From 08db159c5de5297e7ec30f95718314bbb1acbaea Mon Sep 17 00:00:00 2001
From: Lealem Amedie <lealemta47@gmail.com>
Date: Wed, 5 Nov 2025 21:27:06 -0700
Subject: [PATCH 1/5] Fixes for minor scan-build warnings

---
 examples/client/client.c | 2 ++
 src/tls13.c              | 1 +
 tests/api.c              | 2 +-
 wolfcrypt/src/random.c   | 5 +++--
 wolfcrypt/src/sp_int.c   | 7 ++++---
 5 files changed, 11 insertions(+), 6 deletions(-)

diff --git a/examples/client/client.c b/examples/client/client.c
index b47b3ecd7..c7b1b952f 100644
--- a/examples/client/client.c
+++ b/examples/client/client.c
@@ -2950,7 +2950,9 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
 #endif /* HAVE_RPK */
                 break;
             case 268:
+#ifndef NO_CERTS
                 fileFormat = WOLFSSL_FILETYPE_ASN1;
+#endif
                 break;
             case 269:
 #if defined(WOLFSSL_SYS_CRYPTO_POLICY)
diff --git a/src/tls13.c b/src/tls13.c
index 5297c9693..59bc3e52c 100644
--- a/src/tls13.c
+++ b/src/tls13.c
@@ -10558,6 +10558,7 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input,
         case TLS_ASYNC_DO:
         {
             sig = input + args->idx;
+            (void)sig;
         #ifdef WOLFSSL_DUAL_ALG_CERTS
             if (ssl->sigSpec != NULL &&
                 *ssl->sigSpec == WOLFSSL_CKS_SIGSPEC_BOTH) {
diff --git a/tests/api.c b/tests/api.c
index f0090c183..025df48b6 100644
--- a/tests/api.c
+++ b/tests/api.c
@@ -20118,7 +20118,7 @@ static int test_wolfSSL_PKCS7_certs(void)
         while (EXPECT_SUCCESS() && (sk_X509_INFO_num(info_sk) > 0)) {
             X509_INFO* info = NULL;
             ExpectNotNull(info = sk_X509_INFO_shift(info_sk));
-            if (info != NULL) {
+            if (EXPECT_SUCCESS() && info != NULL) {
                 ExpectIntGT(sk_X509_push(sk, info->x509), 0);
                 info->x509 = NULL;
             }
diff --git a/wolfcrypt/src/random.c b/wolfcrypt/src/random.c
index c73a02731..187f2c98e 100644
--- a/wolfcrypt/src/random.c
+++ b/wolfcrypt/src/random.c
@@ -4207,8 +4207,9 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
         #ifdef FORCE_FAILURE_GETRANDOM
             /* don't fallback to /dev/urandom */
             return ret;
-        #else
-            /* reset error and fallback to using /dev/urandom */
+        #elif !defined(NO_FILESYSTEM)
+            /* reset error and fallback to using /dev/urandom if filesystem
+             * support is compiled in */
             ret = 0;
         #endif
         }
diff --git a/wolfcrypt/src/sp_int.c b/wolfcrypt/src/sp_int.c
index 50f71f6c1..0890ffb84 100644
--- a/wolfcrypt/src/sp_int.c
+++ b/wolfcrypt/src/sp_int.c
@@ -8561,10 +8561,11 @@ int sp_rshb(const sp_int* a, int n, sp_int* r)
         }
         else {
             /* Move the bits down starting at least significant digit. */
-            for (j = 0; i < a->used - 1; i++, j++)
-                r->dp[j] = (a->dp[i] >> n) | (a->dp[i+1] << (SP_WORD_SIZE - n));
+            for (j = 0; j < (sp_size_t)(a->used - 1 - i); j++)
+                r->dp[j] = (a->dp[j+i] >> n) |
+                    (a->dp[j+i+1] << (SP_WORD_SIZE - n));
             /* Most significant digit has no higher digit to pull from. */
-            r->dp[j] = a->dp[i] >> n;
+            r->dp[j] = a->dp[j+i] >> n;
             /* Set the count of used digits. */
             r->used = (sp_size_t)(j + (r->dp[j] > 0));
         }

From eecf82362e19e2e6c965c3e7bdf3546403136085 Mon Sep 17 00:00:00 2001
From: Lealem Amedie <lealemta47@gmail.com>
Date: Thu, 6 Nov 2025 10:24:20 -0700
Subject: [PATCH 2/5] Check for getrandom declaration

---
 configure.ac | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/configure.ac b/configure.ac
index 218dc57dc..63aa9da65 100644
--- a/configure.ac
+++ b/configure.ac
@@ -150,7 +150,7 @@ AC_CHECK_HEADER(assert.h, [AM_CPPFLAGS="$AM_CPPFLAGS -DWOLFSSL_HAVE_ASSERT_H"],[
 # they're declared by the expected headers, and if not, supersede the
 # unusable positive from AC_CHECK_FUNCS().
 AC_CHECK_FUNCS([gethostbyname getaddrinfo gettimeofday gmtime_r gmtime_s inet_ntoa memset socket strftime atexit isascii getpid getrandom])
-AC_CHECK_DECLS([gethostbyname, getaddrinfo, gettimeofday, gmtime_r, gmtime_s, inet_ntoa, memset, socket, strftime, atexit, isascii, getpid], [], [
+AC_CHECK_DECLS([gethostbyname, getaddrinfo, gettimeofday, gmtime_r, gmtime_s, inet_ntoa, memset, socket, strftime, atexit, isascii, getpid, getrandom], [], [
 if test "$(eval echo \$"$(eval 'echo ac_cv_func_${as_decl_name}')")" = "yes"
 then
     AC_MSG_NOTICE([    note: earlier check for $(eval 'echo ${as_decl_name}') superseded.])

From d3de6305e8c7a8f0b50a7b826ead5ee0b40b8e66 Mon Sep 17 00:00:00 2001
From: Lealem Amedie <lealemta47@gmail.com>
Date: Thu, 6 Nov 2025 10:24:44 -0700
Subject: [PATCH 3/5] Exit wolfcrypt test if wolfCrypt_Init fails

---
 wolfcrypt/test/test.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c
index f03b95797..a410d1156 100644
--- a/wolfcrypt/test/test.c
+++ b/wolfcrypt/test/test.c
@@ -3064,11 +3064,13 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\
         printf("Math: %s\n", wc_GetMathInfo());
 #endif
 
+        if (ret == 0) {
 #ifdef HAVE_STACK_SIZE
-        StackSizeCheck(&args, wolfcrypt_test);
+            StackSizeCheck(&args, wolfcrypt_test);
 #else
-        wolfcrypt_test(&args);
+            wolfcrypt_test(&args);
 #endif
+        }
 
         if ((ret = wolfCrypt_Cleanup()) != 0) {
             printf("wolfCrypt_Cleanup failed %d\n", (int)ret);

From 2b8f83fd8d1b1971e8922ba8df901c819b54b83f Mon Sep 17 00:00:00 2001
From: Lealem Amedie <lealemta47@gmail.com>
Date: Thu, 6 Nov 2025 14:16:38 -0700
Subject: [PATCH 4/5] Fixes for getrandom detection

---
 configure.ac           | 5 ++++-
 wolfcrypt/src/random.c | 2 ++
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/configure.ac b/configure.ac
index 63aa9da65..e36fe0aae 100644
--- a/configure.ac
+++ b/configure.ac
@@ -139,7 +139,7 @@ AC_ARG_ENABLE([linuxkm-defaults],
     )
 
 
-AC_CHECK_HEADERS([arpa/inet.h fcntl.h limits.h netdb.h netinet/in.h stddef.h time.h sys/ioctl.h sys/socket.h sys/time.h errno.h sys/un.h ctype.h])
+AC_CHECK_HEADERS([arpa/inet.h fcntl.h limits.h netdb.h netinet/in.h stddef.h time.h sys/ioctl.h sys/socket.h sys/time.h errno.h sys/un.h ctype.h sys/random.h])
 AC_CHECK_LIB([network],[socket])
 AC_C_BIGENDIAN
 AC_C___ATOMIC
@@ -186,6 +186,9 @@ fi
 #ifdef HAVE_CTYPE_H
     #include <ctype.h>
 #endif
+#ifdef HAVE_SYS_RANDOM_H
+    #include <sys/random.h>
+#endif
 ]])
 
 AC_PROG_INSTALL
diff --git a/wolfcrypt/src/random.c b/wolfcrypt/src/random.c
index 187f2c98e..9a8a939fb 100644
--- a/wolfcrypt/src/random.c
+++ b/wolfcrypt/src/random.c
@@ -4256,6 +4256,8 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
         }
         close(os->fd);
 #else
+        (void)output;
+        (void)sz;
         ret = NOT_COMPILED_IN;
 #endif /* NO_FILESYSTEM */
 

From 15ecc2e4daddc33e979da5f15a0ac049afce335c Mon Sep 17 00:00:00 2001
From: Lealem Amedie <lealemta47@gmail.com>
Date: Thu, 6 Nov 2025 15:11:49 -0700
Subject: [PATCH 5/5] Update Rowley settings to define WOLFSSL_NO_SOCK

---
 IDE/ROWLEY-CROSSWORKS-ARM/user_settings.h | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/IDE/ROWLEY-CROSSWORKS-ARM/user_settings.h b/IDE/ROWLEY-CROSSWORKS-ARM/user_settings.h
index 93157db58..6e7c8a6d2 100644
--- a/IDE/ROWLEY-CROSSWORKS-ARM/user_settings.h
+++ b/IDE/ROWLEY-CROSSWORKS-ARM/user_settings.h
@@ -18,6 +18,9 @@ extern "C" {
 #undef  SINGLE_THREADED
 #define SINGLE_THREADED
 
+#undef WOLFSSL_NO_SOCK
+#define WOLFSSL_NO_SOCK
+
 #undef  WOLFSSL_SMALL_STACK
 //#define WOLFSSL_SMALL_STACK