From f06414903cff45af37fb936996cd4b4247599e0e Mon Sep 17 00:00:00 2001
From: Jacob Barthelmeh <jacob@wolfssl.com>
Date: Mon, 13 Sep 2021 09:35:55 -0600
Subject: [PATCH] fix for scan build warning and better check on size

---
 wolfcrypt/src/asn.c | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c
index c6c73d702..2a04a4a95 100644
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@@ -26821,14 +26821,14 @@ static int DecodeAsymKey(const byte* input, word32* inOutIdx, word32 inSz,
         if (GetOctetString(input, inOutIdx, &privSz, inSz) < 0)
             return ASN_PARSE_E;
 
-        if ((word32)privSz > *privKeyLen)
-            return BUFFER_E;
-
         priv = input + *inOutIdx;
         *inOutIdx += privSz;
         endKeyIdx = *inOutIdx;
     }
 
+    if ((word32)privSz > *privKeyLen)
+        return BUFFER_E;
+
     if (endKeyIdx == (int)*inOutIdx) {
         *privKeyLen = privSz;
         XMEMCPY(privKey, priv, *privKeyLen);
@@ -26836,6 +26836,10 @@ static int DecodeAsymKey(const byte* input, word32* inOutIdx, word32 inSz,
             *pubKeyLen = 0;
     }
     else {
+        if (pubKeyLen == NULL) {
+            return BAD_FUNC_ARG;
+        }
+
         if (GetASNHeader(input, ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | 1,
                          inOutIdx, &length, inSz) < 0) {
             return ASN_PARSE_E;