From 62766b07580ed41541466e2089c5455b67ddaa73 Mon Sep 17 00:00:00 2001
From: tim-weller-wolfssl <tim.weller@wolfssl.com>
Date: Tue, 20 Sep 2022 16:25:17 -0500
Subject: [PATCH] Updates to remove warnings and build issues found with IAR
 tools.  Update test function / example to avoid memory leak.  Update to pass
 error codes along rather than mask them at lower levels.

Make logic to avoid masking return error conditionally compiled based on STSAFE configuration

Update logic at second crypto-callback location to return error code rather than mask it
---
 src/internal.c                 |  4 +++-
 src/pk.c                       | 12 ++++++------
 wolfcrypt/src/port/st/stsafe.c |  6 +++---
 wolfcrypt/src/tfm.c            | 11 ++++++-----
 wolfssl/test.h                 |  2 +-
 5 files changed, 19 insertions(+), 16 deletions(-)

diff --git a/src/internal.c b/src/internal.c
index 15cf3b743..962bfe842 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -5004,7 +5004,9 @@ int EccVerify(WOLFSSL* ssl, const byte* in, word32 inSz, const byte* out,
 #endif /* WOLFSSL_ASYNC_CRYPT */
     {
         if (ret != 0 || ssl->eccVerifyRes == 0) {
-            ret = VERIFY_SIGN_ERROR;
+            if (ret == 0) {
+                ret = VERIFY_SIGN_ERROR;
+            }
             WOLFSSL_ERROR_VERBOSE(ret);
         }
         else {
diff --git a/src/pk.c b/src/pk.c
index 28dd4964e..324031c76 100644
--- a/src/pk.c
+++ b/src/pk.c
@@ -1377,7 +1377,7 @@ int wolfSSL_PEM_write_bio_RSAPrivateKey(WOLFSSL_BIO* bio, WOLFSSL_RSA* rsa,
     int ret = 1;
     WOLFSSL_EVP_PKEY* pkey = NULL;
 #if defined(WOLFSSL_KEY_GEN) && !defined(HAVE_USER_RSA)
-    int derSz;
+    int derSz = 0;
     byte* derBuf = NULL;
 #endif /* WOLFSSL_KEY_GEN && !HAVE_USER_RSA */
 
@@ -1641,7 +1641,7 @@ int wolfSSL_PEM_write_mem_RSAPrivateKey(RSA* rsa, const EVP_CIPHER* cipher,
     byte* tmp = NULL;
     byte* cipherInfo = NULL;
     int  derSz = 0;
-    int  pemSz;
+    int  pemSz = 0;
     const int type = PRIVATEKEY_TYPE;
     const char* header = NULL;
     const char* footer = NULL;
@@ -3491,7 +3491,7 @@ int wolfSSL_RSA_sign_generic_padding(int hashAlg, const unsigned char* hash,
 {
     int     ret        = 1;
     word32  outLen     = 0;
-    int     signSz;
+    int     signSz     = 0;
     WC_RNG* rng        = NULL;
     int     initTmpRng = 0;
 #ifdef WOLFSSL_SMALL_STACK
@@ -3502,7 +3502,7 @@ int wolfSSL_RSA_sign_generic_padding(int hashAlg, const unsigned char* hash,
     WC_RNG* tmpRng = _tmpRng;
     byte    encodedSig[MAX_ENCODED_SIG_SZ];
 #endif
-    unsigned int encSz;
+    unsigned int encSz = 0;
 
 
     WOLFSSL_ENTER("wolfSSL_RSA_sign_generic_padding");
@@ -3689,7 +3689,7 @@ int wolfSSL_RSA_verify_ex(int hashAlg, const unsigned char* hash,
 #endif
     unsigned char*   sigDec = NULL;
     unsigned int     len    = MAX_ENCODED_SIG_SZ;
-    int              verLen;
+    int              verLen = 0;
 #if (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 1)) && !defined(HAVE_SELFTEST)
     enum wc_HashType hType = WC_HASH_TYPE_NONE;
 #endif
@@ -3811,7 +3811,7 @@ int wolfSSL_RSA_public_encrypt(int len, const unsigned char* from,
 #if !defined(HAVE_FIPS)
     int  mgf = WC_MGF1NONE;
     enum wc_HashType hash = WC_HASH_TYPE_NONE;
-    int pad_type;
+    int pad_type = WC_RSA_NO_PAD;
 #endif
     int outLen = 0;
 
diff --git a/wolfcrypt/src/port/st/stsafe.c b/wolfcrypt/src/port/st/stsafe.c
index ba2a6f5e7..688a234fe 100644
--- a/wolfcrypt/src/port/st/stsafe.c
+++ b/wolfcrypt/src/port/st/stsafe.c
@@ -123,7 +123,7 @@ int SSL_STSAFE_VerifyPeerCertCb(WOLFSSL* ssl,
     word32 pubKeyY_len = sizeof(pubKeyY);
     ecc_key key;
     word32 inOutIdx = 0;
-    StSafeA_CurveId curve_id;
+    StSafeA_CurveId curve_id = STSAFE_A_NIST_P_256;
     int ecc_curve;
 
     (void)ssl;
@@ -170,7 +170,7 @@ int SSL_STSAFE_VerifyPeerCertCb(WOLFSSL* ssl,
         #ifdef USE_STSAFE_VERBOSE
             STSAFE_INTERFACE_PRINTF("stsafe_interface_verify error: %d\n", err);
         #endif
-            err = WC_HW_E;
+            err = -err;
         }
     }
 
@@ -507,7 +507,7 @@ int wolfSSL_STSAFE_CryptoDevCb(int devId, wc_CryptoInfo* info, void* ctx)
                 #ifdef USE_STSAFE_VERBOSE
                     STSAFE_INTERFACE_PRINTF("stsafe_interface_verify error: %d\n", rc);
                 #endif
-                    rc = WC_HW_E;
+                    rc = -rc;
                 }
             }
         }
diff --git a/wolfcrypt/src/tfm.c b/wolfcrypt/src/tfm.c
index cbb28b6e5..a31c7baa1 100644
--- a/wolfcrypt/src/tfm.c
+++ b/wolfcrypt/src/tfm.c
@@ -3884,14 +3884,12 @@ void fp_set(fp_int *a, fp_digit b)
 #endif
 int fp_set_int(fp_int *a, unsigned long b)
 {
-  int x;
-
   /* use direct fp_set if b is less than fp_digit max
    * If input max value of b down shift by 1 less than full range
    * fp_digit, then condition is always true. */
 #if ((ULONG_MAX >> (DIGIT_BIT-1)) > 0)
+  int x;
   if (b < FP_DIGIT_MAX)
-#endif
   {
     fp_set (a, (fp_digit)b);
     return FP_OKAY;
@@ -3918,8 +3916,11 @@ int fp_set_int(fp_int *a, unsigned long b)
 
   /* clamp digits */
   fp_clamp(a);
-
-  return FP_OKAY;
+#else
+  fp_set (a, (fp_digit)b);
+#endif
+  
+  return FP_OKAY;  
 }
 
 /* check if a bit is set */
diff --git a/wolfssl/test.h b/wolfssl/test.h
index 537e0b54e..f282cb38a 100644
--- a/wolfssl/test.h
+++ b/wolfssl/test.h
@@ -2813,7 +2813,7 @@ static WC_INLINE int myVerify(int preverify, WOLFSSL_X509_STORE_CTX* store)
                     wolfSSL_BIO_free(bio);
                 }
             }
-            wolfSSL_sk_X509_free(sk);
+            wolfSSL_sk_X509_pop_free(sk, NULL);
         }
 #endif
     }