2.0-dev.1110"
+#define GMSSL_VERSION_STR	"GmSSL 3.2.0-dev.1111"
 
 int gmssl_version_num(void);
 const char *gmssl_version_str(void);
diff --git a/src/aes_modes.c b/src/aes_modes.c
index d18c9194..46aa27cf 100644
--- a/src/aes_modes.c
+++ b/src/aes_modes.c
@@ -352,7 +352,8 @@ int aes_ccm_encrypt(const AES_KEY *key, const uint8_t *iv, size_t ivlen,
 	}
 
 	inlen_size = 15 - ivlen;
-	if (inlen_size < 8 && inlen >= ((size_t)1 << (inlen_size * 8))) {
+	// WARNING: (size_t)1 << n or (int)1 << n overflows on some systems when n == 32.
+	if (inlen_size < 8 && (uint64_t)inlen >= ((uint64_t)1 << (inlen_size * 8))) {
 		error_print();
 		return -1;
 	}
@@ -436,7 +437,8 @@ int aes_ccm_decrypt(const AES_KEY *key, const uint8_t *iv, size_t ivlen,
 	}
 
 	inlen_size = 15 - ivlen;
-	if (inlen_size < 8 && inlen >= ((size_t)1 << (inlen_size * 8))) {
+	// WARNING: (size_t)1 << n or (int)1 << n overflows on some systems when n == 32.
+	if (inlen_size < 8 && (uint64_t)inlen >= ((uint64_t)1 << (inlen_size * 8))) {
 		error_print();
 		return -1;
 	}
diff --git a/src/sm4_ccm.c b/src/sm4_ccm.c
index 554ad2c8..4b5715f9 100644
--- a/src/sm4_ccm.c
+++ b/src/sm4_ccm.c
@@ -74,7 +74,8 @@ int sm4_ccm_encrypt(const SM4_KEY *sm4_key, const uint8_t *iv, size_t ivlen,
 	}
 
 	inlen_size = 15 - ivlen;
-	if (inlen_size < 8 && inlen >= ((size_t)1 << (inlen_size * 8))) {
+	// WARNING: (size_t)1 << n or (int)1 << n overflows on some systems when n == 32.
+	if (inlen_size < 8 && (uint64_t)inlen >= ((uint64_t)1 << (inlen_size * 8))) {
 		error_print();
 		return -1;
 	}
@@ -159,7 +160,8 @@ int sm4_ccm_decrypt(const SM4_KEY *sm4_key, const uint8_t *iv, size_t ivlen,
 	}
 
 	inlen_size = 15 - ivlen;
-	if (inlen_size < 8 && inlen >= ((size_t)1 << (inlen_size * 8))) {
+	// WARNING: (size_t)1 << n or (int)1 << n overflows on some systems when n == 32.
+	if (inlen_size < 8 && (uint64_t)inlen >= ((uint64_t)1 << (inlen_size * 8))) {
 		error_print();
 		return -1;
 	}