From ed7ac6fb268f1ff71b8c0bd7bc830c656c5dd556 Mon Sep 17 00:00:00 2001
From: David Garske <david@wolfssl.com>
Date: Wed, 14 Aug 2019 15:42:47 -0700
Subject: [PATCH 1/2] Coverity fixes to make static analysis happy.

---
 wolfcrypt/src/ecc.c | 2 ++
 wolfcrypt/src/tfm.c | 3 ++-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c
index b14dda89f..6eda8490b 100644
--- a/wolfcrypt/src/ecc.c
+++ b/wolfcrypt/src/ecc.c
@@ -4630,11 +4630,13 @@ int wc_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen,
             break;
     }
 
+#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_ECC)
     /* if async pending then return and skip done cleanup below */
     if (err == WC_PENDING_E) {
         key->state++;
         return err;
     }
+#endif
 
     /* cleanup */
 #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_ECC)
diff --git a/wolfcrypt/src/tfm.c b/wolfcrypt/src/tfm.c
index 1587cbbaa..4e376323c 100644
--- a/wolfcrypt/src/tfm.c
+++ b/wolfcrypt/src/tfm.c
@@ -425,7 +425,8 @@ void fp_mul_d(fp_int *a, fp_digit b, fp_int *c)
    }
 
    /* zero any excess digits on the destination that we didn't write to */
-   for (; x < oldused; x++) {
+   /* also checking FP_SIZE here for static analysis */
+   for (; x < oldused && x < FP_SIZE; x++) {
       c->dp[x] = 0;
    }
    fp_clamp(c);

From 0d13b385ab71f6f60c89a25f3794b9cd16063108 Mon Sep 17 00:00:00 2001
From: David Garske <david@wolfssl.com>
Date: Thu, 15 Aug 2019 17:01:30 -0700
Subject: [PATCH 2/2] Fixes for possible cases where DerBuffer is not free'd in
 `AddCA` error cases.

---
 src/ssl.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/src/ssl.c b/src/ssl.c
index 119308ec7..bada6824a 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -4258,14 +4258,18 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify)
 
     WOLFSSL_MSG("Adding a CA");
 
-    if (cm == NULL)
+    if (cm == NULL) {
+        FreeDer(pDer);
         return BAD_FUNC_ARG;
+    }
 
 #ifdef WOLFSSL_SMALL_STACK
     cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL,
                                  DYNAMIC_TYPE_DCERT);
-    if (cert == NULL)
+    if (cert == NULL) {
+        FreeDer(pDer);
         return MEMORY_E;
+    }
 #endif
 
     InitDecodedCert(cert, der->buffer, der->length, cm->heap);