From 583a50a3f6768baa5ee043ce4c0a23bbacfdc376 Mon Sep 17 00:00:00 2001
From: Jacob Barthelmeh <jacob@wolfssl.com>
Date: Tue, 26 Oct 2021 15:50:11 -0600
Subject: [PATCH 1/4] account for case where XTIME returns an unsigned type

---
 src/ssl.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/ssl.c b/src/ssl.c
index 00a0148fc..60971a356 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -27486,7 +27486,7 @@ int wolfSSL_ASN1_TIME_to_tm(const WOLFSSL_ASN1_TIME* asnTime, struct tm* tm)
         }
 
         currentTime = XTIME(0);
-        if (currentTime < 0) {
+        if (currentTime <= 0) {
             WOLFSSL_MSG("Failed to get current time.");
             return WOLFSSL_FAILURE;
         }
@@ -30242,7 +30242,7 @@ int wolfSSL_ASN1_TIME_diff(int *days, int *secs, const WOLFSSL_ASN1_TIME *from,
     }
 
     fromSecs = XMKTIME(fromTm);
-    if (fromSecs < 0) {
+    if (fromSecs <= 0) {
         WOLFSSL_MSG("XMKTIME for from time failed.");
         return WOLFSSL_FAILURE;
     }
@@ -30261,7 +30261,7 @@ int wolfSSL_ASN1_TIME_diff(int *days, int *secs, const WOLFSSL_ASN1_TIME *from,
     }
 
     toSecs = XMKTIME(toTm);
-    if (toSecs < 0) {
+    if (toSecs <= 0) {
         WOLFSSL_MSG("XMKTIME for to time failed.");
         return WOLFSSL_FAILURE;
     }

From 3d5eea8f5665501ba1d11e63895a6bcff578d6f2 Mon Sep 17 00:00:00 2001
From: Jacob Barthelmeh <jacob@wolfssl.com>
Date: Tue, 26 Oct 2021 16:17:32 -0600
Subject: [PATCH 2/4] fix for disable memory build

---
 src/ssl.c           | 9 +++++++++
 wolfcrypt/src/rsa.c | 3 +--
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/src/ssl.c b/src/ssl.c
index 60971a356..51c97879c 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -35668,6 +35668,7 @@ static int wolfSSL_RSA_To_Der(WOLFSSL_RSA* rsa, byte** outBuf, int publicKey, vo
         }
     }
 
+    (void)heap; /* unused if memory is disabled */
     WOLFSSL_LEAVE("wolfSSL_RSA_To_Der", derSz);
     return derSz;
 }
@@ -46850,10 +46851,18 @@ int wolfSSL_CRYPTO_set_mem_functions(
         wolfSSL_Realloc_cb r,
         wolfSSL_Free_cb    f)
 {
+#ifdef USE_WOLFSSL_MEMORY
     if (wolfSSL_SetAllocators(m, f, r) == 0)
         return WOLFSSL_SUCCESS;
     else
         return WOLFSSL_FAILURE;
+#else
+    (void)m;
+    (void)r;
+    (void)f;
+    WOLFSSL_MSG("wolfSSL allocator callback functions not compiled in");
+    return WOLFSSL_FAILURE;
+#endif
 }
 
 #if defined(WOLFSSL_KEY_GEN) && !defined(HAVE_SELFTEST)
diff --git a/wolfcrypt/src/rsa.c b/wolfcrypt/src/rsa.c
index 5288f26e8..a23456320 100644
--- a/wolfcrypt/src/rsa.c
+++ b/wolfcrypt/src/rsa.c
@@ -3669,10 +3669,9 @@ int wc_RsaPSS_CheckPadding_ex2(const byte* in, word32 inSz, byte* sig,
     if (sigCheck != NULL && sigCheck != sigCheckBuf) {
         XFREE(sigCheck, heap, DYNAMIC_TYPE_RSA_BUFFER);
     }
-#else
-    (void)heap;
 #endif
 
+    (void)heap; /* unused if memory is disabled */
     return ret;
 }
 int wc_RsaPSS_CheckPadding_ex(const byte* in, word32 inSz, byte* sig,

From 00249b70ae354cf3fb07a95db6c22a6f3e5d3115 Mon Sep 17 00:00:00 2001
From: Jacob Barthelmeh <jacob@wolfssl.com>
Date: Wed, 27 Oct 2021 13:22:45 -0600
Subject: [PATCH 3/4] fix for build with WOLFSSL_SGX

---
 tests/api.c      | 2 +-
 wolfssl/wolfio.h | 3 +++
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/tests/api.c b/tests/api.c
index a87a8a66a..a91d2855b 100644
--- a/tests/api.c
+++ b/tests/api.c
@@ -28206,7 +28206,7 @@ static void test_wc_PKCS7_EncodeDecodeEnvelopedData (void)
 static void test_wc_PKCS7_EncodeEncryptedData (void)
 {
 #if defined(HAVE_PKCS7) && !defined(NO_PKCS7_ENCRYPTED_DATA)
-    PKCS7*      pkcs7;
+    PKCS7*      pkcs7 = NULL;
     byte*       tmpBytePtr = NULL;
     byte        encrypted[TWOK_BUF];
     byte        decoded[TWOK_BUF];
diff --git a/wolfssl/wolfio.h b/wolfssl/wolfio.h
index 28a5a7b83..93d7d0371 100644
--- a/wolfssl/wolfio.h
+++ b/wolfssl/wolfio.h
@@ -320,6 +320,9 @@
 #elif defined(WOLFSSL_LINUXKM)
     #define SEND_FUNCTION linuxkm_send
     #define RECV_FUNCTION linuxkm_recv
+#elif defined(WOLFSSL_SGX)
+    #define SEND_FUNCTION send
+    #define RECV_FUNCTION recv
 #else
     #define SEND_FUNCTION send
     #define RECV_FUNCTION recv

From f585dcd5aba7e240d467419e2f3506134b124271 Mon Sep 17 00:00:00 2001
From: Jacob Barthelmeh <jacob@wolfssl.com>
Date: Wed, 27 Oct 2021 15:12:04 -0600
Subject: [PATCH 4/4] adjust inSz with BER PKCS7 parsing

---
 wolfcrypt/src/pkcs7.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c
index 40ed69fb5..a46cbfa91 100644
--- a/wolfcrypt/src/pkcs7.c
+++ b/wolfcrypt/src/pkcs7.c
@@ -10192,7 +10192,7 @@ static int wc_PKCS7_ParseToRecipientInfoSet(PKCS7* pkcs7, byte* in,
                     return ret;
 
                 pkiMsg = in = pkcs7->der;
-                pkiMsgSz = pkcs7->derSz = len;
+                pkiMsgSz = pkcs7->derSz = inSz = len;
                 *idx = 0;
 
                 if (GetSequence(pkiMsg, idx, &length, pkiMsgSz) < 0)