diff --git a/README.md b/README.md
index 7899374..cf196a5 100644
--- a/README.md
+++ b/README.md
@@ -165,6 +165,10 @@ make coverage # Run tests with gcov
make coverage-force-failure # Include crypto failure path testing
```
+
+ 
+
diff --git a/src/wolfcose.c b/src/wolfcose.c
index c4c4ca9..47d24a2 100644
--- a/src/wolfcose.c
+++ b/src/wolfcose.c
@@ -6105,10 +6105,6 @@ int wc_CoseMac0_Create(const WOLFCOSE_KEY* key, int32_t alg,
(payload == NULL) && (detachedPayload == NULL)) {
ret = WOLFCOSE_E_INVALID_ARG;
}
- if ((ret == WOLFCOSE_SUCCESS) &&
- (macPayload == NULL) && (macPayloadLen > 0u)) {
- ret = WOLFCOSE_E_INVALID_ARG;
- }
/* Reject inconsistent (kid, kidLen) so the kid is never silently dropped. */
if ((ret == WOLFCOSE_SUCCESS) &&
(((kid != NULL) && (kidLen == 0u)) ||
@@ -7859,10 +7855,6 @@ int wc_CoseMac_Create(const WOLFCOSE_RECIPIENT* recipients,
ret = WOLFCOSE_E_CRYPTO;
}
}
- if (hmacInited != 0) {
- (void)wc_HmacFree(&hmac);
- hmacInited = 0;
- }
}
else
#endif /* WOLFCOSE_HAVE_HMAC */
@@ -8275,10 +8267,6 @@ int wc_CoseMac_Verify(const WOLFCOSE_RECIPIENT* recipient,
ret = WOLFCOSE_E_CRYPTO;
}
}
- if (hmacInited != 0) {
- (void)wc_HmacFree(&hmac);
- hmacInited = 0;
- }
}
else
#endif /* WOLFCOSE_HAVE_HMAC */
diff --git a/src/wolfcose_cbor.c b/src/wolfcose_cbor.c
index 3a0011c..ae66cc4 100644
--- a/src/wolfcose_cbor.c
+++ b/src/wolfcose_cbor.c
@@ -233,14 +233,11 @@ int wolfCose_CBOR_DecodeHead(WOLFCOSE_CBOR_CTX* ctx, WOLFCOSE_CBOR_ITEM* item)
}
}
- /* Advance past bstr/tstr bytes using overflow-safe bounds. */
+ /* Compare the 64-bit length against remaining bytes (no size_t cast). */
if (ret == WOLFCOSE_SUCCESS) {
if ((item->majorType == WOLFCOSE_CBOR_BSTR) ||
(item->majorType == WOLFCOSE_CBOR_TSTR)) {
- if (item->val > (uint64_t)SIZE_MAX) {
- ret = WOLFCOSE_E_CBOR_OVERFLOW;
- }
- else if ((size_t)item->val > (ctx->bufSz - ctx->idx)) {
+ if (item->val > (uint64_t)(ctx->bufSz - ctx->idx)) {
ret = WOLFCOSE_E_CBOR_MALFORMED;
}
else {