From d6fe15af8c8d9f319b19a94e702aac3262ec4acc Mon Sep 17 00:00:00 2001
From: jordan <jordan@wolfssl.com>
Date: Wed, 16 Oct 2024 11:23:33 -0500
Subject: [PATCH 1/3] coverity: check mp_sub_d return values.

---
 wolfcrypt/test/test.c | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c
index 687a59ede..c8dc36742 100644
--- a/wolfcrypt/test/test.c
+++ b/wolfcrypt/test/test.c
@@ -56315,16 +56315,24 @@ static wc_test_ret_t mp_test_mont(mp_int* a, mp_int* m, mp_int* n, mp_int* r, WC
         /* a = 2^(bits*2) - 1 */
         mp_zero(a);
         mp_set_bit(a, bits[i] * 2);
-        mp_sub_d(a, 1, a);
+        ret = mp_sub_d(a, 1, a);
+        if (ret != MP_OKAY)
+            return WC_TEST_RET_ENC_EC(ret);
+
         /* m = 2^(bits) - 1 */
         mp_zero(m);
         mp_set_bit(m, bits[i]);
-        mp_sub_d(m, 1, m);
+        ret = mp_sub_d(m, 1, m);
+        if (ret != MP_OKAY)
+            return WC_TEST_RET_ENC_EC(ret);
+
         mp = 1;
         /* result = r = 2^(bits) - 1 */
         mp_zero(r);
         mp_set_bit(r, bits[i]);
-        mp_sub_d(r, 1, r);
+        ret = mp_sub_d(r, 1, r);
+        if (ret != MP_OKAY)
+            return WC_TEST_RET_ENC_EC(ret);
 
         ret = mp_montgomery_reduce(a, m, mp);
         if (ret != MP_OKAY)

From 115507e0c0533c85718b6b21f7ecf22c9e41dc1b Mon Sep 17 00:00:00 2001
From: jordan <jordan@wolfssl.com>
Date: Wed, 16 Oct 2024 13:08:06 -0500
Subject: [PATCH 2/3] coverity: null check.

---
 src/ssl_asn1.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/ssl_asn1.c b/src/ssl_asn1.c
index 3e4de554a..95f9cca15 100644
--- a/src/ssl_asn1.c
+++ b/src/ssl_asn1.c
@@ -282,7 +282,7 @@ static int wolfssl_i2d_asn1_items(const void* obj, byte* buf,
             len = 0;
             break;
         }
-        if (buf != NULL && !mem->ex && mem->tag >= 0) {
+        if (buf != NULL && tmp != NULL && !mem->ex && mem->tag >= 0) {
             /* Encode the implicit tag */
             byte imp[ASN_TAG_SZ + MAX_LENGTH_SZ];
             SetImplicit(tmp[0], mem->tag, 0, imp, 0);

From 554ebc2e9e6addc248124636345d4db31429db5c Mon Sep 17 00:00:00 2001
From: jordan <jordan@wolfssl.com>
Date: Wed, 16 Oct 2024 16:27:44 -0500
Subject: [PATCH 3/3] coverity: fix double free of encryptedContent.

---
 wolfcrypt/src/pkcs7.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c
index 4858fe354..bb370540e 100644
--- a/wolfcrypt/src/pkcs7.c
+++ b/wolfcrypt/src/pkcs7.c
@@ -13698,6 +13698,7 @@ authenv_atrbend:
             /* free memory, zero out keys */
             ForceZero(encryptedContent, (word32)encryptedContentSz);
             XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+            encryptedContent = NULL;
             ForceZero(decryptedKey, MAX_ENCRYPTED_KEY_SZ);
         #ifdef WOLFSSL_SMALL_STACK
             XFREE(decryptedKey, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
@@ -13726,8 +13727,11 @@ authenv_atrbend:
     }
 #else
     if (ret < 0) {
-        ForceZero(encryptedContent, (word32)encryptedContentSz);
-        XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+        if (encryptedContent != NULL) {
+            ForceZero(encryptedContent, (word32)encryptedContentSz);
+            XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+            encryptedContent = NULL;
+        }
         ForceZero(decryptedKey, MAX_ENCRYPTED_KEY_SZ);
     }
 #endif