From a2cf2888be8a5c892b1dc39e44aa1aec7d06a9ab Mon Sep 17 00:00:00 2001
From: b-wagn <crypto@benedikt-wagner.dev>
Date: Thu, 22 Jan 2026 09:20:27 +0100
Subject: [PATCH 1/3] Change assert to ret false (verify)

---
 src/signature/generalized_xmss.rs | 17 ++++++++++++++++-
 src/symmetric/tweak_hash_tree.rs  | 14 ++++++++++++--
 2 files changed, 28 insertions(+), 3 deletions(-)

diff --git a/src/signature/generalized_xmss.rs b/src/signature/generalized_xmss.rs
index 872f827..06b9b3d 100644
--- a/src/signature/generalized_xmss.rs
+++ b/src/signature/generalized_xmss.rs
@@ -859,11 +859,26 @@ where
         message: &[u8; MESSAGE_LENGTH],
         sig: &Self::Signature,
     ) -> bool {
-        assert!(
+
+        debug_assert!(
             (epoch as u64) < Self::LIFETIME,
             "Generalized XMSS - Verify: Epoch too large."
         );
 
+        debug_assert!(
+            sig.hashes.len() == IE::DIMENSION,
+            "Generalized XMSS - Verify: Wrong number of hashes."
+        );
+
+        // some sanity checks on inputs: signature has correct structure
+        // and epoch in range. We reject in case a check fails.
+        if (epoch as u64) >= Self::LIFETIME {
+            return false;
+        }
+        if sig.hashes.len() != IE::DIMENSION {
+            return false;
+        }
+
         // first get back the codeword and make sure
         // encoding succeeded with the given randomness.
         let Ok(x) = IE::encode(&pk.parameter.into(), message, &sig.rho, epoch) else {
diff --git a/src/symmetric/tweak_hash_tree.rs b/src/symmetric/tweak_hash_tree.rs
index 3f9f981..e6fc110 100644
--- a/src/symmetric/tweak_hash_tree.rs
+++ b/src/symmetric/tweak_hash_tree.rs
@@ -607,16 +607,26 @@ pub fn hash_tree_verify<TH: TweakableHash>(
     let depth = opening.co_path.len();
     let num_leafs: u64 = 1 << depth;
 
-    assert!(
+    debug_assert!(
         depth <= 32,
         "Hash-Tree verify: Tree depth must be at most 32"
     );
 
-    assert!(
+    debug_assert!(
         (position as u64) < num_leafs,
         "Hash-Tree verify: Position and Path Length not compatible"
     );
 
+    // some sanity checks: Tree depth must be at most 32
+    // and Position and Path Length must be compatible
+    // we let verification reject of this does not hold.
+    if depth > 32 {
+        return false;
+    }
+    if (position as u64) >= num_leafs {
+        return false;
+    }
+
     // first hash the leaf to get the node in the bottom layer
     let tweak = TH::tree_tweak(0, position);
     let mut current_node = TH::apply(parameter, &tweak, leaf);

From 3a947bd2ae82c1f1caa977051f2c7757cf34736e Mon Sep 17 00:00:00 2001
From: b-wagn <crypto@benedikt-wagner.dev>
Date: Thu, 22 Jan 2026 09:25:42 +0100
Subject: [PATCH 2/3] Fix fmt

---
 src/signature/generalized_xmss.rs | 1 -
 1 file changed, 1 deletion(-)

diff --git a/src/signature/generalized_xmss.rs b/src/signature/generalized_xmss.rs
index 06b9b3d..1f9d098 100644
--- a/src/signature/generalized_xmss.rs
+++ b/src/signature/generalized_xmss.rs
@@ -859,7 +859,6 @@ where
         message: &[u8; MESSAGE_LENGTH],
         sig: &Self::Signature,
     ) -> bool {
-
         debug_assert!(
             (epoch as u64) < Self::LIFETIME,
             "Generalized XMSS - Verify: Epoch too large."

From 09562aac54c4606b77c9d5c15e83332d192e48d8 Mon Sep 17 00:00:00 2001
From: Benedikt Wagner <113296072+b-wagn@users.noreply.github.com>
Date: Thu, 22 Jan 2026 14:26:40 +0100
Subject: [PATCH 3/3] Update src/symmetric/tweak_hash_tree.rs

Co-authored-by: Thomas Coratger <60488569+tcoratger@users.noreply.github.com>
---
 src/symmetric/tweak_hash_tree.rs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/symmetric/tweak_hash_tree.rs b/src/symmetric/tweak_hash_tree.rs
index e6fc110..d0b0bae 100644
--- a/src/symmetric/tweak_hash_tree.rs
+++ b/src/symmetric/tweak_hash_tree.rs
@@ -619,7 +619,7 @@ pub fn hash_tree_verify<TH: TweakableHash>(
 
     // some sanity checks: Tree depth must be at most 32
     // and Position and Path Length must be compatible
-    // we let verification reject of this does not hold.
+    // we let verification reject if this does not hold.
     if depth > 32 {
         return false;
     }