From f222adf4c2044b40ddc73ab13cf3d15f32589572 Mon Sep 17 00:00:00 2001
From: jordan <jordan@wolfssl.com>
Date: Wed, 13 Dec 2023 15:59:03 -0600
Subject: [PATCH 1/2] Fix issues from infer diff report.

---
 src/quic.c   | 28 ++++++++++++++++++++++++----
 tests/api.c  | 12 ++++++------
 tests/quic.c |  7 ++++++-
 3 files changed, 36 insertions(+), 11 deletions(-)

diff --git a/src/quic.c b/src/quic.c
index 0a60f57673..02622a7e47 100644
--- a/src/quic.c
+++ b/src/quic.c
@@ -950,8 +950,18 @@ int wolfSSL_quic_keys_active(WOLFSSL* ssl, enum encrypt_side side)
 
 const WOLFSSL_EVP_CIPHER* wolfSSL_quic_get_aead(WOLFSSL* ssl)
 {
-    WOLFSSL_CIPHER* cipher = wolfSSL_get_current_cipher(ssl);
-    const WOLFSSL_EVP_CIPHER* evp_cipher;
+    WOLFSSL_CIPHER* cipher = NULL;
+    const WOLFSSL_EVP_CIPHER* evp_cipher = NULL;
+
+    if (ssl == NULL) {
+        return NULL;
+    }
+
+    cipher = wolfSSL_get_current_cipher(ssl);
+
+    if (cipher == NULL) {
+        return NULL;
+    }
 
     switch (cipher->cipherSuite) {
 #if !defined(NO_AES) && defined(HAVE_AESGCM)
@@ -997,8 +1007,18 @@ static int evp_cipher_eq(const WOLFSSL_EVP_CIPHER* c1,
 
 const WOLFSSL_EVP_CIPHER* wolfSSL_quic_get_hp(WOLFSSL* ssl)
 {
-    WOLFSSL_CIPHER* cipher = wolfSSL_get_current_cipher(ssl);
-    const WOLFSSL_EVP_CIPHER* evp_cipher;
+    WOLFSSL_CIPHER* cipher = NULL;
+    const WOLFSSL_EVP_CIPHER* evp_cipher = NULL;
+
+    if (ssl == NULL) {
+        return NULL;
+    }
+
+    cipher = wolfSSL_get_current_cipher(ssl);
+
+    if (cipher == NULL) {
+        return NULL;
+    }
 
     switch (cipher->cipherSuite) {
 #if !defined(NO_AES) && defined(HAVE_AESGCM)
diff --git a/tests/api.c b/tests/api.c
index 4e19c9b499..95d9999842 100644
--- a/tests/api.c
+++ b/tests/api.c
@@ -45099,8 +45099,8 @@ static int test_wolfSSL_cert_cb_dyn_ciphers_certCB(WOLFSSL* ssl, void* arg)
         haveECC = 0;
     }
     for (idx = 0; idx < hashSigAlgoSz; idx += 2) {
-        int hashAlgo;
-        int sigAlgo;
+        int hashAlgo = 0;
+        int sigAlgo = 0;
 
         if (wolfSSL_get_sigalg_info(hashSigAlgo[idx+0], hashSigAlgo[idx+1],
                 &hashAlgo, &sigAlgo) != 0)
@@ -45313,8 +45313,8 @@ static int test_wolfSSL_sigalg_info(void)
 
     InitSuitesHashSigAlgo_ex2(hashSigAlgo, allSigAlgs, 1, 0xFFFFFFFF, &len);
     for (idx = 0; idx < len; idx += 2) {
-        int hashAlgo;
-        int sigAlgo;
+        int hashAlgo = 0;
+        int sigAlgo = 0;
 
         ExpectIntEQ(wolfSSL_get_sigalg_info(hashSigAlgo[idx+0],
                 hashSigAlgo[idx+1], &hashAlgo, &sigAlgo), 0);
@@ -45326,8 +45326,8 @@ static int test_wolfSSL_sigalg_info(void)
     InitSuitesHashSigAlgo_ex2(hashSigAlgo, allSigAlgs | SIG_ANON, 1,
             0xFFFFFFFF, &len);
     for (idx = 0; idx < len; idx += 2) {
-        int hashAlgo;
-        int sigAlgo;
+        int hashAlgo = 0;
+        int sigAlgo = 0;
 
         ExpectIntEQ(wolfSSL_get_sigalg_info(hashSigAlgo[idx+0],
                 hashSigAlgo[idx+1], &hashAlgo, &sigAlgo), 0);
diff --git a/tests/quic.c b/tests/quic.c
index a03c685277..a044343994 100644
--- a/tests/quic.c
+++ b/tests/quic.c
@@ -543,10 +543,11 @@ static int ctx_send_alert(WOLFSSL *ssl, WOLFSSL_ENCRYPTION_LEVEL level, uint8_t
 {
     QuicTestContext *ctx = (QuicTestContext*)wolfSSL_get_app_data(ssl);
 
+    AssertNotNull(ctx);
+
     if (ctx->verbose) {
         printf("[%s] send_alert: level=%d, err=%d\n", ctx->name, level, err);
     }
-    AssertNotNull(ctx);
     ctx->alert_level = level;
     ctx->alert = alert;
     return 1;
@@ -559,6 +560,8 @@ static int ctx_session_ticket_cb(WOLFSSL* ssl,
 {
     QuicTestContext *ctx = (QuicTestContext*)wolfSSL_get_app_data(ssl);
 
+    AssertNotNull(ctx);
+
     (void)cb_ctx;
     if (ticketSz < 0 || (size_t)ticketSz > sizeof(ctx->ticket)) {
         printf("SESSION TICKET callback: ticket given is too large: %d bytes\n", ticketSz);
@@ -1535,6 +1538,8 @@ static int new_session_cb(WOLFSSL *ssl, WOLFSSL_SESSION *session)
     int ret = 0;
     int sz;
 
+    AssertNotNull(ctx);
+
     sz = wolfSSL_i2d_SSL_SESSION(session, NULL);
     if (sz <= 0) {
         printf("[%s] session serialization error: %d <- ", ctx->name, sz);

From a1b44b621475890d6ed547b2747e50e88dff0796 Mon Sep 17 00:00:00 2001
From: jordan <jordan@wolfssl.com>
Date: Wed, 13 Dec 2023 17:17:49 -0600
Subject: [PATCH 2/2] Fix issues from infer diff report: init mp_digit to 0.

---
 wolfcrypt/src/rsa.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/wolfcrypt/src/rsa.c b/wolfcrypt/src/rsa.c
index eb40fc46c7..514ffb235a 100644
--- a/wolfcrypt/src/rsa.c
+++ b/wolfcrypt/src/rsa.c
@@ -2495,7 +2495,7 @@ static int RsaFunctionPrivate(mp_int* tmp, RsaKey* key, WC_RNG* rng)
 {
     int    ret = 0;
 #if defined(WC_RSA_BLINDING) && !defined(WC_NO_RNG)
-    mp_digit mp;
+    mp_digit mp = 0;
     DECL_MP_INT_SIZE_DYN(rnd, mp_bitsused(&key->n), RSA_MAX_SIZE);
     DECL_MP_INT_SIZE_DYN(rndi, mp_bitsused(&key->n), RSA_MAX_SIZE);
 #endif /* WC_RSA_BLINDING && !WC_NO_RNG */