Changes to clear issues raised by cppcheck

IDE/ECLIPSE/DEOS/tls_wolfssl.c

@@ -380,10 +380,7 @@ void wolfssl_server_test(uintData_t statusPtr)
     int  socketAddrLen=sizeof(sockaddr);
     char rx_buf[RX_BUF_SIZE];
     char tx_buf[TX_BUF_SIZE];
-    unsigned  char attempt_conn;
     clientConnectionHandleType TCPserverHandle;
-    void * sendBuffer;
-    DWORD bufferSizeInBytes;
 
     WOLFSSL * ssl;
     WOLFSSL_CTX * ctx;
@@ -572,7 +569,6 @@ int  wolfsslRunTests (void)
 {
     thread_handle_t TCPhandle;
     threadStatus ts;
-    int ret;
 
     #if !defined(NO_CRYPT_TEST)
         wolfcrypt_test(NULL);

IDE/Espressif/ESP-IDF/test/test_wolfssl.c

@@ -280,13 +280,13 @@ int mp_performance_check(int mul, int mulmod, int exptmod)
                 printf("(%d,%d) Xbits = %d, Ybits = %d Pbits = %d",
                                                         i , j, Xbits, Ybits, Pbits);
                 if(mul) {
-                    printf(" mul = %llu (us)", elapsedTime1);
+                    printf(" mul = %llu (us)", (unsigned long long)elapsedTime1);
                 }
                 if(mulmod) {
-                    printf(" mulmod = %llu (us)\n", elapsedTime2);
+                    printf(" mulmod = %llu (us)\n", (unsigned long long)elapsedTime2);
                 }
                 if(exptmod) {
-                    printf(" exptmod = %llu (ms)\n", elapsedTime3);
+                    printf(" exptmod = %llu (ms)\n", (unsigned long long)elapsedTime3);
                 }
             }
         }

IDE/GCC-ARM/Source/armtarget.c

@@ -142,20 +142,20 @@ void HardFault_HandlerC( uint32_t *hardfault_args )
     _BFAR = (*((volatile uint32_t *)(0xE000ED38)));
 
     printf ("\n\nHard fault handler (all numbers in hex):\n");
-    printf ("R0 = %lx\n", stacked_r0);
-    printf ("R1 = %lx\n", stacked_r1);
-    printf ("R2 = %lx\n", stacked_r2);
-    printf ("R3 = %lx\n", stacked_r3);
-    printf ("R12 = %lx\n", stacked_r12);
-    printf ("LR [R14] = %lx  subroutine call return address\n", stacked_lr);
-    printf ("PC [R15] = %lx  program counter\n", stacked_pc);
-    printf ("PSR = %lx\n", stacked_psr);
-    printf ("CFSR = %lx\n", _CFSR);
-    printf ("HFSR = %lx\n", _HFSR);
-    printf ("DFSR = %lx\n", _DFSR);
-    printf ("AFSR = %lx\n", _AFSR);
-    printf ("MMAR = %lx\n", _MMAR);
-    printf ("BFAR = %lx\n", _BFAR);
+    printf ("R0 = %lx\n", (unsigned long)stacked_r0);
+    printf ("R1 = %lx\n", (unsigned long)stacked_r1);
+    printf ("R2 = %lx\n", (unsigned long)stacked_r2);
+    printf ("R3 = %lx\n", (unsigned long)stacked_r3);
+    printf ("R12 = %lx\n", (unsigned long)stacked_r12);
+    printf ("LR [R14] = %lx  subroutine call return address\n", (unsigned long)stacked_lr);
+    printf ("PC [R15] = %lx  program counter\n", (unsigned long)stacked_pc);
+    printf ("PSR = %lx\n", (unsigned long)stacked_psr);
+    printf ("CFSR = %lx\n", (unsigned long)_CFSR);
+    printf ("HFSR = %lx\n", (unsigned long)_HFSR);
+    printf ("DFSR = %lx\n", (unsigned long)_DFSR);
+    printf ("AFSR = %lx\n", (unsigned long)_AFSR);
+    printf ("MMAR = %lx\n", (unsigned long)_MMAR);
+    printf ("BFAR = %lx\n", (unsigned long)_BFAR);
 
     // Break into the debugger
     __asm("BKPT #0\n");

IDE/HEXAGON/ecc-verify-benchmark.c

@@ -78,7 +78,6 @@ static int hash_firmware_verify_default(int numThreads)
     int ret, i;
     word32 idx;
     double t;
-    char *sp_URI_value;
     pthread_t threads[numThreads];
     ecc_key eccKey[numThreads];
 

IDE/IAR-EWARM/Projects/benchmark/current_time.c

@@ -44,7 +44,7 @@ void InitTimer(void) {
                                        SYSCTL_USE_PLL |
                                        SYSCTL_CFG_VCO_480), 120000000);
 
-    printf("Clock=%dMHz\n", ui32SysClock/1000000) ;
+    printf("Clock=%dMHz\n", (int)(ui32SysClock/1000000));
     ROM_SysCtlPeripheralEnable(SYSCTL_PERIPH_TIMER0);
     ROM_TimerConfigure(TIMER0_BASE, TIMER_CFG_PERIODIC);
     ROM_TimerLoadSet(TIMER0_BASE, TIMER_A, -1);

IDE/INTIME-RTOS/wolfExamples.c

@@ -55,7 +55,7 @@ int wolfExample_TLSClient(const char* ip, int port)
     int          ret = 0;
     WOLFSSL_CTX* ctx = NULL;
     WOLFSSL*     ssl = NULL;        /* create WOLFSSL object */
-    int                sockFd = -1; /* socket file descriptor */
+    int                sockFd;      /* socket file descriptor */
     struct sockaddr_in servAddr;    /* struct for server address */
     char sendBuff[TLS_MAXDATASIZE], rcvBuff[TLS_MAXDATASIZE];
 
@@ -144,13 +144,13 @@ int wolfExample_TLSServer(int port)
     int ret = 0;
     WOLFSSL_CTX* ctx = NULL;
     WOLFSSL* ssl = NULL;
-    int sockFd = -1, clientFd = -1;
+    int sockFd, clientFd = -1;
     struct sockaddr_in serverAddr = {0}, clientAddr = {0};
     const char reply[]  = "I hear ya fa shizzle!\n";
     int addrSize        = sizeof(clientAddr);
     char buff[256];
 
-	sockFd = socket(AF_INET, SOCK_STREAM, 0);
+    sockFd = socket(AF_INET, SOCK_STREAM, 0);
     if (sockFd < 0) {
         printf("Failed to create socket. Error: %d\n", errno);
         return errno;

IDE/MDK-ARM/MDK-ARM/wolfSSL/shell.c

@@ -436,7 +436,7 @@ static void for_command(void *args)
 {
     if( args == NULL || ((func_args *)args)->argc == 1) {
         printf("For %d times\n", for_iteration) ;
-    } else if( args == NULL || ((func_args *)args)->argc == 2) {
+    } else if(((func_args *)args)->argc == 2) {
         for_iteration = atoi(((func_args *)args)->argv[1]) ;
     } else printf("Invalid argument\n") ;
 }

IDE/MDK-ARM/MDK-ARM/wolfSSL/wolfssl_MDK_ARM.c

@@ -69,7 +69,7 @@ char *inet_ntoa(struct in_addr in)
 unsigned long inet_addr(const char *cp)
 {
     unsigned int a[4] ; unsigned long ret ;
-    sscanf(cp, "%d.%d.%d.%d", &a[0], &a[1], &a[2], &a[3]) ;
+    sscanf(cp, "%u.%u.%u.%u", &a[0], &a[1], &a[2], &a[3]) ;
     ret = ((a[3]<<24) + (a[2]<<16) + (a[1]<<8) + a[0]) ;
     return(ret) ;
 }

IDE/MDK5-ARM/Projects/SimpleClient/main.c

@@ -209,7 +209,7 @@ int main (void) {
     snprintf(ver, VERSIZE, "%d", TLS_VER);
     argv[6] = ver;
 
-    printf("SSL/TLS Client(%d)\n ", sizeof(argv)/sizeof(argv[0])) ;
+    printf("SSL/TLS Client(%d)\n ", (int)(sizeof(argv)/sizeof(argv[0]))) ;
     printf("    Remote IP: %s, Port: %s\n    Version: %s\n", argv[2], argv[4],  verStr[TLS_VER]) ;
     printf("    Other options: %s\n", OTHER_OPTIONS);   
     setTime((time_t)((RTC_YEAR-1970)*365*24*60*60) + RTC_MONTH*30*24*60*60 + RTC_DAY*24*60*60);

IDE/MDK5-ARM/Projects/wolfSSL-Full/shell.c

@@ -477,7 +477,7 @@ static void for_command(void *args)
 {
     if( args == NULL || ((func_args *)args)->argc == 1) {
         printf("For %d times\n", for_iteration) ;
-    } else if( args == NULL || ((func_args *)args)->argc == 2) {
+    } else if(((func_args *)args)->argc == 2) {
         for_iteration = atoi(((func_args *)args)->argv[1]) ;
     } else printf("Invalid argument\n") ;
 }

IDE/OPENSTM32/Src/wolfssl_example.c

@@ -1122,7 +1122,7 @@ int bench_tls(void* args)
 {
     int ret = 0;
     info_t *info = NULL;
-    char *cipher, *next_cipher, *ciphers = NULL;
+    char *cipher, *next_cipher, *ciphers;
 
     /* Runtime variables */
     int argRuntimeSec = BENCH_RUNTIME_SEC;

IDE/RISCV/SIFIVE-HIFIVE1/main.c

@@ -143,12 +143,12 @@ int main(void)
 #ifdef USE_CLOCK_HZ
     /* Speed up clock */
     printf("SiFive HiFive1 Demo\n");
-    printf("Setting clock to %dMHz\n", USE_CLOCK_HZ/1000000);
+    printf("Setting clock to %dMHz\n", (int)(USE_CLOCK_HZ/1000000));
     clk_Hz = metal_clock_set_rate_hz(
         &__METAL_DT_SIFIVE_FE310_G000_PLL_HANDLE->clock, USE_CLOCK_HZ
     );
 #endif
-    printf("Actual Clock %dMHz\n", clk_Hz/1000000);
+    printf("Actual Clock %dMHz\n", (int)(clk_Hz/1000000));
 
     /* Reconfigure the SPI Bus for dual mode */
     #define QSPI0_CTRL       0x10014000UL

IDE/ROWLEY-CROSSWORKS-ARM/kinetis_hw.c

@@ -154,14 +154,14 @@ static void hw_gpio_init(void)
 
 static void hw_uart_init(void)
 {
-    register uint16_t sbr, brfa;
-    uint8_t temp;
-
 #ifdef FREESCALE_KSDK_BM
     PORT_SetPinMux(UART_TX_PORT, UART_TX_PIN, UART_TX_MUX);
     CLOCK_SetLpuartClock(1); /* MCGPLLCLK */
     DbgConsole_Init((uint32_t)UART_PORT, UART_BAUD, DEBUG_CONSOLE_DEVICE_TYPE_LPUART, SYS_CLK_HZ);
 #else
+    register uint16_t sbr, brfa;
+    uint8_t temp;
+
     #ifdef WOLFSSL_FRDM_K64
         /* Enable UART core clock ONLY for FRDM-K64F */
         SIM->SCGC4 |= SIM_SCGC4_UART0_MASK;
@@ -217,8 +217,6 @@ static void hw_rtc_init(void)
 
     /* Enable OSC */
     if ((RTC->CR & RTC_CR_OSCE_MASK) == 0) {
-        int i;
-
         /* Turn on */
         RTC->CR |= RTC_CR_OSCE_MASK;
 

IDE/zephyr/wolfssl_tls_sock/src/tls_sock.c

@@ -296,21 +296,20 @@ void join_thread(THREAD_TYPE thread)
 int wolfssl_server_accept_tcp(WOLFSSL* ssl, SOCKET_T* fd, SOCKET_T* acceptfd)
 {
     int ret = 0;
-    SOCKET_T      sockfd   = WOLFSSL_SOCKET_INVALID;
+    SOCKET_T      sockfd;
     SOCKET_T      clientfd = WOLFSSL_SOCKET_INVALID;
     SOCKADDR_IN_T client;
     socklen_t     client_len = sizeof(client);
     word16        port = 443;
     struct sockaddr_in bind_addr;
 
-    if (ret == 0) {
-        sockfd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
-        bind_addr.sin_family = AF_INET;
-        bind_addr.sin_addr.s_addr = htonl(INADDR_ANY);
-        bind_addr.sin_port = htons(port);
-        if (bind(sockfd, (struct sockaddr *)&bind_addr, sizeof(bind_addr)) != 0)
-            ret = -1;
-    }
+    sockfd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
+    bind_addr.sin_family = AF_INET;
+    bind_addr.sin_addr.s_addr = htonl(INADDR_ANY);
+    bind_addr.sin_port = htons(port);
+    if (bind(sockfd, (struct sockaddr *)&bind_addr, sizeof(bind_addr)) != 0)
+        ret = -1;
+
     if (ret == 0) {
         *fd = sockfd;
         printf("Server Listen\n");
@@ -507,6 +506,6 @@ int main()
 
     printf("Done\n");
 
-    return (ret == 0) ? 0 : 1;
+    return 0;
 }
 

examples/client/client.c

@@ -315,8 +315,8 @@ static void EarlyData(WOLFSSL_CTX* ctx, WOLFSSL* ssl, const char* msg,
     if (ret != msgSz) {
         printf("SSL_write_early_data msg error %d, %s\n", err,
                                          wolfSSL_ERR_error_string(err, buffer));
-        wolfSSL_free(ssl); ssl = NULL;
-        wolfSSL_CTX_free(ctx); ctx = NULL;
+        wolfSSL_free(ssl);
+        wolfSSL_CTX_free(ctx);
         err_sys("SSL_write_early_data failed");
     }
 }
@@ -1392,9 +1392,9 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
     unsigned char alpn_opt = 0;
     char*  cipherList = NULL;
     int    useDefCipherList = 0;
-    const char* verifyCert = caCertFile;
-    const char* ourCert    = cliCertFile;
-    const char* ourKey     = cliKeyFile;
+    const char* verifyCert;
+    const char* ourCert;
+    const char* ourKey;
 
     int   doSTARTTLS    = 0;
     char* starttlsProt = NULL;
@@ -1479,17 +1479,26 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
 
     ((func_args*)args)->return_code = -1; /* error state */
 
-#ifdef NO_RSA
+#ifndef NO_RSA
+    verifyCert = caCertFile;
+    ourCert    = cliCertFile;
+    ourKey     = cliKeyFile;
+#else
     #ifdef HAVE_ECC
-        verifyCert = (char*)caEccCertFile;
-        ourCert    = (char*)cliEccCertFile;
-        ourKey     = (char*)cliEccKeyFile;
+        verifyCert = caEccCertFile;
+        ourCert    = cliEccCertFile;
+        ourKey     = cliEccKeyFile;
     #elif defined(HAVE_ED25519)
-        verifyCert = (char*)caEdCertFile;
-        ourCert    = (char*)cliEdCertFile;
-        ourKey     = (char*)cliEdKeyFile;
+        verifyCert = caEdCertFile;
+        ourCert    = cliEdCertFile;
+        ourKey     = cliEdKeyFile;
+    #else
+        verifyCert = NULL;
+        ourCert    = NULL;
+        ourKey     = NULL;
     #endif
 #endif
+
     (void)resumeSz;
     (void)session;
     (void)flatSession;
@@ -1728,7 +1737,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
                         break;
                     }
                 }
-                if (throughput <= 0 || block <= 0) {
+                if (throughput == 0 || block <= 0) {
                     Usage();
                     XEXIT_T(MY_EX_USAGE);
                 }

examples/echoclient/echoclient.c

@@ -73,8 +73,10 @@ void echoclient_test(void* args)
     int doDTLS = 0;
     int doPSK = 0;
     int sendSz;
+#ifndef WOLFSSL_MDK_SHELL
     int argc    = 0;
     char** argv = 0;
+#endif
     word16 port = yasslPort;
     char buffer[CYASSL_MAX_ERROR_SZ];
 
@@ -83,7 +85,6 @@ void echoclient_test(void* args)
 #ifndef WOLFSSL_MDK_SHELL
     argc = ((func_args*)args)->argc;
     argv = ((func_args*)args)->argv;
-#endif
 
     if (argc >= 2) {
         fin  = fopen(argv[1], "r");
@@ -93,6 +94,7 @@ void echoclient_test(void* args)
         fout = fopen(argv[2], "w");
         outCreated = 1;
     }
+#endif
 
     if (!fin)  err_sys("can't open input file");
     if (!fout) err_sys("can't open output file");

examples/echoserver/echoserver.c

@@ -81,7 +81,7 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
 
     int    ret = 0;
     int    doDTLS = 0;
-    int    doPSK = 0;
+    int    doPSK;
     int    outCreated = 0;
     int    shutDown = 0;
     int    useAnyAddr = 0;
@@ -108,12 +108,11 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
     doDTLS  = 1;
 #endif
 
-#ifdef CYASSL_LEANPSK
-    doPSK = 1;
-#endif
-
-#if defined(NO_RSA) && !defined(HAVE_ECC) && !defined(HAVE_ED25519)
+#if (defined(NO_RSA) && !defined(HAVE_ECC) && !defined(HAVE_ED25519)) || \
+                                                         defined(CYASSL_LEANPSK)
     doPSK = 1;
+#else
+    doPSK = 0;
 #endif
 
 #if defined(NO_MAIN_DRIVER) && !defined(CYASSL_SNIFFER) && \

examples/server/server.c

@@ -936,9 +936,9 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
     char*  cipherList = NULL;
     int    useDefCipherList = 0;
     int    overrideDateErrors = 0;
-    const char* verifyCert = cliCertFile;
-    const char* ourCert    = svrCertFile;
-    const char* ourKey     = svrKeyFile;
+    const char* verifyCert;
+    const char* ourCert;
+    const char* ourKey;
     const char* ourDhParam = dhParamFile;
     tcp_ready*  readySignal = NULL;
     int    argc = ((func_args*)args)->argc;
@@ -1018,15 +1018,23 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
 
     ((func_args*)args)->return_code = -1; /* error state */
 
-#ifdef NO_RSA
+#ifndef NO_RSA
+    verifyCert = cliCertFile;
+    ourCert    = svrCertFile;
+    ourKey     = svrKeyFile;
+#else
     #ifdef HAVE_ECC
-        verifyCert = (char*)cliEccCertFile;
-        ourCert    = (char*)eccCertFile;
-        ourKey     = (char*)eccKeyFile;
+        verifyCert = cliEccCertFile;
+        ourCert    = eccCertFile;
+        ourKey     = eccKeyFile;
     #elif defined(HAVE_ED25519)
-        verifyCert = (char*)cliEdCertFile;
-        ourCert    = (char*)edCertFile;
-        ourKey     = (char*)edKeyFile;
+        verifyCert = cliEdCertFile;
+        ourCert    = edCertFile;
+        ourKey     = edKeyFile;
+    #else
+        verifyCert = NULL;
+        ourCert    = NULL;
+        ourKey     = NULL;
     #endif
 #endif
 
@@ -1314,7 +1322,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
                         break;
                     }
                 }
-                if (throughput <= 0 || block <= 0) {
+                if (throughput == 0 || block <= 0) {
                     Usage();
                     XEXIT_T(MY_EX_USAGE);
                 }

mcapi/mcapi_test.c

@@ -53,7 +53,7 @@
     #include <stdio.h>
     #include <stdlib.h>
     #include "PIC32MZ-serial.h"
-    #define  SYSTEMConfigPerformance /* void out SYSTEMConfigPerformance(); */
+    #define  SYSTEMConfigPerformance(n) /* void out SYSTEMConfigPerformance(); */
 #elif defined(MICROCHIP_PIC32)
     #define PIC32_STARTER_KIT
     #include <stdio.h>
@@ -1442,7 +1442,7 @@ static int check_ecc(void)
         return -1;
     }
 
-    if (usedA != usedB || usedA <= 0) {
+    if (usedA != usedB || usedA == 0) {
         printf("mcapi ecc make shared secret output size match failed\n");
         return -1;
     }
@@ -1461,7 +1461,7 @@ static int check_ecc(void)
     }
 
     sigSz = usedA;
-    if (sigSz <= 0) {
+    if (sigSz == 0) {
         printf("mcapi ecc sign hash bad sig size\n");
         return -1;
     }

mqx/wolfssl_client/Sources/main.c

@@ -147,7 +147,7 @@ void setup_clock(void)
 
     for (i = 0; i < sntp_max_tries; i++) {
 
-        printf("Getting time from NTP server [ attempt %d of %d ]...\n",
+        printf("Getting time from NTP server [ attempt %u of %u ]...\n",
                 i+1, sntp_max_tries);
 
         /* update time from NTP server */

src/bio.c

@@ -457,7 +457,7 @@ int wolfSSL_BIO_write(WOLFSSL_BIO* bio, const void* data, int len)
         }
 
         /* check for formatting */
-        if (bio && bio->type == WOLFSSL_BIO_BASE64) {
+        if (bio->type == WOLFSSL_BIO_BASE64) {
 #if defined(WOLFSSL_BASE64_ENCODE)
             word32 sz = 0;
 
@@ -527,7 +527,7 @@ int wolfSSL_BIO_write(WOLFSSL_BIO* bio, const void* data, int len)
     #ifndef WOLFCRYPT_ONLY
         if (bio && bio->type == WOLFSSL_BIO_SSL) {
             /* already got eof, again is error */
-            if (bio && front->eof) {
+            if (front->eof) {
                 ret = SSL_FATAL_ERROR;
             }
             else {

src/crl.c

@@ -201,8 +201,6 @@ static int CheckCertCRLList(WOLFSSL_CRL* crl, DecodedCert* cert, int *pFoundEntr
 
     while (crle) {
         if (XMEMCMP(crle->issuerHash, cert->issuerHash, CRL_DIGEST_SIZE) == 0) {
-            int doNextDate = 1;
-
             WOLFSSL_MSG("Found CRL Entry on list");
 
             if (crle->verified == 0) {
@@ -211,7 +209,7 @@ static int CheckCertCRLList(WOLFSSL_CRL* crl, DecodedCert* cert, int *pFoundEntr
                 byte extAuthKeyId[KEYID_SIZE];
             #endif
                 byte issuerHash[CRL_DIGEST_SIZE];
-                byte* tbs = NULL;
+                byte* tbs;
                 word32 tbsSz = crle->tbsSz;
                 byte* sig = NULL;
                 word32 sigSz = crle->signatureSz;
@@ -297,12 +295,10 @@ static int CheckCertCRLList(WOLFSSL_CRL* crl, DecodedCert* cert, int *pFoundEntr
 
             WOLFSSL_MSG("Checking next date validity");
 
-            #ifdef WOLFSSL_NO_CRL_NEXT_DATE
-                if (crle->nextDateFormat == ASN_OTHER_TYPE)
-                    doNextDate = 0;  /* skip */
-            #endif
-
-            if (doNextDate) {
+        #ifdef WOLFSSL_NO_CRL_NEXT_DATE
+            if (crle->nextDateFormat != ASN_OTHER_TYPE)
+        #endif
+            {
             #ifndef NO_ASN_TIME
                 if (!XVALIDATE_DATE(crle->nextDate,crle->nextDateFormat, AFTER)) {
                     WOLFSSL_MSG("CRL next date is no longer valid");

src/internal.c

@@ -259,7 +259,6 @@ static int QSH_FreeAll(WOLFSSL* ssl)
         /* free struct */
         XFREE(preKey, ssl->heap, DYNAMIC_TYPE_QSH);
     }
-    key = NULL;
 
 
     /* free all of peers QSH keys */
@@ -1793,7 +1792,8 @@ int InitSSL_Ctx(WOLFSSL_CTX* ctx, WOLFSSL_METHOD* method, void* heap)
 /* In case contexts are held in array and don't want to free actual ctx */
 void SSL_CtxResourceFree(WOLFSSL_CTX* ctx)
 {
-#if defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) && !defined(NO_WOLFSSL_SERVER)
+#if defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) && \
+                     defined(HAVE_TLS_EXTENSIONS) && !defined(NO_WOLFSSL_SERVER)
     int i;
 #endif
 
@@ -6372,7 +6372,7 @@ static WC_INLINE void WriteSEQ(WOLFSSL* ssl, int verifyOrder, byte* out)
  * extra space for the headers. */
 DtlsMsg* DtlsMsgNew(word32 sz, void* heap)
 {
-    DtlsMsg* msg = NULL;
+    DtlsMsg* msg;
 
     (void)heap;
     msg = (DtlsMsg*)XMALLOC(sizeof(DtlsMsg), heap, DYNAMIC_TYPE_DTLS_MSG);
@@ -9473,7 +9473,7 @@ int DoVerifyCallback(WOLFSSL_CERT_MANAGER* cm, WOLFSSL* ssl, int ret,
     #endif
         ))
     #ifndef NO_WOLFSSL_CM_VERIFY
-        || ((cm != NULL) && (cm->verifyCallback != NULL))
+        || (cm->verifyCallback != NULL)
     #endif
         ) {
         int verifyFail = 0;
@@ -15466,7 +15466,7 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
                 if (ssl->truncated_hmac &&
                                         ssl->specs.hash_size > args->digestSz) {
                 #ifdef WOLFSSL_SMALL_STACK
-                    byte* hmac = NULL;
+                    byte* hmac;
                 #else
                     byte  hmac[WC_MAX_DIGEST_SIZE];
                 #endif
@@ -16458,7 +16458,7 @@ int SendCertificateStatus(WOLFSSL* ssl)
                 buffer der;
                 word32 idx = 0;
             #ifdef WOLFSSL_SMALL_STACK
-                DecodedCert* cert = NULL;
+                DecodedCert* cert;
             #else
                 DecodedCert  cert[1];
             #endif
@@ -20787,7 +20787,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input,
                         {
                             if (IsAtLeastTLSv1_2(ssl)) {
                             #ifdef WOLFSSL_SMALL_STACK
-                                byte*  encodedSig = NULL;
+                                byte*  encodedSig;
                             #else
                                 byte   encodedSig[MAX_ENCODED_SIG_SZ];
                             #endif
@@ -22604,7 +22604,7 @@ int SendCertificateVerify(WOLFSSL* ssl)
                 }
             }
 
-            if (args->length <= 0) {
+            if (args->length == 0) {
                 ERROR_OUT(NO_PRIVATE_KEY, exit_scv);
             }
 
@@ -23964,7 +23964,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
                         #ifdef HAVE_PK_CALLBACKS
                             if (wolfSSL_CTX_IsPrivatePkSet(ssl->ctx)) {
                                 args->tmpSigSz = GetPrivateKeySigSize(ssl);
-                                if (args->tmpSigSz <= 0) {
+                                if (args->tmpSigSz == 0) {
                                     ERROR_OUT(NO_PRIVATE_KEY, exit_sske);
                                 }
                             }
@@ -24250,7 +24250,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
                                 }
                             }
 
-                            if (keySz <= 0) { /* test if keySz has error */
+                            if (keySz == 0) { /* test if keySz has error */
                                 ERROR_OUT(keySz, exit_sske);
                             }
 
@@ -26210,7 +26210,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
                     #endif
                         {
                         #ifdef WOLFSSL_SMALL_STACK
-                            byte* encodedSig = NULL;
+                            byte* encodedSig;
                         #else
                             byte  encodedSig[MAX_ENCODED_SIG_SZ];
                         #endif

src/ocsp.c

@@ -835,7 +835,7 @@ void wolfSSL_OCSP_REQUEST_free(OcspRequest* request)
 
 int wolfSSL_i2d_OCSP_REQUEST(OcspRequest* request, unsigned char** data)
 {
-    word32 size;
+    int size;
 
     size = EncodeOcspRequest(request, NULL, 0);
     if (size <= 0 || data == NULL)

src/ssl.c

@@ -648,7 +648,7 @@ WOLFSSL* wolfSSL_write_dup(WOLFSSL* ssl)
         if ( (ret = InitSSL(dup, ssl->ctx, 1)) < 0) {
             FreeSSL(dup, ssl->ctx->heap);
             dup = NULL;
-        } else if ( (ret = DupSSL(dup, ssl) < 0)) {
+        } else if ( (ret = DupSSL(dup, ssl)) < 0) {
             FreeSSL(dup, ssl->ctx->heap);
             dup = NULL;
         }
@@ -1342,55 +1342,55 @@ WC_RNG* wolfSSL_GetRNG(WOLFSSL* ssl)
 int wolfSSL_GetObjectSize(void)
 {
 #ifdef SHOW_SIZES
-    printf("sizeof suites           = %lu\n", sizeof(Suites));
-    printf("sizeof ciphers(2)       = %lu\n", sizeof(Ciphers));
+    printf("sizeof suites           = %lu\n", (unsigned long)sizeof(Suites));
+    printf("sizeof ciphers(2)       = %lu\n", (unsigned long)sizeof(Ciphers));
 #ifndef NO_RC4
-    printf("\tsizeof arc4         = %lu\n", sizeof(Arc4));
+    printf("\tsizeof arc4         = %lu\n", (unsigned long)sizeof(Arc4));
 #endif
-    printf("\tsizeof aes          = %lu\n", sizeof(Aes));
+    printf("\tsizeof aes          = %lu\n", (unsigned long)sizeof(Aes));
 #ifndef NO_DES3
-    printf("\tsizeof des3         = %lu\n", sizeof(Des3));
+    printf("\tsizeof des3         = %lu\n", (unsigned long)sizeof(Des3));
 #endif
 #ifndef NO_RABBIT
-    printf("\tsizeof rabbit       = %lu\n", sizeof(Rabbit));
+    printf("\tsizeof rabbit       = %lu\n", (unsigned long)sizeof(Rabbit));
 #endif
 #ifdef HAVE_CHACHA
-    printf("\tsizeof chacha       = %lu\n", sizeof(ChaCha));
+    printf("\tsizeof chacha       = %lu\n", (unsigned long)sizeof(ChaCha));
 #endif
-    printf("sizeof cipher specs     = %lu\n", sizeof(CipherSpecs));
-    printf("sizeof keys             = %lu\n", sizeof(Keys));
-    printf("sizeof Hashes(2)        = %lu\n", sizeof(Hashes));
+    printf("sizeof cipher specs     = %lu\n", (unsigned long)sizeof(CipherSpecs));
+    printf("sizeof keys             = %lu\n", (unsigned long)sizeof(Keys));
+    printf("sizeof Hashes(2)        = %lu\n", (unsigned long)sizeof(Hashes));
 #ifndef NO_MD5
-    printf("\tsizeof MD5          = %lu\n", sizeof(wc_Md5));
+    printf("\tsizeof MD5          = %lu\n", (unsigned long)sizeof(wc_Md5));
 #endif
 #ifndef NO_SHA
-    printf("\tsizeof SHA          = %lu\n", sizeof(wc_Sha));
+    printf("\tsizeof SHA          = %lu\n", (unsigned long)sizeof(wc_Sha));
 #endif
 #ifdef WOLFSSL_SHA224
-    printf("\tsizeof SHA224       = %lu\n", sizeof(wc_Sha224));
+    printf("\tsizeof SHA224       = %lu\n", (unsigned long)sizeof(wc_Sha224));
 #endif
 #ifndef NO_SHA256
-    printf("\tsizeof SHA256       = %lu\n", sizeof(wc_Sha256));
+    printf("\tsizeof SHA256       = %lu\n", (unsigned long)sizeof(wc_Sha256));
 #endif
 #ifdef WOLFSSL_SHA384
-    printf("\tsizeof SHA384       = %lu\n", sizeof(wc_Sha384));
+    printf("\tsizeof SHA384       = %lu\n", (unsigned long)sizeof(wc_Sha384));
 #endif
 #ifdef WOLFSSL_SHA384
-    printf("\tsizeof SHA512       = %lu\n", sizeof(wc_Sha512));
+    printf("\tsizeof SHA512       = %lu\n", (unsigned long)sizeof(wc_Sha512));
 #endif
-    printf("sizeof Buffers          = %lu\n", sizeof(Buffers));
-    printf("sizeof Options          = %lu\n", sizeof(Options));
-    printf("sizeof Arrays           = %lu\n", sizeof(Arrays));
+    printf("sizeof Buffers          = %lu\n", (unsigned long)sizeof(Buffers));
+    printf("sizeof Options          = %lu\n", (unsigned long)sizeof(Options));
+    printf("sizeof Arrays           = %lu\n", (unsigned long)sizeof(Arrays));
 #ifndef NO_RSA
-    printf("sizeof RsaKey           = %lu\n", sizeof(RsaKey));
+    printf("sizeof RsaKey           = %lu\n", (unsigned long)sizeof(RsaKey));
 #endif
 #ifdef HAVE_ECC
-    printf("sizeof ecc_key          = %lu\n", sizeof(ecc_key));
+    printf("sizeof ecc_key          = %lu\n", (unsigned long)sizeof(ecc_key));
 #endif
-    printf("sizeof WOLFSSL_CIPHER    = %lu\n", sizeof(WOLFSSL_CIPHER));
-    printf("sizeof WOLFSSL_SESSION   = %lu\n", sizeof(WOLFSSL_SESSION));
-    printf("sizeof WOLFSSL           = %lu\n", sizeof(WOLFSSL));
-    printf("sizeof WOLFSSL_CTX       = %lu\n", sizeof(WOLFSSL_CTX));
+    printf("sizeof WOLFSSL_CIPHER    = %lu\n", (unsigned long)sizeof(WOLFSSL_CIPHER));
+    printf("sizeof WOLFSSL_SESSION   = %lu\n", (unsigned long)sizeof(WOLFSSL_SESSION));
+    printf("sizeof WOLFSSL           = %lu\n", (unsigned long)sizeof(WOLFSSL));
+    printf("sizeof WOLFSSL_CTX       = %lu\n", (unsigned long)sizeof(WOLFSSL_CTX));
 #endif
 
     return sizeof(WOLFSSL);
@@ -1676,15 +1676,19 @@ int wolfSSL_SetTmpDH(WOLFSSL* ssl, const unsigned char* p, int pSz,
     ssl->options.haveDH = 1;
 
     if (ssl->options.side != WOLFSSL_NEITHER_END) {
-        word16 havePSK = 0;
-        word16 haveRSA = 1;
+        word16 havePSK;
+        word16 haveRSA;
         int    keySz   = 0;
 
     #ifndef NO_PSK
         havePSK = ssl->options.havePSK;
+    #else
+        havePSK = 0;
     #endif
     #ifdef NO_RSA
         haveRSA = 0;
+    #else
+        haveRSA = 1;
     #endif
     #ifndef NO_CERTS
         keySz = ssl->buffers.keySz;
@@ -2450,7 +2454,7 @@ int wolfSSL_UseALPN(WOLFSSL* ssl, char *protocol_name_list,
 
     /* read all protocol name from the list */
     token[idx] = XSTRTOK(list, ",", &ptr);
-    while (token[idx] != NULL && idx < WOLFSSL_MAX_ALPN_NUMBER)
+    while (idx < WOLFSSL_MAX_ALPN_NUMBER && token[idx] != NULL)
         token[++idx] = XSTRTOK(NULL, ",", &ptr);
 
     /* add protocol name list in the TLS extension in reverse order */
@@ -3425,7 +3429,7 @@ WOLFSSL_CERT_MANAGER* wolfSSL_CTX_GetCertManager(WOLFSSL_CTX* ctx)
 
 WOLFSSL_CERT_MANAGER* wolfSSL_CertManagerNew_ex(void* heap)
 {
-    WOLFSSL_CERT_MANAGER* cm = NULL;
+    WOLFSSL_CERT_MANAGER* cm;
 
     WOLFSSL_ENTER("wolfSSL_CertManagerNew");
 
@@ -4629,7 +4633,7 @@ int AddTrustedPeer(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int verify)
 {
     int ret, row;
     TrustedPeerCert* peerCert;
-    DecodedCert* cert = NULL;
+    DecodedCert* cert;
     DerBuffer*   der = *pDer;
     byte* subjectHash = NULL;
 
@@ -4925,10 +4929,10 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify)
     if ( ret == 0 && signer != NULL ) {
         signer->cm_idx = row;
         if (type == WOLFSSL_USER_CA && tsip_rootCAverified() == 0 ) {
-            if (ret = tsip_tls_RootCertVerify(cert->source, cert->maxIdx,
-                cert->sigCtx.pubkey_n_start, cert->sigCtx.pubkey_n_len - 1,
-                cert->sigCtx.pubkey_e_start, cert->sigCtx.pubkey_e_len - 1,
-                row/* cm index */)
+            if ((ret = tsip_tls_RootCertVerify(cert->source, cert->maxIdx,
+                 cert->sigCtx.pubkey_n_start, cert->sigCtx.pubkey_n_len - 1,
+                 cert->sigCtx.pubkey_e_start, cert->sigCtx.pubkey_e_len - 1,
+                 row/* cm index */))
                 != 0)
                 WOLFSSL_MSG("tsip_tls_RootCertVerify() failed");
             else
@@ -5240,15 +5244,15 @@ static int ProcessBufferTryDecode(WOLFSSL_CTX* ctx, WOLFSSL* ssl, DerBuffer* der
     (void)devId;
 
     if (ctx == NULL && ssl == NULL)
-        return BAD_FUNC_ARG;
+        ret = BAD_FUNC_ARG;
     if (!der || !keySz || !idx || !resetSuites || !keyFormat)
-        return BAD_FUNC_ARG;
+        ret = BAD_FUNC_ARG;
 
 #ifndef NO_RSA
     if (ret == 0 && (*keyFormat == 0 || *keyFormat == RSAk)) {
         /* make sure RSA key can be used */
     #ifdef WOLFSSL_SMALL_STACK
-        RsaKey* key = NULL;
+        RsaKey* key;
     #else
         RsaKey  key[1];
     #endif
@@ -5283,7 +5287,7 @@ static int ProcessBufferTryDecode(WOLFSSL_CTX* ctx, WOLFSSL* ssl, DerBuffer* der
                     ssl->buffers.keyType = rsa_sa_algo;
                     ssl->buffers.keySz = *keySz;
                 }
-                else if(ctx) {
+                else {
                     ctx->privateKeyType = rsa_sa_algo;
                     ctx->privateKeySz = *keySz;
                 }
@@ -5308,7 +5312,7 @@ static int ProcessBufferTryDecode(WOLFSSL_CTX* ctx, WOLFSSL* ssl, DerBuffer* der
     if (ret == 0 && (*keyFormat == 0 || *keyFormat == ECDSAk)) {
         /* make sure ECC key can be used */
     #ifdef WOLFSSL_SMALL_STACK
-        ecc_key* key = NULL;
+        ecc_key* key;
     #else
         ecc_key  key[1];
     #endif
@@ -5338,7 +5342,7 @@ static int ProcessBufferTryDecode(WOLFSSL_CTX* ctx, WOLFSSL* ssl, DerBuffer* der
                     ssl->buffers.keyType = ecc_dsa_sa_algo;
                     ssl->buffers.keySz = *keySz;
                 }
-                else if (ctx) {
+                else {
                     ctx->haveStaticECC = 1;
                     ctx->privateKeyType = ecc_dsa_sa_algo;
                     ctx->privateKeySz = *keySz;
@@ -5361,7 +5365,7 @@ static int ProcessBufferTryDecode(WOLFSSL_CTX* ctx, WOLFSSL* ssl, DerBuffer* der
     if (ret == 0 && (*keyFormat == 0 || *keyFormat == ED25519k)) {
         /* make sure Ed25519 key can be used */
     #ifdef WOLFSSL_SMALL_STACK
-        ed25519_key* key = NULL;
+        ed25519_key* key;
     #else
         ed25519_key  key[1];
     #endif
@@ -5698,7 +5702,7 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
     }
     else if (type == CERT_TYPE) {
     #ifdef WOLFSSL_SMALL_STACK
-        DecodedCert* cert = NULL;
+        DecodedCert* cert;
     #else
         DecodedCert  cert[1];
     #endif
@@ -6218,7 +6222,7 @@ int CM_VerifyBuffer_ex(WOLFSSL_CERT_MANAGER* cm, const byte* buff,
     int ret = 0;
     DerBuffer* der = NULL;
 #ifdef WOLFSSL_SMALL_STACK
-    DecodedCert* cert = NULL;
+    DecodedCert* cert;
 #else
     DecodedCert  cert[1];
 #endif
@@ -6270,7 +6274,7 @@ int CM_VerifyBuffer_ex(WOLFSSL_CERT_MANAGER* cm, const byte* buff,
     if (cm->verifyCallback) {
         buffer certBuf;
     #ifdef WOLFSSL_SMALL_STACK
-        ProcPeerCertArgs* args = NULL;
+        ProcPeerCertArgs* args;
         args = (ProcPeerCertArgs*)XMALLOC(
             sizeof(ProcPeerCertArgs), cm->heap, DYNAMIC_TYPE_TMP_BUFFER);
         if (args == NULL) {
@@ -6798,7 +6802,7 @@ int wolfSSL_CTX_load_verify_locations_ex(WOLFSSL_CTX* ctx, const char* file,
 #ifndef NO_WOLFSSL_DIR
         char* name = NULL;
     #ifdef WOLFSSL_SMALL_STACK
-        ReadDirCtx* readCtx = NULL;
+        ReadDirCtx* readCtx;
         readCtx = (ReadDirCtx*)XMALLOC(sizeof(ReadDirCtx), ctx->heap,
                                                        DYNAMIC_TYPE_DIRCTX);
         if (readCtx == NULL)
@@ -8640,8 +8644,7 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc)
                 /* Set object size and reallocate space in object buffer */
                 ext->obj->objSz = objSz;
                 if(((ext->obj->dynamic & WOLFSSL_ASN1_DYNAMIC_DATA) != 0) ||
-                  (((ext->obj->dynamic & WOLFSSL_ASN1_DYNAMIC_DATA) == 0) &&
-                    (ext->obj->obj == NULL))) {
+                   (ext->obj->obj == NULL)) {
                         ext->obj->obj =(byte*)XREALLOC((byte*)ext->obj->obj,
                                              ext->obj->objSz,
                                              NULL,DYNAMIC_TYPE_ASN1);
@@ -9308,7 +9311,7 @@ int wolfSSL_ASN1_BIT_STRING_get_bit(const WOLFSSL_ASN1_BIT_STRING* str, int i)
         return WOLFSSL_FAILURE;
     }
 
-    return str->data[i/8] & (1<<(7-(i%8))) ? 1 : 0;
+    return (str->data[i/8] & (1<<(7-(i%8)))) ? 1 : 0;
 }
 
 /* Looks for the extension matching the passed in nid
@@ -11601,16 +11604,17 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
     }
     WOLFSSL_METHOD* wolfSSLv23_method_ex(void* heap)
     {
-        WOLFSSL_METHOD* m = NULL;
+        WOLFSSL_METHOD* m;
         WOLFSSL_ENTER("SSLv23_method");
     #if !defined(NO_WOLFSSL_CLIENT)
         m = wolfSSLv23_client_method_ex(heap);
+        m->side = WOLFSSL_NEITHER_END;
     #elif !defined(NO_WOLFSSL_SERVER)
         m = wolfSSLv23_server_method_ex(heap);
+        m->side = WOLFSSL_NEITHER_END;
+    #else
+        m = NULL;
     #endif
-        if (m != NULL) {
-            m->side = WOLFSSL_NEITHER_END;
-        }
 
         return m;
     }
@@ -13053,7 +13057,7 @@ int AddSession(WOLFSSL* ssl)
 
 #ifdef SESSION_CERTS
     if (error == 0) {
-        if (!overwrite || (overwrite && ssl->session.chain.count > 0)) {
+        if (!overwrite || ssl->session.chain.count > 0) {
             /*
              * If we are overwriting and no certs present in ssl->session.chain
              * then keep the old chain.
@@ -14231,7 +14235,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
         (void)sz;
         WOLFSSL_MSG("session cache is set at compile time");
         #ifndef NO_SESSION_CACHE
-            return SESSIONS_PER_ROW * SESSION_ROWS;
+            return (long)(SESSIONS_PER_ROW * SESSION_ROWS);
         #else
             return 0;
         #endif
@@ -15254,7 +15258,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
         int ret;
         int hashType = WC_HASH_TYPE_NONE;
     #ifdef WOLFSSL_SMALL_STACK
-        EncryptedInfo* info = NULL;
+        EncryptedInfo* info;
     #else
         EncryptedInfo  info[1];
     #endif
@@ -15389,7 +15393,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
         do {
         ret = wc_PeekErrorNode(0, &file, &reason, &line);
         if (ret >= 0) {
-            const char* r = wolfSSL_ERR_reason_error_string(ret - ret - ret);
+            const char* r = wolfSSL_ERR_reason_error_string(0 - ret);
             XSNPRINTF(buf, sizeof(buf), "error:%d:wolfSSL library:%s:%s:%d\n",
                     ret, r, file, line);
             wolfSSL_BIO_write(bio, buf, (int)XSTRLEN(buf));
@@ -18156,7 +18160,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md)
     {
         (void)ctx;
         #ifndef NO_SESSION_CACHE
-            return SESSIONS_PER_ROW * SESSION_ROWS;
+            return (long)(SESSIONS_PER_ROW * SESSION_ROWS);
         #else
             return 0;
         #endif
@@ -18328,7 +18332,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md)
     {
         int          ret;
     #ifdef WOLFSSL_SMALL_STACK
-        DecodedCert* cert = NULL;
+        DecodedCert* cert;
     #else
         DecodedCert  cert[1];
     #endif
@@ -18679,7 +18683,7 @@ WOLFSSL_X509* wolfSSL_X509_d2i(WOLFSSL_X509** x509, const byte* in, int len)
 
     if (in != NULL && len != 0) {
     #ifdef WOLFSSL_SMALL_STACK
-        DecodedCert* cert = NULL;
+        DecodedCert* cert;
     #else
         DecodedCert  cert[1];
     #endif
@@ -19608,7 +19612,7 @@ WOLFSSL_STACK* wolfSSL_sk_get_node(WOLFSSL_STACK* sk, int idx)
 {
     int i;
     WOLFSSL_STACK* ret = NULL;
-    WOLFSSL_STACK* current = NULL;
+    WOLFSSL_STACK* current;
 
     current = sk;
     for (i = 0; i <= idx && current != NULL; i++) {
@@ -20172,7 +20176,7 @@ WOLFSSL_X509* wolfSSL_X509_load_certificate_buffer(
     /* ready to be decoded. */
     if (der != NULL && der->buffer != NULL) {
     #ifdef WOLFSSL_SMALL_STACK
-        DecodedCert* cert = NULL;
+        DecodedCert* cert;
     #else
         DecodedCert  cert[1];
     #endif
@@ -20308,7 +20312,7 @@ WOLFSSL_ASN1_OBJECT* wolfSSL_ASN1_OBJECT_new(void)
 /* Creates and returns a new WOLFSSL_CIPHER stack. */
 WOLFSSL_STACK* wolfSSL_sk_new_asn1_obj(void)
 {
-    WOLFSSL_STACK* sk = NULL;
+    WOLFSSL_STACK* sk;
     WOLFSSL_ENTER("wolfSSL_sk_new_asn1_obj");
 
     sk = wolfSSL_sk_new_null();
@@ -21996,10 +22000,12 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b)
             return WOLFSSL_FAILURE;
         }
         {
+        #if (!defined(NO_RSA) && !defined(HAVE_USER_RSA)) || defined(HAVE_ECC)
             char tmp[100];
+        #endif
 
             switch (x509->pubKeyOID) {
-                #ifndef NO_RSA
+            #ifndef NO_RSA
                 case RSAk:
                     if (wolfSSL_BIO_write(bio,
                                 "            Public Key Algorithm: rsaEncryption\n",
@@ -22139,9 +22145,9 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b)
                     }
                 #endif /* HAVE_USER_RSA */
                     break;
-                #endif /* NO_RSA */
+            #endif /* NO_RSA */
 
-                #ifdef HAVE_ECC
+            #ifdef HAVE_ECC
                 case ECDSAk:
                     {
                         word32 i;
@@ -22242,7 +22248,7 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b)
                         wc_ecc_free(&ecc);
                     }
                     break;
-                #endif /* HAVE_ECC */
+            #endif /* HAVE_ECC */
                 default:
                     WOLFSSL_MSG("Unknown key type");
                     return WOLFSSL_FAILURE;
@@ -24837,14 +24843,16 @@ int wolfSSL_X509_cmp_time(const WOLFSSL_ASN1_TIME* asnTime, time_t* cmpTime)
     int ret = WOLFSSL_FAILURE, i = 0;
     time_t tmpTime, *pTime = &tmpTime;
     byte data_ptr[MAX_TIME_STRING_SZ], inv = 0;
-    struct tm ts, *tmpTs = NULL, *ct;
+    struct tm ts, *tmpTs, *ct;
 #if defined(NEED_TMP_TIME)
     /* for use with gmtime_r */
     struct tm tmpTimeStorage;
+
     tmpTs = &tmpTimeStorage;
 #else
-    (void)tmpTs;
+    tmpTs = NULL;
 #endif
+    (void)tmpTs;
 
     if (asnTime == NULL) {
         return WOLFSSL_FAILURE;
@@ -25196,16 +25204,17 @@ WOLFSSL_ASN1_TIME* wolfSSL_ASN1_TIME_adj(WOLFSSL_ASN1_TIME *s, time_t t,
 {
     const time_t sec_per_day = 24*60*60;
     struct tm* ts = NULL;
-    struct tm* tmpTime = NULL;
+    struct tm* tmpTime;
     time_t t_adj = 0;
     time_t offset_day_sec = 0;
-
 #if defined(NEED_TMP_TIME)
     struct tm tmpTimeStorage;
+
     tmpTime = &tmpTimeStorage;
 #else
-    (void)tmpTime;
+    tmpTime = NULL;
 #endif
+    (void)tmpTime;
 
     WOLFSSL_ENTER("wolfSSL_ASN1_TIME_adj");
 
@@ -28682,7 +28691,7 @@ int wolfSSL_cmp_peer_cert_to_file(WOLFSSL* ssl, const char *fname)
     #endif
         byte*          myBuffer  = staticBuffer;
         int            dynamic   = 0;
-        XFILE          file      = XBADFILE;
+        XFILE          file;
         long           sz        = 0;
         WOLFSSL_CTX*   ctx       = ssl->ctx;
         WOLFSSL_X509*  peer_cert = &ssl->peerCert;
@@ -29096,7 +29105,7 @@ int wolfSSL_RAND_bytes(unsigned char* buf, int num)
     int     initTmpRng = 0;
     WC_RNG* rng = NULL;
 #ifdef WOLFSSL_SMALL_STACK
-    WC_RNG* tmpRNG = NULL;
+    WC_RNG* tmpRNG;
 #else
     WC_RNG  tmpRNG[1];
 #endif
@@ -29837,7 +29846,7 @@ int wolfSSL_DH_generate_key(WOLFSSL_DH* dh)
     int            initTmpRng = 0;
     WC_RNG*        rng    = NULL;
 #ifdef WOLFSSL_SMALL_STACK
-    WC_RNG*        tmpRNG = NULL;
+    WC_RNG*        tmpRNG;
 #else
     WC_RNG         tmpRNG[1];
 #endif
@@ -29848,7 +29857,6 @@ int wolfSSL_DH_generate_key(WOLFSSL_DH* dh)
 
 #ifdef WOLFSSL_SMALL_STACK
     tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_RNG);
-
     if (tmpRNG == NULL) {
         XFREE(tmpRNG, NULL, DYNAMIC_TYPE_RNG);
         return ret;
@@ -29930,10 +29938,10 @@ int wolfSSL_DH_compute_key(unsigned char* key, WOLFSSL_BIGNUM* otherPub,
 {
     int            ret    = WOLFSSL_FATAL_ERROR;
     word32         keySz  = 0;
-    word32         pubSz  = 1024;
-    word32         privSz = 1024;
+    int            pubSz  = 1024;
+    int            privSz = 1024;
 #ifdef WOLFSSL_SMALL_STACK
-    unsigned char* pub    = NULL;
+    unsigned char* pub;
     unsigned char* priv   = NULL;
 #else
     unsigned char  pub [1024];
@@ -30108,7 +30116,6 @@ void wolfSSL_DSA_free(WOLFSSL_DSA* dsa)
         InitwolfSSL_DSA(dsa);  /* set back to NULLs for safety */
 
         XFREE(dsa, NULL, DYNAMIC_TYPE_DSA);
-        dsa = NULL;
     }
 }
 
@@ -30301,7 +30308,7 @@ int wolfSSL_RSA_generate_key_ex(WOLFSSL_RSA* rsa, int bits, WOLFSSL_BIGNUM* bn,
 #ifdef WOLFSSL_KEY_GEN
     {
     #ifdef WOLFSSL_SMALL_STACK
-        WC_RNG* rng = NULL;
+        WC_RNG* rng;
     #else
         WC_RNG  rng[1];
     #endif
@@ -30365,7 +30372,7 @@ int wolfSSL_DSA_generate_key(WOLFSSL_DSA* dsa)
         int initTmpRng = 0;
         WC_RNG *rng = NULL;
 #ifdef WOLFSSL_SMALL_STACK
-        WC_RNG *tmpRNG = NULL;
+        WC_RNG *tmpRNG;
 #else
         WC_RNG tmpRNG[1];
 #endif
@@ -30466,7 +30473,7 @@ int wolfSSL_DSA_generate_parameters_ex(WOLFSSL_DSA* dsa, int bits,
         int initTmpRng = 0;
         WC_RNG *rng = NULL;
 #ifdef WOLFSSL_SMALL_STACK
-        WC_RNG *tmpRNG = NULL;
+        WC_RNG *tmpRNG;
 #else
         WC_RNG tmpRNG[1];
 #endif
@@ -30933,10 +30940,12 @@ int wolfSSL_HMAC_Init_ex(WOLFSSL_HMAC_CTX* ctx, const void* key,
  * returns WOLFSSL_SUCCESS on success */
 int wolfSSL_HmacCopy(Hmac* des, Hmac* src)
 {
-    void* heap = NULL;
+    void* heap;
 
 #ifndef HAVE_FIPS
     heap = src->heap;
+#else
+    heap = NULL;
 #endif
     if (wc_HmacInit(des, heap, 0) != 0) {
         return WOLFSSL_FAILURE;
@@ -33237,7 +33246,6 @@ void wolfSSL_EC_KEY_free(WOLFSSL_EC_KEY *key)
         InitwolfSSL_ECKey(key); /* set back to NULLs for safety */
 
         XFREE(key, NULL, DYNAMIC_TYPE_ECC);
-        key = NULL;
     }
 }
 #endif /* HAVE_ECC && (OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL) */
@@ -33522,7 +33530,6 @@ void wolfSSL_EC_GROUP_free(WOLFSSL_EC_GROUP *group)
     WOLFSSL_ENTER("wolfSSL_EC_GROUP_free");
 
     XFREE(group, NULL, DYNAMIC_TYPE_ECC);
-    group = NULL;
 }
 #endif
 
@@ -34039,7 +34046,6 @@ void wolfSSL_EC_POINT_free(WOLFSSL_EC_POINT *p)
         p->inSet = p->exSet = 0;
 
         XFREE(p, NULL, DYNAMIC_TYPE_ECC);
-        p = NULL;
     }
 }
 #endif
@@ -35434,7 +35440,7 @@ WOLFSSL_DSA *wolfSSL_PEM_read_bio_DSA_PUBKEY(WOLFSSL_BIO* bio,WOLFSSL_DSA** dsa,
 WOLFSSL_EC_GROUP* wolfSSL_PEM_read_bio_ECPKParameters(WOLFSSL_BIO* bio,
         WOLFSSL_EC_GROUP** group, pem_password_cb* cb, void* pass)
 {
-    WOLFSSL_EVP_PKEY* pkey = NULL;
+    WOLFSSL_EVP_PKEY* pkey;
     WOLFSSL_EC_GROUP* ret = NULL;
 
     /* check on if bio is null is done in wolfSSL_PEM_read_bio_PrivateKey */
@@ -38317,7 +38323,7 @@ err:
 
     WOLFSSL_X509_NAME_ENTRY* wolfSSL_X509_NAME_ENTRY_new(void)
     {
-        WOLFSSL_X509_NAME_ENTRY* ne = NULL;
+        WOLFSSL_X509_NAME_ENTRY* ne;
 
         ne = (WOLFSSL_X509_NAME_ENTRY*)XMALLOC(sizeof(WOLFSSL_X509_NAME_ENTRY),
                 NULL, DYNAMIC_TYPE_NAME_ENTRY);
@@ -38334,7 +38340,7 @@ err:
             WOLFSSL_X509_NAME_ENTRY** out, int nid, int type,
             const unsigned char* data, int dataSz)
     {
-        WOLFSSL_X509_NAME_ENTRY* ne = NULL;
+        WOLFSSL_X509_NAME_ENTRY* ne;
 
         WOLFSSL_ENTER("wolfSSL_X509_NAME_ENTRY_create_by_NID()");
 
@@ -39068,8 +39074,7 @@ err:
         objSz     += oidSz;
         obj->objSz = objSz;
         if(((obj->dynamic & WOLFSSL_ASN1_DYNAMIC_DATA) != 0) ||
-          (((obj->dynamic & WOLFSSL_ASN1_DYNAMIC_DATA) == 0) &&
-                                                          (obj->obj == NULL))) {
+                                                           (obj->obj == NULL)) {
             obj->obj = (byte*)XREALLOC((byte*)obj->obj, obj->objSz, NULL,
                                                              DYNAMIC_TYPE_ASN1);
             if (obj->obj == NULL) {
@@ -41680,7 +41685,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey_bio(WOLFSSL_BIO* bio,
                                                        DYNAMIC_TYPE_TMP_BUFFER);
         }
 
-        if (out != NULL && key != NULL) {
+        if (out != NULL) {
             *out = key;
         }
     }
@@ -43409,14 +43414,13 @@ int wolfSSL_AsyncPoll(WOLFSSL* ssl, WOLF_EVENT_FLAG flags)
     }
 
     ret = wolfAsync_EventQueuePoll(&ssl->ctx->event_queue, ssl,
-        events, sizeof(events)/sizeof(events), flags, &eventCount);
+        events, sizeof(events)/sizeof(*events), flags, &eventCount);
     if (ret == 0) {
         ret = eventCount;
     }
 
     return ret;
 }
-
 #endif /* WOLFSSL_ASYNC_CRYPT */
 
 #ifdef OPENSSL_EXTRA
@@ -45956,7 +45960,7 @@ int wolfSSL_BN_hex2bn(WOLFSSL_BIGNUM** bn, const char* str)
     int     ret     = 0;
     word32  decSz   = 1024;
 #ifdef WOLFSSL_SMALL_STACK
-    byte*   decoded = NULL;
+    byte*   decoded;
 #else
     byte    decoded[1024];
 #endif
@@ -46536,7 +46540,7 @@ const char *wolfSSL_ASN1_tag2str(int tag)
 
 static int check_esc_char(char c, char *esc)
 {
-    char *ptr = NULL;
+    char *ptr;
 
     ptr = esc;
     while(*ptr != 0){
@@ -46631,7 +46635,7 @@ int wolfSSL_ASN1_STRING_print_ex(WOLFSSL_BIO *out, WOLFSSL_ASN1_STRING *str,
 
     if (flags & ASN1_STRFLGS_ESC_2253){
         char esc_ch[] = "+;<>\\";
-        char* esc_ptr = NULL;
+        char* esc_ptr;
 
         esc_ptr = str->data;
         while (*esc_ptr != 0){
@@ -47108,7 +47112,6 @@ void wolfSSL_BN_free(WOLFSSL_BIGNUM* bn)
             bn->internal = NULL;
         }
         XFREE(bn, NULL, DYNAMIC_TYPE_BIGINT);
-        bn = NULL;
     }
 }
 
@@ -47182,7 +47185,6 @@ void wolfSSL_RSA_free(WOLFSSL_RSA* rsa)
         InitwolfSSL_Rsa(rsa);  /* set back to NULLs for safety */
 
         XFREE(rsa, NULL, DYNAMIC_TYPE_RSA);
-        rsa = NULL;
     }
 }
 
@@ -47218,7 +47220,7 @@ WOLFSSL_RSA* wolfSSL_RSA_new(void)
 #if !defined(HAVE_FIPS) && !defined(HAVE_USER_RSA) && \
     !defined(HAVE_FAST_RSA) && defined(WC_RSA_BLINDING)
     {
-        WC_RNG* rng = NULL;
+        WC_RNG* rng;
 
         rng = (WC_RNG*) XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_RNG);
         if (rng != NULL && wc_InitRng(rng) != 0) {

src/tls.c

@@ -4811,7 +4811,7 @@ static int TLSX_SecureRenegotiation_Parse(WOLFSSL* ssl, byte* input,
 int TLSX_UseSecureRenegotiation(TLSX** extensions, void* heap)
 {
     int ret = 0;
-    SecureRenegotiation* data = NULL;
+    SecureRenegotiation* data;
 
     data = (SecureRenegotiation*)XMALLOC(sizeof(SecureRenegotiation), heap,
                                                              DYNAMIC_TYPE_TLSX);
@@ -5566,7 +5566,7 @@ static int TLSX_HaveQSHScheme(word16 name)
 int TLSX_UseQSHScheme(TLSX** extensions, word16 name, byte* pKey, word16 pkeySz,
                                                                      void* heap)
 {
-    TLSX*      extension = TLSX_Find(*extensions, TLSX_QUANTUM_SAFE_HYBRID);
+    TLSX*      extension = NULL;
     QSHScheme* format    = NULL;
     int        ret       = 0;
 
@@ -5579,6 +5579,7 @@ int TLSX_UseQSHScheme(TLSX** extensions, word16 name, byte* pKey, word16 pkeySz,
         if ((ret = TLSX_QSH_Append(&format, name, pKey, pkeySz)) != 0)
             return ret;
 
+        extension = TLSX_Find(*extensions, TLSX_QUANTUM_SAFE_HYBRID);
         if (!extension) {
             if ((ret = TLSX_Push(extensions, TLSX_QUANTUM_SAFE_HYBRID, format,
                                                                   heap)) != 0) {

src/wolfio.c

@@ -1135,7 +1135,7 @@ int wolfIO_HttpProcessResponse(int sfd, const char** appStrList,
                         int i;
 
                         start += 13;
-                        while (*start == ' ' && *start != '\0') start++;
+                        while (*start == ' ') start++;
 
                         /* try and match against appStrList */
                         i = 0;
@@ -1154,13 +1154,13 @@ int wolfIO_HttpProcessResponse(int sfd, const char** appStrList,
                     }
                     else if (XSTRNCASECMP(start, "Content-Length:", 15) == 0) {
                         start += 15;
-                        while (*start == ' ' && *start != '\0') start++;
+                        while (*start == ' ') start++;
                         chunkSz = XATOI(start);
                         state = (state == phr_http_start) ? phr_have_length : phr_wait_end;
                     }
                     else if (XSTRNCASECMP(start, "Transfer-Encoding:", 18) == 0) {
                         start += 18;
-                        while (*start == ' ' && *start != '\0') start++;
+                        while (*start == ' ') start++;
                         if (XSTRNCASECMP(start, "chunked", 7) == 0) {
                             isChunked = 1;
                             state = (state == phr_http_start) ? phr_have_length : phr_wait_end;
@@ -2012,7 +2012,7 @@ void mynewt_ctx_clear(void *ctx) {
 /* return Mynewt_Ctx instance */
 void* mynewt_ctx_new() {
     int rc = 0;
-    Mynewt_Ctx *mynewt_ctx = NULL;
+    Mynewt_Ctx *mynewt_ctx;
     int mem_buf_count = MYNEWT_VAL(WOLFSSL_MNSOCK_MEM_BUF_COUNT);
     int mem_buf_size = MYNEWT_VAL(WOLFSSL_MNSOCK_MEM_BUF_SIZE);
     int mempool_bytes = OS_MEMPOOL_BYTES(mem_buf_count, mem_buf_size);
@@ -2149,7 +2149,7 @@ int Mynewt_Send(WOLFSSL* ssl, char *buf, int sz, void *ctx)
 {
     Mynewt_Ctx *mynewt_ctx = (Mynewt_Ctx*)ctx;
     int rc = 0;
-    struct os_mbuf *m = NULL;
+    struct os_mbuf *m;
     int write_sz = 0;
     m = os_msys_get_pkthdr(sz, 0);
     if (!m) {

tests/api.c

@@ -1015,7 +1015,7 @@ static void test_wolfSSL_CTX_load_verify_locations(void)
 static int test_cm_load_ca_buffer(const byte* cert_buf, size_t cert_sz, int file_type)
 {
     int ret;
-    WOLFSSL_CERT_MANAGER* cm = NULL;
+    WOLFSSL_CERT_MANAGER* cm;
 
     cm = wolfSSL_CertManagerNew();
     if (cm == NULL) {
@@ -1150,7 +1150,7 @@ static int test_wolfSSL_CertManagerSetVerify(void)
     int ret = 0;
 #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \
     !defined(NO_WOLFSSL_CM_VERIFY) && !defined(NO_RSA)
-    WOLFSSL_CERT_MANAGER* cm = NULL;
+    WOLFSSL_CERT_MANAGER* cm;
     int tmp = myVerifyFail;
     const char* ca_cert = "./certs/ca-cert.pem";
     const char* expiredCert = "./certs/test/expired/expired-cert.pem";
@@ -2037,7 +2037,7 @@ static void test_wolfSSL_EVP_CIPHER_CTX()
 #if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
     EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
     const EVP_CIPHER *init = EVP_aes_128_cbc();
-    const EVP_CIPHER *test = NULL;
+    const EVP_CIPHER *test;
     byte key[AES_BLOCK_SIZE] = {0};
     byte iv[AES_BLOCK_SIZE] = {0};
 
@@ -2165,7 +2165,7 @@ static THREAD_RETURN WOLFSSL_THREAD test_server_nofail(void* args)
     SOCKET_T clientfd = 0;
     word16 port;
 
-    callback_functions* cbf = NULL;
+    callback_functions* cbf;
     WOLFSSL_CTX* ctx = 0;
     WOLFSSL* ssl = 0;
 
@@ -2258,7 +2258,7 @@ static THREAD_RETURN WOLFSSL_THREAD test_server_nofail(void* args)
 
 #ifdef WOLFSSL_SESSION_EXPORT
     /* only add in more complex nonblocking case with session export tests */
-    if (args && ((func_args*)args)->argc > 0) {
+    if (((func_args*)args)->argc > 0) {
         /* set as nonblock and time out for waiting on read/write */
         tcp_set_nonblocking(&clientfd);
         wolfSSL_dtls_set_using_nonblock(ssl, 1);
@@ -2296,7 +2296,7 @@ static THREAD_RETURN WOLFSSL_THREAD test_server_nofail(void* args)
 
 #ifdef WOLFSSL_SESSION_EXPORT
     /* only add in more complex nonblocking case with session export tests */
-    if (args && ((func_args*)args)->argc > 0) {
+    if (((func_args*)args)->argc > 0) {
         ret = nonblocking_accept_read(args, ssl, &clientfd);
         if (ret >= 0) {
             ((func_args*)args)->return_code = TEST_SUCCESS;
@@ -2385,7 +2385,7 @@ static THREAD_RETURN WOLFSSL_THREAD test_server_loop(void* args)
     SOCKET_T clientfd = 0;
     word16 port;
 
-    callback_functions* cbf = NULL;
+    callback_functions* cbf;
     WOLFSSL_CTX* ctx = 0;
     WOLFSSL* ssl = 0;
 
@@ -2575,7 +2575,7 @@ typedef int (*cbType)(WOLFSSL_CTX *ctx, WOLFSSL *ssl);
 static void test_client_nofail(void* args, void *cb)
 {
     SOCKET_T sockfd = 0;
-    callback_functions* cbf = NULL;
+    callback_functions* cbf;
 
     WOLFSSL_CTX*     ctx     = 0;
     WOLFSSL*         ssl     = 0;
@@ -2757,7 +2757,7 @@ done:
 static void test_client_reuse_WOLFSSLobj(void* args, void *cb, void* server_args)
 {
     SOCKET_T sockfd = 0;
-    callback_functions* cbf = NULL;
+    callback_functions* cbf;
 
     WOLFSSL_CTX*     ctx     = 0;
     WOLFSSL*         ssl     = 0;
@@ -4391,11 +4391,13 @@ static void test_wolfSSL_X509_NAME_get_entry(void)
 
     {
         /* use openssl like name to test mapping */
-        X509_NAME_ENTRY* ne = NULL;
-        X509_NAME* name = NULL;
-        char* subCN = NULL;
+        X509_NAME_ENTRY* ne;
+        X509_NAME* name;
         X509* x509;
+    #ifndef NO_FILESYSTEM
         ASN1_STRING* asn;
+        char* subCN = NULL;
+    #endif
         int idx;
         ASN1_OBJECT *object = NULL;
 #if defined(WOLFSSL_APACHE_HTTPD) || defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX)
@@ -4456,7 +4458,10 @@ static void test_wolfSSL_PKCS12(void)
     char file[] = "./certs/test-servercert.p12";
     char order[] = "./certs/ecc-rsa-server.p12";
     char pass[] = "a password";
+#ifdef HAVE_ECC
     WOLFSSL_X509_NAME* subject;
+    WOLFSSL_X509     *x509;
+#endif
     XFILE f;
     int  bytes, ret;
     WOLFSSL_BIO      *bio;
@@ -4464,7 +4469,6 @@ static void test_wolfSSL_PKCS12(void)
     WC_PKCS12        *pkcs12;
     WC_PKCS12        *pkcs12_2;
     WOLFSSL_X509     *cert;
-    WOLFSSL_X509     *x509;
     WOLFSSL_X509     *tmp;
     WOLF_STACK_OF(WOLFSSL_X509) *ca;
 #if defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) || defined(WOLFSSL_HAPROXY) \
@@ -4710,8 +4714,6 @@ static void test_wolfSSL_PKCS12(void)
     PKCS12_free(pkcs12);
     BIO_free(bio);
 
-    (void)x509;
-    (void)subject;
     (void)order;
 
     printf(resultFmt, passed);
@@ -5195,8 +5197,6 @@ static int test_wolfSSL_CTX_SetMinVersion(void)
         const int versions[0];
     #endif
 
-    failFlag = WOLFSSL_SUCCESS;
-
     ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
 
     printf(testingFmt, "wolfSSL_CTX_SetMinVersion()");
@@ -6913,6 +6913,8 @@ static int test_wc_InitSha3 (void)
 #if defined(WOLFSSL_SHA3)
     wc_Sha3            sha3;
 
+    (void)sha3;
+
     #if !defined(WOLFSSL_NOSHA3_224)
         printf(testingFmt, "wc_InitSha3_224()");
 
@@ -10464,7 +10466,7 @@ static int test_wc_AesCbcEncryptDecrypt (void)
         }
     }
     /* If encrypt succeeds but cbc decrypt fails, we can still test. */
-    if (ret == 0 || (ret != 0 && cbcE == 0)) {
+    if (ret == 0 || cbcE == 0) {
         ret = wc_AesCbcDecryptWithKey(dec2, enc, AES_BLOCK_SIZE,
                                      key32, sizeof(key32)/sizeof(byte), iv);
         if (ret == 0 || XMEMCMP(vector, dec2, AES_BLOCK_SIZE) == 0) {
@@ -16573,9 +16575,7 @@ static int test_wc_ecc_mulmod (void)
 
     ret = wc_InitRng(&rng);
     if (ret == 0) {
-        if (ret == 0) {
-            ret = wc_ecc_init(&key1);
-        }
+        ret = wc_ecc_init(&key1);
         if (ret == 0) {
             ret = wc_ecc_init(&key2);
         }
@@ -16585,6 +16585,7 @@ static int test_wc_ecc_mulmod (void)
         if (ret == 0) {
             ret = wc_ecc_make_key(&rng, KEY32, &key1);
         }
+        wc_FreeRng(&rng);
     }
     if (ret == 0) {
         ret = wc_ecc_import_raw_ex(&key2, key1.dp->Gx, key1.dp->Gy, key1.dp->Af,
@@ -16626,9 +16627,6 @@ static int test_wc_ecc_mulmod (void)
 
     printf(resultFmt, ret == 0 ? passed : failed);
 
-    if (wc_FreeRng(&rng) && ret == 0) {
-        ret = WOLFSSL_FATAL_ERROR;
-    }
     wc_ecc_free(&key1);
     wc_ecc_free(&key2);
     wc_ecc_free(&key3);
@@ -20540,7 +20538,7 @@ static void test_wolfSSL_CTX_add_extra_chain_cert(void)
     char caFile[] = "./certs/client-ca.pem";
     char clientFile[] = "./certs/client-cert.pem";
     SSL_CTX* ctx;
-    X509* x509 = NULL;
+    X509* x509;
 
     printf(testingFmt, "wolfSSL_CTX_add_extra_chain_cert()");
 
@@ -22864,6 +22862,14 @@ static void test_wolfSSL_PKCS8_d2i(void)
         #endif
     #endif
 
+#ifndef NO_FILESYSTEM
+   (void)pkcs8_buffer;
+   (void)p;
+   (void)bytes;
+   (void)file;
+   (void)bio;
+#endif
+
     #ifndef NO_RSA
     /* Try to auto-detect normal RSA private key */
     AssertNotNull(pkey = d2i_AutoPrivateKey(NULL, &rsa, rsaSz));
@@ -24367,8 +24373,8 @@ static void test_wolfSSL_RSA_get0_key(void)
     const BIGNUM* e = NULL;
     const BIGNUM* d = NULL;
 
-    const unsigned char* der = NULL;
-    int derSz = 0;
+    const unsigned char* der;
+    int derSz;
 
 #ifdef USE_CERT_BUFFERS_1024
     der = client_key_der_1024;
@@ -24376,6 +24382,9 @@ static void test_wolfSSL_RSA_get0_key(void)
 #elif defined(USE_CERT_BUFFERS_2048)
     der = client_key_der_2048;
     derSz = sizeof_client_key_der_2048;
+#else
+    der = NULL;
+    derSz = 0;
 #endif
 
     printf(testingFmt, "test_wolfSSL_RSA_get0_key()");
@@ -25009,9 +25018,9 @@ static void test_wolfSSL_OpenSSL_add_all_algorithms(void){
 
 static void test_wolfSSL_ASN1_STRING_print_ex(void){
 #if defined(OPENSSL_EXTRA) && !defined(NO_ASN)
-    ASN1_STRING* asn_str = NULL;
+    ASN1_STRING* asn_str;
     const char data[] = "Hello wolfSSL!";
-    ASN1_STRING* esc_str = NULL;
+    ASN1_STRING* esc_str;
     const char esc_data[] = "a+;<>";
     BIO *bio;
     unsigned long flags;
@@ -25119,7 +25128,6 @@ static void test_wolfSSL_ASN1_TIME_to_generalizedtime(void){
     XMEMSET(t, 0, ASN_GENERALIZED_TIME_SIZE);
     XMEMSET(out, 0, ASN_GENERALIZED_TIME_SIZE);
     XMEMSET(data, 0, ASN_GENERALIZED_TIME_SIZE);
-    gtime = NULL;
     t->type = ASN_GENERALIZED_TIME;
     t->length = ASN_GENERALIZED_TIME_SIZE;
     XMEMCPY(t->data, "20050727123456Z", ASN_GENERALIZED_TIME_SIZE);
@@ -26778,7 +26786,7 @@ static void test_wolfSSL_X509_EXTENSION_get_critical(void)
     WOLFSSL_X509* x509;
     WOLFSSL_X509_EXTENSION* ext;
     FILE* file;
-    int crit = -1;
+    int crit;
 
     printf(testingFmt, "wolfSSL_X509_EXTENSION_get_critical");
 
@@ -26994,7 +27002,7 @@ static void test_wolfSSL_OCSP_get0_info()
     ASN1_OBJECT* pmd  = NULL;
     ASN1_STRING* keyHash = NULL;
     ASN1_INTEGER* serial = NULL;
-    ASN1_INTEGER* x509Int = NULL;
+    ASN1_INTEGER* x509Int;
 
     printf(testingFmt, "wolfSSL_OCSP_get0_info()");
 
@@ -29226,10 +29234,10 @@ static void test_wolfSSL_PEM_X509_INFO_read_bio(void)
 static void test_wolfSSL_X509_NAME_ENTRY_get_object()
 {
 #if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && !defined(NO_RSA)
-    X509 *x509 = NULL;
-    X509_NAME* name = NULL;
+    X509 *x509;
+    X509_NAME* name;
     int idx = 0;
-    X509_NAME_ENTRY *ne = NULL;
+    X509_NAME_ENTRY *ne;
     ASN1_OBJECT *object = NULL;
 
     printf(testingFmt, "wolfSSL_X509_NAME_ENTRY_get_object");

testsuite/testsuite.c

@@ -136,13 +136,11 @@ int testsuite_test(int argc, char** argv)
         func_args echo_args;
         char* myArgv[NUMARGS];
 
-        char argc0[32];
-        char argc1[32];
-        char argc2[32];
+        char arg[3][32];
 
-        myArgv[0] = argc0;
-        myArgv[1] = argc1;
-        myArgv[2] = argc2;
+        myArgv[0] = arg[0];
+        myArgv[1] = arg[1];
+        myArgv[2] = arg[2];
 
         echo_args.argc = 3;
         echo_args.argv = myArgv;
@@ -154,9 +152,9 @@ int testsuite_test(int argc, char** argv)
             return EXIT_FAILURE;
         }
 
-        strcpy(echo_args.argv[0], "echoclient");
-        strcpy(echo_args.argv[1], "input");
-        strcpy(echo_args.argv[2], outputName);
+        strcpy(arg[0], "echoclient");
+        strcpy(arg[1], "input");
+        strcpy(arg[2], outputName);
 
         /* Share the signal, it has the new port number in it. */
         echo_args.signal = server_args.signal;
@@ -229,36 +227,20 @@ void simple_test(func_args* args)
 {
     THREAD_TYPE serverThread;
 
+    int i;
+
     func_args svrArgs;
     char *svrArgv[9];
-    char argc0s[32];
-    char argc1s[32];
-    char argc2s[32];
-    char argc3s[32];
-    char argc4s[32];
-    char argc5s[32];
-    char argc6s[32];
-    char argc7s[32];
-    char argc8s[32];
+    char argvs[9][32];
 
     func_args cliArgs;
     char *cliArgv[NUMARGS];
-    char argc0c[32];
-    char argc1c[32];
-    char argc2c[32];
-
-    svrArgv[0] = argc0s;
-    svrArgv[1] = argc1s;
-    svrArgv[2] = argc2s;
-    svrArgv[3] = argc3s;
-    svrArgv[4] = argc4s;
-    svrArgv[5] = argc5s;
-    svrArgv[6] = argc6s;
-    svrArgv[7] = argc7s;
-    svrArgv[8] = argc8s;
-    cliArgv[0] = argc0c;
-    cliArgv[1] = argc1c;
-    cliArgv[2] = argc2c;
+    char argvc[3][32];
+
+    for (i = 0; i < 9; i++)
+        svrArgv[i] = argvs[i];
+    for (i = 0; i < 3; i++)
+        cliArgv[i] = argvc[i];
 
     svrArgs.argc = 1;
     svrArgs.argv = svrArgv;
@@ -267,11 +249,11 @@ void simple_test(func_args* args)
     cliArgs.argv = cliArgv;
     cliArgs.return_code = 0;
 
-    strcpy(svrArgs.argv[0], "SimpleServer");
+    strcpy(argvs[0], "SimpleServer");
     #if !defined(USE_WINDOWS_API) && !defined(WOLFSSL_SNIFFER)  && \
                                      !defined(WOLFSSL_TIRTOS)
-        strcpy(svrArgs.argv[svrArgs.argc++], "-p");
-        strcpy(svrArgs.argv[svrArgs.argc++], "0");
+        strcpy(argvs[svrArgs.argc++], "-p");
+        strcpy(argvs[svrArgs.argc++], "0");
     #endif
     /* Set the last arg later, when it is known. */
 
@@ -281,11 +263,11 @@ void simple_test(func_args* args)
     wait_tcp_ready(&svrArgs);
 
     /* Setting the actual port number. */
-    strcpy(cliArgs.argv[0], "SimpleClient");
+    strcpy(argvc[0], "SimpleClient");
     #ifndef USE_WINDOWS_API
         cliArgs.argc = NUMARGS;
-        strcpy(cliArgs.argv[1], "-p");
-        snprintf(cliArgs.argv[2], sizeof(argc2c), "%d", svrArgs.signal->port);
+        strcpy(argvc[1], "-p");
+        snprintf(argvc[2], sizeof(argvc[2]), "%d", svrArgs.signal->port);
     #endif
 
     client_test(&cliArgs);

wolfcrypt/benchmark/benchmark.c

@@ -4542,7 +4542,7 @@ void bench_rsa(int doAsync)
     int         ret = 0, i;
     RsaKey      rsaKey[BENCH_MAX_PENDING];
 #if !defined(WOLFSSL_RSA_PUBLIC_ONLY) || defined(WOLFSSL_PUBLIC_MP)
-    int         rsaKeySz = RSA_BUF_SIZE * 8; /* used in printf */
+    int         rsaKeySz; /* used in printf */
     size_t      bytes;
     const byte* tmp;
     word32      idx;

wolfcrypt/src/aes.c

@@ -2152,6 +2152,7 @@ static void wc_AesDecrypt(Aes* aes, const byte* inBlock, byte* outBlock)
     #endif
 
 #ifdef NEED_AES_TABLES
+        (void)temp;
 
         switch (keylen) {
     #if defined(AES_MAX_KEY_SIZE) && AES_MAX_KEY_SIZE >= 128 && \

wolfcrypt/src/asn.c

@@ -2826,7 +2826,7 @@ int wc_CheckPrivateKey(byte* key, word32 keySz, DecodedCert* der)
     /* test if RSA key */
     if (der->keyOID == RSAk) {
     #ifdef WOLFSSL_SMALL_STACK
-        RsaKey* a = NULL;
+        RsaKey* a;
         RsaKey* b = NULL;
     #else
         RsaKey a[1], b[1];
@@ -2895,7 +2895,7 @@ int wc_CheckPrivateKey(byte* key, word32 keySz, DecodedCert* der)
     #if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT) && !defined(NO_ASN_CRYPT)
     if (der->keyOID == ECDSAk) {
     #ifdef WOLFSSL_SMALL_STACK
-        ecc_key* key_pair = NULL;
+        ecc_key* key_pair;
         byte*    privDer;
     #else
         ecc_key  key_pair[1];
@@ -2960,7 +2960,7 @@ int wc_CheckPrivateKey(byte* key, word32 keySz, DecodedCert* der)
     #if defined(HAVE_ED25519) && !defined(NO_ASN_CRYPT)
     if (der->keyOID == ED25519k) {
     #ifdef WOLFSSL_SMALL_STACK
-        ed25519_key* key_pair = NULL;
+        ed25519_key* key_pair;
     #else
         ed25519_key  key_pair[1];
     #endif
@@ -3284,7 +3284,7 @@ int UnTraditionalEnc(byte* key, word32 keySz, byte* out, word32* outSz,
             return ASN_VERSION_E;
         }
 
-        if (salt == NULL || saltSz <= 0) {
+        if (salt == NULL || saltSz == 0) {
             saltSz = 8;
         #ifdef WOLFSSL_SMALL_STACK
             saltTmp = (byte*)XMALLOC(saltSz, heap, DYNAMIC_TYPE_TMP_BUFFER);
@@ -3356,7 +3356,7 @@ int UnTraditionalEnc(byte* key, word32 keySz, byte* out, word32* outSz,
     /* check if should return max size */
     if (out == NULL) {
         /* account for salt size */
-        if (salt == NULL || saltSz <= 0) {
+        if (salt == NULL || saltSz == 0) {
             tmpSz += MAX_SALT_SIZE;
         }
         else {
@@ -3516,7 +3516,7 @@ int TraditionalEnc(byte* key, word32 keySz, byte* out, word32* outSz,
 
     ret = CheckAlgo(vPKCS, vAlgo, &id, &version, &blockSz);
     /* create random salt if one not provided */
-    if (ret == 0 && (salt == NULL || saltSz <= 0)) {
+    if (ret == 0 && (salt == NULL || saltSz == 0)) {
         saltSz = 8;
     #ifdef WOLFSSL_SMALL_STACK
         saltTmp = (byte*)XMALLOC(saltSz, heap, DYNAMIC_TYPE_TMP_BUFFER);
@@ -3914,7 +3914,7 @@ int EncryptContent(byte* input, word32 inputSz, byte* out, word32* outSz,
                 return ALGO_ID_E;
         }
 
-        if (saltSz <= 0) {
+        if (saltSz == 0) {
             sz += MAX_SALT_SIZE;
         }
         else {
@@ -3944,7 +3944,7 @@ int EncryptContent(byte* input, word32 inputSz, byte* out, word32* outSz,
     out[tmpIdx++] = ASN_OCTET_STRING;
 
     /* create random salt if one not provided */
-    if (salt == NULL || saltSz <= 0) {
+    if (salt == NULL || saltSz == 0) {
         saltSz = 8;
     #ifdef WOLFSSL_SMALL_STACK
         saltTmp = (byte*)XMALLOC(saltSz, heap, DYNAMIC_TYPE_TMP_BUFFER);
@@ -5129,7 +5129,7 @@ static int StoreRsaKey(DecodedCert* cert, word32 bitStringEnd)
         word32 oidSz = 0;
 
         ret = wc_ecc_get_oid(oid, NULL, &oidSz);
-        if (ret < 0 || oidSz <= 0) {
+        if (ret < 0 || oidSz == 0) {
             WOLFSSL_MSG("CheckCurve not found");
             ret = ALGO_ID_E;
         }
@@ -5490,7 +5490,7 @@ int wc_OBJ_sn2nid(const char *sn)
 /* Routine for calculating hashId */
 int CalcHashId(const byte* data, word32 len, byte* hash)
 {
-    int ret = NOT_COMPILED_IN;
+    int ret;
 
 #ifdef WOLF_CRYPTO_CB
     /* try to use a registered crypto callback */
@@ -5504,6 +5504,8 @@ int CalcHashId(const byte* data, word32 len, byte* hash)
     ret = wc_Sha256Hash(data, len, hash);
 #elif !defined(NO_SHA)
     ret = wc_ShaHash(data, len, hash);
+#else
+    ret = NOT_COMPILED_IN;
 #endif
 
     return ret;
@@ -5860,7 +5862,7 @@ static int GetName(DecodedCert* cert, int nameType, int maxIdx)
                 #endif /* OPENSSL_EXTRA */
                 #ifndef IGNORE_NAME_CONSTRAINTS
                     {
-                        DNS_entry* emailName = NULL;
+                        DNS_entry* emailName;
 
                         emailName = (DNS_entry*)XMALLOC(sizeof(DNS_entry),
                                               cert->heap, DYNAMIC_TYPE_ALTNAME);
@@ -6330,7 +6332,7 @@ int ValidateDate(const byte* date, byte format, int dateType)
     time_t ltime;
     struct tm  certTime;
     struct tm* localTime;
-    struct tm* tmpTime = NULL;
+    struct tm* tmpTime;
     int    i = 0;
     int    timeDiff = 0 ;
     int    diffHH = 0 ; int diffMM = 0 ;
@@ -6340,8 +6342,9 @@ int ValidateDate(const byte* date, byte format, int dateType)
     struct tm tmpTimeStorage;
     tmpTime = &tmpTimeStorage;
 #else
-    (void)tmpTime;
+    tmpTime = NULL;
 #endif
+    (void)tmpTime;
 
     ltime = XTIME(0);
 
@@ -9326,7 +9329,7 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm)
                                                     type != TRUSTED_PEER_TYPE) {
                         WOLFSSL_MSG("\tmaxPathLen status: OK");
                     }
-                } else if (decrementMaxPathLen && cert->ca->maxPathLen <= 0) {
+                } else if (decrementMaxPathLen && cert->ca->maxPathLen == 0) {
                     cert->maxPathLen = 0;
                     if (verify != NO_VERIFY && type != CA_TYPE &&
                                                     type != TRUSTED_PEER_TYPE) {
@@ -9366,12 +9369,12 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm)
     /* prepare for TSIP TLS cert verification API use */
     if (cert->keyOID == RSAk) {
         /* to call TSIP API, it needs keys position info in bytes */
-        if (ret = RsaPublicKeyDecodeRawIndex(cert->publicKey, (word32*)&idx,
+        if ((ret = RsaPublicKeyDecodeRawIndex(cert->publicKey, (word32*)&idx,
                                    cert->pubKeySize,
                                    &cert->sigCtx.pubkey_n_start,
                                    &cert->sigCtx.pubkey_n_len,
                                    &cert->sigCtx.pubkey_e_start,
-                                   &cert->sigCtx.pubkey_e_len) != 0) {
+                                   &cert->sigCtx.pubkey_e_len)) != 0) {
             WOLFSSL_MSG("Decoding index from cert failed.");
             return ret;
         }
@@ -10038,8 +10041,7 @@ int wc_EncryptedInfoParse(EncryptedInfo* info, char** pBuffer, size_t bufSz)
         newline = SkipEndOfLineChars(newline, bufferEnd);
 
         /* return new headerEnd */
-        if (pBuffer)
-            *pBuffer = newline;
+        *pBuffer = newline;
     }
 
     return err;
@@ -10844,7 +10846,7 @@ static int SetRsaPublicKey(byte* output, RsaKey* key,
     if (with_header) {
         int  algoSz;
 #ifdef WOLFSSL_SMALL_STACK
-        byte* algo = NULL;
+        byte* algo;
 
         algo = (byte*)XMALLOC(MAX_ALGO_SZ, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
         if (algo == NULL) {
@@ -11289,7 +11291,7 @@ static int SetEccPublicKey(byte* output, ecc_key* key, int with_header)
 #ifdef WOLFSSL_SMALL_STACK
     byte* algo = NULL;
     byte* curve = NULL;
-    byte* pub = NULL;
+    byte* pub;
 #else
     byte algo[MAX_ALGO_SZ];
     byte curve[MAX_ALGO_SZ];
@@ -11432,7 +11434,7 @@ int wc_EccPublicKeyToDer(ecc_key* key, byte* output, word32 inLen,
         return keySz + infoSz;
     }
 
-    if (output == NULL || inLen < keySz + infoSz) {
+    if (inLen < keySz + infoSz) {
         return BUFFER_E;
     }
 
@@ -11459,7 +11461,7 @@ static int SetEd25519PublicKey(byte* output, ed25519_key* key, int with_header)
     word32 pubSz = ED25519_PUB_KEY_SIZE;
 #ifdef WOLFSSL_SMALL_STACK
     byte* algo = NULL;
-    byte* pub = NULL;
+    byte* pub;
 #else
     byte algo[MAX_ALGO_SZ];
     byte pub[ED25519_PUB_KEY_SIZE];
@@ -11624,7 +11626,7 @@ static int SetValidity(byte* output, int daysValid)
 
     time_t now;
     time_t then;
-    struct tm* tmpTime = NULL;
+    struct tm* tmpTime;
     struct tm* expandedTime;
     struct tm localTime;
 
@@ -11633,8 +11635,9 @@ static int SetValidity(byte* output, int daysValid)
     struct tm tmpTimeStorage;
     tmpTime = &tmpTimeStorage;
 #else
-    (void)tmpTime;
+    tmpTime = NULL;
 #endif
+    (void)tmpTime;
 
     now = XTIME(0);
 
@@ -13501,11 +13504,14 @@ static int SignCert(int requestSz, int sType, byte* buffer, word32 buffSz,
 {
     int sigSz = 0;
     void* heap = NULL;
-    CertSignCtx* certSignCtx = NULL;
+    CertSignCtx* certSignCtx;
 #ifndef WOLFSSL_ASYNC_CRYPT
     CertSignCtx  certSignCtx_lcl;
+
     certSignCtx = &certSignCtx_lcl;
     XMEMSET(certSignCtx, 0, sizeof(CertSignCtx));
+#else
+    certSignCtx = NULL;
 #endif
 
     if (requestSz < 0)
@@ -14882,7 +14888,7 @@ int wc_EccPrivateKeyDecode(const byte* input, word32* inOutIdx, ecc_key* key,
     XMEMCPY(priv, &input[*inOutIdx], privSz);
     *inOutIdx += length;
 
-    if (ret == 0 && (*inOutIdx + 1) < inSz) {
+    if ((*inOutIdx + 1) < inSz) {
         /* prefix 0, may have */
         b = input[*inOutIdx];
         if (b == ECC_PREFIX_0) {
@@ -16077,7 +16083,7 @@ static int DecodeBasicOcspResponse(byte* source, word32* ioIndex,
     else
 #endif /* WOLFSSL_NO_OCSP_OPTIONAL_CERTS */
     {
-        Signer* ca = NULL;
+        Signer* ca;
         int sigValid = -1;
 
         #ifndef NO_SKID

wolfcrypt/src/blake2b.c

@@ -317,8 +317,7 @@ int blake2b_update( blake2b_state *S, const byte *in, word64 inlen )
     {
       XMEMCPY( S->buf + left, in, (wolfssl_word)inlen );
       S->buflen += inlen; /* Be lazy, do not compress */
-      in += inlen;
-      inlen -= inlen;
+      inlen = 0;
     }
   }
 

wolfcrypt/src/blake2s.c

@@ -311,8 +311,7 @@ int blake2s_update( blake2s_state *S, const byte *in, word32 inlen )
     {
       XMEMCPY( S->buf + left, in, (wolfssl_word)inlen );
       S->buflen += inlen; /* Be lazy, do not compress */
-      in += inlen;
-      inlen -= inlen;
+      inlen = 0;
     }
   }
 

wolfcrypt/src/dh.c

@@ -1231,8 +1231,8 @@ static int GeneratePublicDh(DhKey* key, byte* priv, word32 privSz,
     int ret = 0;
 #ifndef WOLFSSL_SP_MATH
 #ifdef WOLFSSL_SMALL_STACK
-    mp_int* x = NULL;
-    mp_int* y = NULL;
+    mp_int* x;
+    mp_int* y;
 #else
     mp_int x[1];
     mp_int y[1];
@@ -1499,7 +1499,7 @@ int wc_DhCheckPubKey_ex(DhKey* key, const byte* pub, word32 pubSz,
     /* SP 800-56Ar3, section 5.6.2.3.1, process step 2 */
 #ifndef WOLFSSL_SP_MATH
             /* calculate (y^q) mod(p), store back into y */
-            if (ret == 0 && mp_exptmod(y, q, p, y) != MP_OKAY)
+            if (mp_exptmod(y, q, p, y) != MP_OKAY)
                 ret = MP_EXPTMOD_E;
 #else
             ret = WC_KEY_SIZE_E;
@@ -1840,10 +1840,10 @@ static int wc_DhAgree_Sync(DhKey* key, byte* agree, word32* agreeSz,
 {
     int ret = 0;
 #ifdef WOLFSSL_SMALL_STACK
-    mp_int* y = NULL;
+    mp_int* y;
 #ifndef WOLFSSL_SP_MATH
-    mp_int* x = NULL;
-    mp_int* z = NULL;
+    mp_int* x;
+    mp_int* z;
 #endif
 #else
     mp_int y[1];

wolfcrypt/src/ecc.c

@@ -3477,7 +3477,7 @@ int wc_ecc_shared_secret(ecc_key* private_key, ecc_key* public_key, byte* out,
                       word32* outlen)
 {
    int err;
-#if defined(WOLFSSL_CRYPTOCELL)
+#if defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_ATECC508A)
    CRYS_ECDH_TempData_t tempBuff;
 #endif
    if (private_key == NULL || public_key == NULL || out == NULL ||
@@ -4041,7 +4041,7 @@ int wc_ecc_make_key_ex(WC_RNG* rng, int keysize, ecc_key* key, int curve_id)
     DECLARE_CURVE_SPECS(curve, ECC_CURVE_FIELD_COUNT);
 #endif
 #endif /* !WOLFSSL_ATECC508A */
-#if defined(WOLFSSL_CRYPTOCELL)
+#if defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_ATECC508A)
     const CRYS_ECPKI_Domain_t*  pDomain;
     CRYS_ECPKI_KG_TempData_t    tempBuff;
     CRYS_ECPKI_KG_FipsContext_t fipsCtx;
@@ -4462,14 +4462,14 @@ static int wc_ecc_sign_hash_hw(const byte* in, word32 inlen,
     int err;
 #ifdef PLUTON_CRYPTO_ECC
     if (key->devId != INVALID_DEVID) /* use hardware */
-#endif
-#if defined(WOLFSSL_CRYPTOCELL)
-    CRYS_ECDSA_SignUserContext_t sigCtxTemp;
-    word32 raw_sig_size = *outlen;
-    word32 msgLenInBytes = inlen;
-    CRYS_ECPKI_HASH_OpMode_t hash_mode;
 #endif
     {
+    #if defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_ATECC508A)
+        CRYS_ECDSA_SignUserContext_t sigCtxTemp;
+        word32 raw_sig_size = *outlen;
+        word32 msgLenInBytes = inlen;
+        CRYS_ECPKI_HASH_OpMode_t hash_mode;
+    #endif
         word32 keysize = (word32)key->dp->size;
         word32 orderBits = wc_ecc_get_curve_order_bit_count(key->dp);
 
@@ -4478,11 +4478,6 @@ static int wc_ecc_sign_hash_hw(const byte* in, word32 inlen,
             return ECC_BAD_ARG_E;
         }
 
-        /* if the input is larger than curve order, we must truncate */
-        if ((inlen * WOLFSSL_BIT_SIZE) > orderBits) {
-           inlen = (orderBits + WOLFSSL_BIT_SIZE - 1) / WOLFSSL_BIT_SIZE;
-        }
-
     #if defined(WOLFSSL_ATECC508A)
         key->slot = atmel_ecc_alloc(ATMEL_SLOT_DEVICE);
         if (key->slot == ATECC_INVALID_SLOT) {
@@ -4496,6 +4491,11 @@ static int wc_ecc_sign_hash_hw(const byte* in, word32 inlen,
         }
     #elif defined(PLUTON_CRYPTO_ECC)
         {
+            /* if the input is larger than curve order, we must truncate */
+            if ((inlen * WOLFSSL_BIT_SIZE) > orderBits) {
+               inlen = (orderBits + WOLFSSL_BIT_SIZE - 1) / WOLFSSL_BIT_SIZE;
+            }
+
             /* perform ECC sign */
             word32 raw_sig_size = *outlen;
             err = Crypto_EccSign(in, inlen, out, &raw_sig_size);
@@ -4887,7 +4887,7 @@ int wc_ecc_sign_hash_ex(const byte* in, word32 inlen, WC_RNG* rng,
    if (err == MP_OKAY) {
        int      loop_check = 0;
    #ifdef WOLFSSL_SMALL_STACK
-       ecc_key* pubkey = NULL;
+       ecc_key* pubkey;
    #else
        ecc_key  pubkey[1];
    #endif
@@ -5126,7 +5126,7 @@ int wc_ecc_sign_set_k(const byte* k, word32 klen, ecc_key* key)
 {
     int ret = 0;
 
-    if (k == NULL || klen <= 0 || key == NULL) {
+    if (k == NULL || klen == 0 || key == NULL) {
         ret = BAD_FUNC_ARG;
     }
 
@@ -5363,7 +5363,7 @@ int ecc_mul2add(ecc_point* A, mp_int* kA,
 
   if (err == MP_OKAY) {
   #ifdef WOLFSSL_SMALL_STACK
-    mp_int* mu = NULL;
+    mp_int* mu;
   #else
     mp_int  mu[1];
   #endif
@@ -5807,7 +5807,7 @@ int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash,
 
    hash_mode = cc310_hashModeECC(msgLenInBytes);
    if (hash_mode == CRYS_ECPKI_HASH_OpModeLast) {
-       hash_mode = cc310_hashModeECC(keySz);
+       /* hash_mode = */ cc310_hashModeECC(keySz);
        hash_mode = CRYS_ECPKI_HASH_SHA256_mode;
    }
    /* truncate if hash is longer than key size */
@@ -6450,8 +6450,8 @@ int wc_ecc_is_point(ecc_point* ecp, mp_int* a, mp_int* b, mp_int* prime)
 #ifndef WOLFSSL_SP_MATH
    int err;
 #ifdef WOLFSSL_SMALL_STACK
-   mp_int* t1 = NULL;
-   mp_int* t2 = NULL;
+   mp_int* t1;
+   mp_int* t2;
 #else
    mp_int  t1[1], t2[1];
 #endif
@@ -7114,7 +7114,7 @@ int wc_ecc_import_private_key_ex(const byte* priv, word32 privSz,
 {
     int ret;
     word32 idx = 0;
-#if defined(WOLFSSL_CRYPTOCELL)
+#if defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_ATECC508A)
     const CRYS_ECPKI_Domain_t* pDomain;
     CRYS_ECPKI_BUILD_TempData_t tempBuff;
 #endif
@@ -7428,7 +7428,7 @@ static int wc_ecc_import_raw_private(ecc_key* key, const char* qx,
           const char* qy, const char* d, int curve_id, int encType)
 {
     int err = MP_OKAY;
-#if defined(WOLFSSL_CRYPTOCELL)
+#if defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_ATECC508A)
     const CRYS_ECPKI_Domain_t* pDomain;
     CRYS_ECPKI_BUILD_TempData_t tempBuff;
     byte key_raw[ECC_MAX_CRYPTO_HW_SIZE*2 + 1];
@@ -7540,19 +7540,22 @@ static int wc_ecc_import_raw_private(ecc_key* key, const char* qx,
             else
                 err = mp_read_unsigned_bin(&key->k, (const byte*)d,
                     key->dp->size);
+            if (err == MP_OKAY) {
+                err = wc_export_int(&key->k, &key_raw[0], &keySz, keySz,
+                    WC_TYPE_UNSIGNED_BIN);
+            }
 
-            err = wc_export_int(&key->k, &key_raw[0], &keySz, keySz,
-                WC_TYPE_UNSIGNED_BIN);
-
-            /* Create private key from external key buffer*/
-            err = CRYS_ECPKI_BuildPrivKey(pDomain,
-                                          key_raw,
-                                          keySz,
-                                          &key->ctx.privKey);
-
-            if (err != SA_SILIB_RET_OK){
-                WOLFSSL_MSG("CRYS_ECPKI_BuildPrivKey failed");
-                return err;
+            if (err == MP_OKAY) {
+                /* Create private key from external key buffer*/
+                err = CRYS_ECPKI_BuildPrivKey(pDomain,
+                                              key_raw,
+                                              keySz,
+                                              &key->ctx.privKey);
+
+                if (err != SA_SILIB_RET_OK){
+                    WOLFSSL_MSG("CRYS_ECPKI_BuildPrivKey failed");
+                    return err;
+                }
             }
 
         #else
@@ -9025,7 +9028,7 @@ int ecc_mul2add(ecc_point* A, mp_int* kA,
                 ecc_point* B, mp_int* kB,
                 ecc_point* C, mp_int* a, mp_int* modulus, void* heap)
 {
-   int  idx1 = -1, idx2 = -1, err = MP_OKAY, mpInit = 0;
+   int  idx1 = -1, idx2 = -1, err, mpInit = 0;
    mp_digit mp;
    mp_int   mu;
 

wolfcrypt/src/integer.c

@@ -287,7 +287,7 @@ int mp_leading_bit (mp_int * a)
 #ifndef MP_8BIT
         bit = (t.dp[0] & 0x80) != 0;
 #else
-        bit = (t.dp[0] | ((t.dp[1] & 0x01) << 7)) & 0x80 != 0;
+        bit = ((t.dp[0] | ((t.dp[1] & 0x01) << 7)) & 0x80) != 0;
 #endif
         if (mp_div_2d (&t, 8, &t, NULL) != MP_OKAY)
             break;
@@ -918,6 +918,8 @@ int mp_exptmod (mp_int * G, mp_int * X, mp_int * P, mp_int * Y)
   dr = 0;
 #endif
 
+  (void)dr;
+
 #ifdef BN_MP_REDUCE_IS_2K_C
   /* if not, is it a unrestricted DR modulus? */
   if (dr == 0) {
@@ -1911,7 +1913,7 @@ int mp_exptmod_fast (mp_int * G, mp_int * X, mp_int * P, mp_int * Y,
   mp_digit buf, mp;
   int     err, bitbuf, bitcpy, bitcnt, mode, digidx, x, y, winsize;
 #ifdef WOLFSSL_SMALL_STACK
-  mp_int* M = NULL;
+  mp_int* M;
 #else
   mp_int M[TAB_SIZE];
 #endif
@@ -1919,7 +1921,7 @@ int mp_exptmod_fast (mp_int * G, mp_int * X, mp_int * P, mp_int * Y,
    * one of many reduction algorithms without modding the guts of
    * the code with if statements everywhere.
    */
-  int     (*redux)(mp_int*,mp_int*,mp_digit);
+  int     (*redux)(mp_int*,mp_int*,mp_digit) = NULL;
 
 #ifdef WOLFSSL_SMALL_STACK
   M = (mp_int*) XMALLOC(sizeof(mp_int) * TAB_SIZE, NULL,
@@ -2002,9 +2004,6 @@ int mp_exptmod_fast (mp_int * G, mp_int * X, mp_int * P, mp_int * Y,
 #ifdef BN_MP_MONTGOMERY_REDUCE_C
         /* use slower baseline Montgomery method */
         redux = mp_montgomery_reduce;
-#else
-        err = MP_VAL;
-        goto LBL_M;
 #endif
      }
   } else if (redmode == 1) {
@@ -2012,9 +2011,6 @@ int mp_exptmod_fast (mp_int * G, mp_int * X, mp_int * P, mp_int * Y,
      /* setup DR reduction for moduli of the form B**k - b */
      mp_dr_setup(P, &mp);
      redux = mp_dr_reduce;
-#else
-     err = MP_VAL;
-     goto LBL_M;
 #endif
   } else {
 #if defined(BN_MP_REDUCE_2K_SETUP_C) && defined(BN_MP_REDUCE_2K_C)
@@ -2023,10 +2019,12 @@ int mp_exptmod_fast (mp_int * G, mp_int * X, mp_int * P, mp_int * Y,
         goto LBL_M;
      }
      redux = mp_reduce_2k;
-#else
+#endif
+  }
+
+  if (redux == NULL) {
      err = MP_VAL;
      goto LBL_M;
-#endif
   }
 
   /* setup result */
@@ -3032,6 +3030,7 @@ int mp_mul (mp_int * a, mp_int * b, mp_int * c)
   neg = (a->sign == b->sign) ? MP_ZPOS : MP_NEG;
 
   {
+#ifdef BN_FAST_S_MP_MUL_DIGS_C
     /* can we use the fast multiplier?
      *
      * The fast multiplier can be used if the output will
@@ -3040,7 +3039,6 @@ int mp_mul (mp_int * a, mp_int * b, mp_int * c)
      */
     int     digs = a->used + b->used + 1;
 
-#ifdef BN_FAST_S_MP_MUL_DIGS_C
     if ((digs < (int)MP_WARRAY) &&
         MIN(a->used, b->used) <=
         (1 << ((CHAR_BIT * sizeof (mp_word)) - (2 * DIGIT_BIT)))) {

wolfcrypt/src/memory.c

@@ -1042,7 +1042,7 @@ void *xmalloc(size_t n, void* heap, int type, const char* func,
     p32[0] = (word32)n;
     p = (void*)(p32 + 4);
 
-    fprintf(stderr, "Alloc: %p -> %u (%d) at %s:%s:%d\n", p, (word32)n, type,
+    fprintf(stderr, "Alloc: %p -> %u (%d) at %s:%s:%u\n", p, (word32)n, type,
                                                               func, file, line);
 
     (void)heap;
@@ -1072,10 +1072,10 @@ void *xrealloc(void *p, size_t n, void* heap, int type, const char* func,
         p32[0] = (word32)n;
         newp = (void*)(p32 + 4);
 
-        fprintf(stderr, "Alloc: %p -> %u (%d) at %s:%s:%d\n", newp, (word32)n,
+        fprintf(stderr, "Alloc: %p -> %u (%d) at %s:%s:%u\n", newp, (word32)n,
                                                         type, func, file, line);
         if (p != NULL) {
-            fprintf(stderr, "Free: %p -> %u (%d) at %s:%s:%d\n", p, oldLen,
+            fprintf(stderr, "Free: %p -> %u (%d) at %s:%s:%u\n", p, oldLen,
                                                         type, func, file, line);
         }
     }
@@ -1092,7 +1092,7 @@ void xfree(void *p, void* heap, int type, const char* func, const char* file,
     if (p != NULL) {
         p32 -= 4;
 
-        fprintf(stderr, "Free: %p -> %u (%d) at %s:%s:%d\n", p, p32[0], type,
+        fprintf(stderr, "Free: %p -> %u (%d) at %s:%s:%u\n", p, p32[0], type,
                                                               func, file, line);
 
         if (free_function)
@@ -1111,7 +1111,7 @@ void __attribute__((no_instrument_function))
      __cyg_profile_func_enter(void *func,  void *caller)
 {
     register void* sp asm("sp");
-    fprintf(stderr, "ENTER: %016lx %p\n", (size_t)func, sp);
+    fprintf(stderr, "ENTER: %016lx %p\n", (unsigned long)(size_t)func, sp);
     (void)caller;
 }
 
@@ -1119,7 +1119,7 @@ void __attribute__((no_instrument_function))
      __cyg_profile_func_exit(void *func, void *caller)
 {
     register void* sp asm("sp");
-    fprintf(stderr, "EXIT: %016lx %p\n", (size_t)func, sp);
+    fprintf(stderr, "EXIT: %016lx %p\n", (unsigned long)(size_t)func, sp);
     (void)caller;
 }
 #endif

wolfcrypt/src/pkcs7.c

@@ -1605,8 +1605,9 @@ static int wc_PKCS7_RsaSign(PKCS7* pkcs7, byte* in, word32 inSz, ESD* esd)
         do {
             ret = wc_AsyncWait(ret, &privKey->asyncDev,
                 WC_ASYNC_FLAG_CALL_AGAIN);
+            if (ret >= 0)
     #endif
-            if (ret >= 0) {
+            {
                 ret = wc_RsaSSL_Sign(in, inSz, esd->encContentDigest,
                                      sizeof(esd->encContentDigest),
                                      privKey, pkcs7->rng);
@@ -1668,8 +1669,9 @@ static int wc_PKCS7_EcdsaSign(PKCS7* pkcs7, byte* in, word32 inSz, ESD* esd)
         do {
             ret = wc_AsyncWait(ret, &privKey->asyncDev,
                 WC_ASYNC_FLAG_CALL_AGAIN);
+            if (ret >= 0)
     #endif
-            if (ret >= 0) {
+            {
                 ret = wc_ecc_sign_hash(in, inSz, esd->encContentDigest,
                                        &outSz, pkcs7->rng, privKey);
             }
@@ -3982,11 +3984,10 @@ static int wc_PKCS7_ParseSignerInfo(PKCS7* pkcs7, byte* in, word32 inSz,
                    tag == (ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC | 0)) {
                 idx++;
 
-                if (ret == 0 && GetLength(in, &idx, &length, inSz) <= 0) {
+                if (GetLength(in, &idx, &length, inSz) <= 0)
                     ret = ASN_PARSE_E;
-                }
 
-                if (idx + 1 > inSz)
+                if (ret == 0 && idx + 1 > inSz)
                     ret = BUFFER_E;
 
                 if (ret == 0 && GetASNTag(in, &idx, &tag, inSz) < 0)
@@ -4130,13 +4131,12 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
 
 #ifndef NO_PKCS7_STREAM
     /* allow for 0 size inputs with stream mode */
-    if (pkcs7 == NULL || (pkiMsg == NULL && pkiMsgSz > 0))
+    if (pkiMsg == NULL && pkiMsgSz > 0)
         return BAD_FUNC_ARG;
 
 #else
     if (pkiMsg == NULL || pkiMsgSz == 0)
         return BAD_FUNC_ARG;
-
 #endif
 
     if ((hashSz > 0 && hashBuf == NULL) || (pkiMsg2Sz > 0 && pkiMsg2 == NULL)) {
@@ -4388,7 +4388,7 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
 
             /* get length of content in case of single part */
             if (ret == 0 && !multiPart) {
-                if (ret == 0 && tag != ASN_OCTET_STRING)
+                if (tag != ASN_OCTET_STRING)
                     ret = ASN_PARSE_E;
 
                 if (ret == 0 && GetLength_ex(pkiMsg, &localIdx,
@@ -5646,7 +5646,7 @@ int wc_PKCS7_AddRecipient_KARI(PKCS7* pkcs7, const byte* cert, word32 certSz,
                                int keyWrapOID, int keyAgreeOID, byte* ukm,
                                word32 ukmSz, int options)
 {
-    Pkcs7EncodedRecip* recip = NULL;
+    Pkcs7EncodedRecip* recip;
     Pkcs7EncodedRecip* lastRecip = NULL;
     WC_PKCS7_KARI* kari = NULL;
 
@@ -10123,7 +10123,7 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* in,
         #endif
 
             /* remove EncryptedContentInfo */
-            if (ret == 0 && GetSequence(pkiMsg, &idx, &length, pkiMsgSz) < 0) {
+            if (GetSequence(pkiMsg, &idx, &length, pkiMsgSz) < 0) {
                 ret = ASN_PARSE_E;
             }
 
@@ -10211,13 +10211,13 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* in,
 
             explicitOctet = 0;
             localIdx = idx;
-            if (ret == 0 && GetASNTag(pkiMsg, &localIdx, &tag, pkiMsgSz) == 0 &&
+            if (GetASNTag(pkiMsg, &localIdx, &tag, pkiMsgSz) == 0 &&
                     tag == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | 0)) {
                 explicitOctet = 1;
             }
 
             /* read encryptedContent, cont[0] */
-            if (ret == 0 && tag != (ASN_CONTEXT_SPECIFIC | 0) &&
+            if (tag != (ASN_CONTEXT_SPECIFIC | 0) &&
                           tag != (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | 0)) {
                 ret = ASN_PARSE_E;
             }
@@ -10282,7 +10282,7 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* in,
         #endif
             encryptedContent = (byte*)XMALLOC(encryptedContentSz, pkcs7->heap,
                                                        DYNAMIC_TYPE_PKCS7);
-            if (ret == 0 && encryptedContent == NULL) {
+            if (encryptedContent == NULL) {
                 ret = MEMORY_E;
                 break;
             }
@@ -10457,7 +10457,7 @@ int wc_PKCS7_EncodeAuthEnvelopedData(PKCS7* pkcs7, byte* output,
         return blockKeySz;
 
     blockSz = wc_PKCS7_GetOIDBlockSize(pkcs7->encryptOID);
-    if (blockKeySz < 0 || blockSz < 0)
+    if (blockSz < 0)
         return blockSz;
 
     /* outer content type */
@@ -10585,7 +10585,7 @@ int wc_PKCS7_EncodeAuthEnvelopedData(PKCS7* pkcs7, byte* output,
             contentTypeAttrib.valueSz = ret;
 
         /* otherwise, try to set from custom content type */
-        } else if (ret <= 0) {
+        } else {
             if (pkcs7->contentTypeSz == 0) {
                 WOLFSSL_MSG("CMS pkcs7->contentType must be set if "
                             "contentOID is not");
@@ -11188,7 +11188,7 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* in,
                 encodedAttribs = pkiMsg + idx;
                 idx++;
 
-                if (ret == 0 && GetLength(pkiMsg, &idx, &length, pkiMsgSz) < 0)
+                if (GetLength(pkiMsg, &idx, &length, pkiMsgSz) < 0)
                     ret = ASN_PARSE_E;
             #ifndef NO_PKCS7_STREAM
                 pkcs7->stream->expected = length;

wolfcrypt/src/poly1305.c

@@ -392,7 +392,7 @@ void poly1305_block(Poly1305* ctx, const unsigned char *m)
 #if !defined(WOLFSSL_ARMASM) || !defined(__aarch64__)
 int wc_Poly1305SetKey(Poly1305* ctx, const byte* key, word32 keySz)
 {
-#if defined(POLY130564)
+#if defined(POLY130564) && !defined(USE_INTEL_SPEEDUP)
     word64 t0,t1;
 #endif
 

wolfcrypt/src/port/arm/armv8-sha256.c

@@ -1079,8 +1079,9 @@ static WC_INLINE int Sha256Final(wc_Sha256* sha256, byte* hash)
     sha256->loLen = sha256->loLen << 3;
 
     /* store lengths */
-	word32* bufPt = sha256->buffer;
     #if defined(LITTLE_ENDIAN_ORDER)
+    {
+	word32* bufPt = sha256->buffer;
         __asm__ volatile (
             "VLD1.32 {q0}, [%[in]] \n"
             "VREV32.8 q0, q0 \n"
@@ -1098,6 +1099,7 @@ static WC_INLINE int Sha256Final(wc_Sha256* sha256, byte* hash)
             : [in] "0" (bufPt)
             : "cc", "memory", "q0", "q1", "q2", "q3"
         );
+    }
     #endif
     /* ! length ordering dependent on digest endian type ! */
     XMEMCPY(&local[WC_SHA256_PAD_SIZE], &sha256->hiLen, sizeof(word32));

wolfcrypt/src/port/atmel/atmel.c

@@ -771,6 +771,9 @@ int atcatls_verify_signature_cb(WOLFSSL* ssl, const byte* sig, unsigned int sigS
         /* export public as unsigned bin for hardware */
         ret = wc_ecc_export_public_raw(&tmpKey, qx, &qxLen, qy, &qyLen);
         wc_ecc_free(&tmpKey);
+        if (ret != 0) {
+            goto exit;
+        }
 
         /* decode the ECDSA signature */
         ret = wc_ecc_sig_to_rs(sig, sigSz,

wolfcrypt/src/port/intel/quickassist_sync.c

@@ -511,7 +511,7 @@ int IntelQaHardwareStart(const char* process_name, int limitDevAccess)
             }
         }
 
-        QLOG("Inst %u, Node: %d, Affin: %u, Dev: %u, Accel %u, "
+        QLOG("Inst %d, Node: %d, Affin: %u, Dev: %u, Accel %u, "
                 "EE %u, BDF %02X:%02X:%02X, isPolled %d\n",
                 i, g_cyInstanceInfo[i].nodeAffinity, coreAffinity,
                 g_cyInstanceInfo[i].physInstId.packageId,
@@ -1532,7 +1532,7 @@ static void _qaeMemFree(void *ptr, void* heap, int type
 
 #ifdef WOLFSSL_DEBUG_MEMORY
 #ifdef WOLFSSL_DEBUG_MEMORY_PRINT
-    printf("Free: %p (%u) at %s:%d, heap %p, type %d, count %d\n",
+    printf("Free: %p (%u) at %s:%u, heap %p, type %d, count %d\n",
         origPtr, (unsigned int)size, func, line, heap, type, header->count);
 #else
     (void)func;
@@ -1680,7 +1680,7 @@ static void* _qaeMemAlloc(size_t size, void* heap, int type
 
 #ifdef WOLFSSL_DEBUG_MEMORY
 #ifdef WOLFSSL_DEBUG_MEMORY_PRINT
-    printf("Alloc: %p (%u) at %s:%d, heap %p, type %d\n",
+    printf("Alloc: %p (%u) at %s:%u, heap %p, type %d\n",
         ptr, (unsigned int)size, func, line, heap, type);
 #else
     (void)func;
@@ -1841,11 +1841,11 @@ void* wc_CryptoCb_IntelQaRealloc(void *ptr, size_t size, void* heap, int type
 #ifdef WOLFSSL_DEBUG_MEMORY
 #ifdef WOLFSSL_DEBUG_MEMORY_PRINT
     if (allocNew) {
-        printf("Realloc: New %p -> %p (%u) at %s:%d, heap %p, type %d\n",
+        printf("Realloc: New %p -> %p (%u) at %s:%u, heap %p, type %d\n",
             origPtr, newPtr, (unsigned int)size, func, line, heap, type);
     }
     else {
-        printf("Realloc: Reuse %p (%u) at %s:%d, heap %p, type %d, count %d\n",
+        printf("Realloc: Reuse %p (%u) at %s:%u, heap %p, type %d, count %d\n",
              origPtr, (unsigned int)size, func, line, header->heap, header->type, header->count);
     }
 #else
@@ -1963,12 +1963,13 @@ static byte aesgcm_t[] = {
 /* simple example of using AES-GCM encrypt with Intel QA */
 int main(int argc, char** argv)
 {
+#if !defined(NO_AES) && defined(HAVE_AESGCM)
     int ret;
     IntelQaDev dev;
     byte out[256];
-    word32 outLen = sizeof(out);
     byte tmp[256];
-    word32 tmpLen = sizeof(tmp);
+    word32 tmpLen;
+#endif
 
 #ifdef QAT_DEBUG
     wolfSSL_Debugging_ON();
@@ -1993,9 +1994,6 @@ int main(int argc, char** argv)
 #endif /* HAVE_AESGCM */
 #endif /* NO_AES */
 
-    (void)tmp;
-    (void)tmpLen;
-
     IntelQaDeInit(0);
 
     return 0;

wolfcrypt/src/port/mynewt/mynewt_port.c

@@ -128,7 +128,6 @@ size_t mynewt_fread(void *restrict ptr, size_t size, size_t nitems, FILE *restri
 size_t mynewt_fwrite(const void *restrict ptr, size_t size, size_t nitems, FILE *restrict stream)
 {
     size_t to_write = size * nitems;
-    size_t write_size;
     int rc = fs_write(stream, ptr, to_write);
     if(rc != 0) {
         return 0;

wolfcrypt/src/port/st/stm32.c

@@ -614,7 +614,7 @@ static int stm32_get_ecc_specs(const uint8_t **prime, const uint8_t **coef,
 #endif
 #ifdef ECC192
     case 24:
-        (uint8_t)*prime = stm32_ecc192_prime;
+        *prime = stm32_ecc192_prime;
         *coef = stm32_ecc192_coef;
         *GenPointX = stm32_ecc192_pointX;
         *GenPointY = stm32_ecc192_pointY;
@@ -804,7 +804,6 @@ int stm32_ecc_sign_hash_ex(const byte* hash, word32 hashlen, WC_RNG* rng,
     PKA_ECDSASignInTypeDef pka_ecc;
     PKA_ECDSASignOutTypeDef pka_ecc_out;
     int size;
-    int szrbin;
     int status;
     mp_int gen_k;
     mp_int order_mp;

wolfcrypt/src/random.c

@@ -613,7 +613,7 @@ static int Hash_DRBG_Instantiate(DRBG* drbg, const byte* seed, word32 seedSz,
                                              const byte* nonce, word32 nonceSz,
                                              void* heap, int devId)
 {
-    int ret = DRBG_FAILURE;
+    int ret;
 
     XMEMSET(drbg, 0, sizeof(DRBG));
 #if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLF_CRYPTO_CB)
@@ -644,6 +644,9 @@ static int Hash_DRBG_Instantiate(DRBG* drbg, const byte* seed, word32 seedSz,
         drbg->matchCount = 0;
         ret = DRBG_SUCCESS;
     }
+    else {
+        ret = DRBG_FAILURE;
+    }
 
     return ret;
 }
@@ -1650,10 +1653,11 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
             RNGCONbits.PLEN = 0x40;
             RNGCONbits.PRNGEN = 1;
             for (i=0; i<5; i++) { /* wait for RNGNUMGEN ready */
-                volatile int x;
+                volatile int x, y;
                 x = RNGNUMGEN1;
-                x = RNGNUMGEN2;
+                y = RNGNUMGEN2;
                 (void)x;
+                (void)y;
             }
             do {
                 rnd32[0] = RNGNUMGEN1;
@@ -2404,15 +2408,19 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
     {
         int ret = 0;
 
-#ifdef WOLF_CRYPTO_CB
-    if (os != NULL && os->devId != INVALID_DEVID) {
-        ret = wc_CryptoCb_RandomSeed(os, output, sz);
-        if (ret != CRYPTOCB_UNAVAILABLE)
-            return ret;
-        /* fall-through when unavailable */
-        ret = 0; /* reset error code */
-    }
-#endif
+        if (os == NULL) {
+            return BAD_FUNC_ARG;
+        }
+
+    #ifdef WOLF_CRYPTO_CB
+        if (os->devId != INVALID_DEVID) {
+            ret = wc_CryptoCb_RandomSeed(os, output, sz);
+            if (ret != CRYPTOCB_UNAVAILABLE)
+                return ret;
+            /* fall-through when unavailable */
+            ret = 0; /* reset error code */
+        }
+    #endif
 
     #ifdef HAVE_INTEL_RDSEED
         if (IS_INTEL_RDSEED(intel_flags)) {

wolfcrypt/src/rsa.c

@@ -684,10 +684,8 @@ int wc_CheckRsaKey(RsaKey* key)
 
     /* Check dP, dQ and u if they exist */
     if (ret == 0 && !mp_iszero(&key->dP)) {
-        if (ret == 0) {
-            if (mp_sub_d(&key->p, 1, tmp) != MP_OKAY) {
-                ret = MP_EXPTMOD_E;
-            }
+        if (mp_sub_d(&key->p, 1, tmp) != MP_OKAY) {
+            ret = MP_EXPTMOD_E;
         }
         /* Check dP <= p-1. */
         if (ret == 0) {
@@ -2011,10 +2009,10 @@ static int wc_RsaFunctionSync(const byte* in, word32 inLen, byte* out,
 {
 #ifndef WOLFSSL_SP_MATH
 #ifdef WOLFSSL_SMALL_STACK
-    mp_int* tmp = NULL;
+    mp_int* tmp;
 #ifdef WC_RSA_BLINDING
-    mp_int* rnd = NULL;
-    mp_int* rndi = NULL;
+    mp_int* rnd;
+    mp_int* rndi;
 #endif
 #else
     mp_int tmp[1];
@@ -2172,7 +2170,7 @@ static int wc_RsaFunctionSync(const byte* in, word32 inLen, byte* out,
         #else
             if (ret == 0) {
             #ifdef WOLFSSL_SMALL_STACK
-                mp_int* tmpa = NULL;
+                mp_int* tmpa;
                 mp_int* tmpb = NULL;
             #else
                 mp_int tmpa[1], tmpb[1];
@@ -2258,8 +2256,8 @@ static int wc_RsaFunctionSync(const byte* in, word32 inLen, byte* out,
         #else
             if (mp_exptmod(tmp, &key->e, &key->n, tmp) != MP_OKAY)
                 ret = MP_EXPTMOD_E;
-            break;
         #endif
+            break;
         default:
             ret = RSA_WRONG_TYPE_E;
             break;
@@ -2599,7 +2597,7 @@ int wc_RsaFunction(const byte* in, word32 inLen, byte* out,
 
         /* Check that 1 < in < n-1. (Requirement of 800-56B.) */
 #ifdef WOLFSSL_SMALL_STACK
-        mp_int* c = NULL;
+        mp_int* c;
 #else
         mp_int c[1];
 #endif
@@ -3045,9 +3043,11 @@ int wc_RsaPublicEncrypt_ex(const byte* in, word32 inLen, byte* out,
 #ifndef WOLFSSL_RSA_PUBLIC_ONLY
 int wc_RsaPrivateDecryptInline(byte* in, word32 inLen, byte** out, RsaKey* key)
 {
-    WC_RNG* rng = NULL;
+    WC_RNG* rng;
 #ifdef WC_RSA_BLINDING
     rng = key->rng;
+#else
+    rng = NULL;
 #endif
     return RsaPrivateDecryptEx(in, inLen, in, inLen, out, key,
         RSA_PRIVATE_DECRYPT, RSA_BLOCK_TYPE_2, WC_RSA_PKCSV15_PAD,
@@ -3060,9 +3060,11 @@ int wc_RsaPrivateDecryptInline_ex(byte* in, word32 inLen, byte** out,
                                   RsaKey* key, int type, enum wc_HashType hash,
                                   int mgf, byte* label, word32 labelSz)
 {
-    WC_RNG* rng = NULL;
+    WC_RNG* rng;
 #ifdef WC_RSA_BLINDING
     rng = key->rng;
+#else
+    rng = NULL;
 #endif
     return RsaPrivateDecryptEx(in, inLen, in, inLen, out, key,
         RSA_PRIVATE_DECRYPT, RSA_BLOCK_TYPE_2, type, hash,
@@ -3074,9 +3076,11 @@ int wc_RsaPrivateDecryptInline_ex(byte* in, word32 inLen, byte** out,
 int wc_RsaPrivateDecrypt(const byte* in, word32 inLen, byte* out,
                                                  word32 outLen, RsaKey* key)
 {
-    WC_RNG* rng = NULL;
+    WC_RNG* rng;
 #ifdef WC_RSA_BLINDING
     rng = key->rng;
+#else
+    rng = NULL;
 #endif
     return RsaPrivateDecryptEx((byte*)in, inLen, out, outLen, NULL, key,
         RSA_PRIVATE_DECRYPT, RSA_BLOCK_TYPE_2, WC_RSA_PKCSV15_PAD,
@@ -3089,9 +3093,11 @@ int wc_RsaPrivateDecrypt_ex(const byte* in, word32 inLen, byte* out,
                             enum wc_HashType hash, int mgf, byte* label,
                             word32 labelSz)
 {
-    WC_RNG* rng = NULL;
+    WC_RNG* rng;
 #ifdef WC_RSA_BLINDING
     rng = key->rng;
+#else
+    rng = NULL;
 #endif
     return RsaPrivateDecryptEx((byte*)in, inLen, out, outLen, NULL, key,
         RSA_PRIVATE_DECRYPT, RSA_BLOCK_TYPE_2, type, hash, mgf, label,
@@ -3103,9 +3109,11 @@ int wc_RsaPrivateDecrypt_ex(const byte* in, word32 inLen, byte* out,
 #if !defined(WOLFSSL_CRYPTOCELL)
 int wc_RsaSSL_VerifyInline(byte* in, word32 inLen, byte** out, RsaKey* key)
 {
-    WC_RNG* rng = NULL;
+    WC_RNG* rng;
 #ifdef WC_RSA_BLINDING
     rng = key->rng;
+#else
+    rng = NULL;
 #endif
     return RsaPrivateDecryptEx(in, inLen, in, inLen, out, key,
         RSA_PUBLIC_DECRYPT, RSA_BLOCK_TYPE_1, WC_RSA_PKCSV15_PAD,
@@ -3123,9 +3131,10 @@ int wc_RsaSSL_Verify(const byte* in, word32 inLen, byte* out, word32 outLen,
         return BAD_FUNC_ARG;
     }
 
-    rng = NULL;
 #ifdef WC_RSA_BLINDING
     rng = key->rng;
+#else
+    rng = NULL;
 #endif
 
     return RsaPrivateDecryptEx((byte*)in, inLen, out, outLen, NULL, key,
@@ -3177,9 +3186,11 @@ int wc_RsaPSS_VerifyInline_ex(byte* in, word32 inLen, byte** out,
                               enum wc_HashType hash, int mgf, int saltLen,
                               RsaKey* key)
 {
-    WC_RNG* rng = NULL;
+    WC_RNG* rng;
 #ifdef WC_RSA_BLINDING
     rng = key->rng;
+#else
+    rng = NULL;
 #endif
     return RsaPrivateDecryptEx(in, inLen, in, inLen, out, key,
         RSA_PUBLIC_DECRYPT, RSA_BLOCK_TYPE_1, WC_RSA_PSS_PAD,
@@ -3226,9 +3237,11 @@ int wc_RsaPSS_Verify_ex(byte* in, word32 inLen, byte* out, word32 outLen,
                         enum wc_HashType hash, int mgf, int saltLen,
                         RsaKey* key)
 {
-    WC_RNG* rng = NULL;
+    WC_RNG* rng;
 #ifdef WC_RSA_BLINDING
     rng = key->rng;
+#else
+    rng = NULL;
 #endif
     return RsaPrivateDecryptEx(in, inLen, out, outLen, NULL, key,
         RSA_PUBLIC_DECRYPT, RSA_BLOCK_TYPE_1, WC_RSA_PSS_PAD,

wolfcrypt/src/signature.c

@@ -126,9 +126,9 @@ int wc_SignatureVerifyHash(
     int ret;
 
     /* Check arguments */
-    if (hash_data == NULL || hash_len <= 0 ||
-        sig == NULL || sig_len <= 0 ||
-        key == NULL || key_len <= 0) {
+    if (hash_data == NULL || hash_len == 0 ||
+        sig == NULL || sig_len == 0 ||
+        key == NULL || key_len == 0) {
         return BAD_FUNC_ARG;
     }
 
@@ -259,9 +259,9 @@ int wc_SignatureVerify(
 #endif
 
     /* Check arguments */
-    if (data == NULL || data_len <= 0 ||
-        sig == NULL || sig_len <= 0 ||
-        key == NULL || key_len <= 0) {
+    if (data == NULL || data_len == 0 ||
+        sig == NULL || sig_len == 0 ||
+        key == NULL || key_len == 0) {
         return BAD_FUNC_ARG;
     }
 
@@ -358,9 +358,9 @@ int wc_SignatureGenerateHash_ex(
     (void)rng;
 
     /* Check arguments */
-    if (hash_data == NULL || hash_len <= 0 ||
-        sig == NULL || sig_len == NULL || *sig_len <= 0 ||
-        key == NULL || key_len <= 0) {
+    if (hash_data == NULL || hash_len == 0 ||
+        sig == NULL || sig_len == NULL || *sig_len == 0 ||
+        key == NULL || key_len == 0) {
         return BAD_FUNC_ARG;
     }
 
@@ -469,9 +469,9 @@ int wc_SignatureGenerate_ex(
 #endif
 
     /* Check arguments */
-    if (data == NULL || data_len <= 0 ||
-        sig == NULL || sig_len == NULL || *sig_len <= 0 ||
-        key == NULL || key_len <= 0) {
+    if (data == NULL || data_len == 0 ||
+        sig == NULL || sig_len == NULL || *sig_len == 0 ||
+        key == NULL || key_len == 0) {
         return BAD_FUNC_ARG;
     }
 

wolfcrypt/src/sp_arm32.c

@@ -72321,16 +72321,18 @@ static const sp_digit p256_b[8] = {
 static int sp_ecc_point_new_ex(void* heap, sp_point* sp, sp_point** p)
 {
     int ret = MP_OKAY;
-    (void)heap;
-#if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
-    (void)sp;
-    *p = (sp_point*)XMALLOC(sizeof(sp_point), heap, DYNAMIC_TYPE_ECC);
-#else
-    *p = sp;
-#endif
     if (p == NULL) {
         ret = MEMORY_E;
     }
+    else {
+    #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
+        *p = (sp_point*)XMALLOC(sizeof(sp_point), heap, DYNAMIC_TYPE_ECC);
+        (void)sp;
+    #else
+        *p = sp;
+        (void)heap;
+    #endif
+    }
     return ret;
 }
 
@@ -76111,11 +76113,12 @@ int sp_ecc_mulmod_256(mp_int* km, ecc_point* gm, ecc_point* r, int map,
 {
 #if !defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)
     sp_point p;
-    sp_digit kd[8];
+    sp_digit k[8];
+#else
+    sp_digit* k = NULL;
 #endif
     sp_point* point;
-    sp_digit* k = NULL;
-    int err = MP_OKAY;
+    int err;
 
     err = sp_ecc_point_new(heap, p, point);
 #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
@@ -76125,8 +76128,6 @@ int sp_ecc_mulmod_256(mp_int* km, ecc_point* gm, ecc_point* r, int map,
         if (k == NULL)
             err = MEMORY_E;
     }
-#else
-    k = kd;
 #endif
     if (err == MP_OKAY) {
         sp_256_from_mp(k, 8, km);
@@ -77559,11 +77560,12 @@ int sp_ecc_mulmod_base_256(mp_int* km, ecc_point* r, int map, void* heap)
 {
 #if !defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)
     sp_point p;
-    sp_digit kd[8];
+    sp_digit k[8];
+#else
+    sp_digit* k = NULL;
 #endif
     sp_point* point;
-    sp_digit* k = NULL;
-    int err = MP_OKAY;
+    int err;
 
     err = sp_ecc_point_new(heap, p, point);
 #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
@@ -77574,8 +77576,6 @@ int sp_ecc_mulmod_base_256(mp_int* km, ecc_point* r, int map, void* heap)
             err = MEMORY_E;
         }
     }
-#else
-    k = kd;
 #endif
     if (err == MP_OKAY) {
         sp_256_from_mp(k, 8, km);
@@ -77721,13 +77721,14 @@ int sp_ecc_make_key_256(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap)
 {
 #if !defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)
     sp_point p;
-    sp_digit kd[8];
+    sp_digit k[8];
 #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
     sp_point inf;
 #endif
+#else
+    sp_digit* k = NULL;
 #endif
     sp_point* point;
-    sp_digit* k = NULL;
 #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
     sp_point* infinity;
 #endif
@@ -77749,8 +77750,6 @@ int sp_ecc_make_key_256(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap)
             err = MEMORY_E;
         }
     }
-#else
-    k = kd;
 #endif
 
     if (err == MP_OKAY) {
@@ -77844,10 +77843,11 @@ int sp_ecc_secret_gen_256(mp_int* priv, ecc_point* pub, byte* out,
 {
 #if !defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)
     sp_point p;
-    sp_digit kd[8];
+    sp_digit k[8];
+#else
+    sp_digit* k = NULL;
 #endif
     sp_point* point = NULL;
-    sp_digit* k = NULL;
     int err = MP_OKAY;
 
     if (*outLen < 32U) {
@@ -77864,8 +77864,6 @@ int sp_ecc_secret_gen_256(mp_int* priv, ecc_point* pub, byte* out,
         if (k == NULL)
             err = MEMORY_E;
     }
-#else
-    k = kd;
 #endif
 
     if (err == MP_OKAY) {
@@ -79416,7 +79414,7 @@ int sp_ecc_sign_256(const byte* hash, word32 hashLen, WC_RNG* rng, mp_int* priv,
     sp_digit carry;
     sp_digit* s = NULL;
     sp_digit* kInv = NULL;
-    int err = MP_OKAY;
+    int err;
     int32_t c;
     int i;
 
@@ -79724,7 +79722,7 @@ int sp_ecc_verify_256(const byte* hash, word32 hashLen, mp_int* pX,
 static int sp_256_ecc_is_point_8(sp_point* point, void* heap)
 {
 #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
-    sp_digit* d = NULL;
+    sp_digit* d;
 #else
     sp_digit t1d[2*8];
     sp_digit t2d[2*8];

wolfcrypt/src/sp_arm64.c

@@ -30573,16 +30573,18 @@ static const sp_digit p256_b[4] = {
 static int sp_ecc_point_new_ex(void* heap, sp_point* sp, sp_point** p)
 {
     int ret = MP_OKAY;
-    (void)heap;
-#if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
-    (void)sp;
-    *p = (sp_point*)XMALLOC(sizeof(sp_point), heap, DYNAMIC_TYPE_ECC);
-#else
-    *p = sp;
-#endif
     if (p == NULL) {
         ret = MEMORY_E;
     }
+    else {
+    #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
+        *p = (sp_point*)XMALLOC(sizeof(sp_point), heap, DYNAMIC_TYPE_ECC);
+        (void)sp;
+    #else
+        *p = sp;
+        (void)heap;
+    #endif
+    }
     return ret;
 }
 
@@ -32896,11 +32898,12 @@ int sp_ecc_mulmod_256(mp_int* km, ecc_point* gm, ecc_point* r, int map,
 {
 #if !defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)
     sp_point p;
-    sp_digit kd[4];
+    sp_digit k[4];
+#else
+    sp_digit* k = NULL;
 #endif
     sp_point* point;
-    sp_digit* k = NULL;
-    int err = MP_OKAY;
+    int err;
 
     err = sp_ecc_point_new(heap, p, point);
 #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
@@ -32910,8 +32913,6 @@ int sp_ecc_mulmod_256(mp_int* km, ecc_point* gm, ecc_point* r, int map,
         if (k == NULL)
             err = MEMORY_E;
     }
-#else
-    k = kd;
 #endif
     if (err == MP_OKAY) {
         sp_256_from_mp(k, 4, km);
@@ -46367,11 +46368,12 @@ int sp_ecc_mulmod_base_256(mp_int* km, ecc_point* r, int map, void* heap)
 {
 #if !defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)
     sp_point p;
-    sp_digit kd[4];
+    sp_digit k[4];
+#else
+    sp_digit* k = NULL;
 #endif
     sp_point* point;
-    sp_digit* k = NULL;
-    int err = MP_OKAY;
+    int err;
 
     err = sp_ecc_point_new(heap, p, point);
 #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
@@ -46382,8 +46384,6 @@ int sp_ecc_mulmod_base_256(mp_int* km, ecc_point* r, int map, void* heap)
             err = MEMORY_E;
         }
     }
-#else
-    k = kd;
 #endif
     if (err == MP_OKAY) {
         sp_256_from_mp(k, 4, km);
@@ -46513,13 +46513,14 @@ int sp_ecc_make_key_256(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap)
 {
 #if !defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)
     sp_point p;
-    sp_digit kd[4];
+    sp_digit k[4];
 #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
     sp_point inf;
 #endif
+#else
+    sp_digit* k = NULL;
 #endif
     sp_point* point;
-    sp_digit* k = NULL;
 #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
     sp_point* infinity;
 #endif
@@ -46541,8 +46542,6 @@ int sp_ecc_make_key_256(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap)
             err = MEMORY_E;
         }
     }
-#else
-    k = kd;
 #endif
 
     if (err == MP_OKAY) {
@@ -46636,10 +46635,11 @@ int sp_ecc_secret_gen_256(mp_int* priv, ecc_point* pub, byte* out,
 {
 #if !defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)
     sp_point p;
-    sp_digit kd[4];
+    sp_digit k[4];
+#else
+    sp_digit* k = NULL;
 #endif
     sp_point* point = NULL;
-    sp_digit* k = NULL;
     int err = MP_OKAY;
 
     if (*outLen < 32U) {
@@ -46656,8 +46656,6 @@ int sp_ecc_secret_gen_256(mp_int* priv, ecc_point* pub, byte* out,
         if (k == NULL)
             err = MEMORY_E;
     }
-#else
-    k = kd;
 #endif
 
     if (err == MP_OKAY) {
@@ -47474,7 +47472,7 @@ int sp_ecc_sign_256(const byte* hash, word32 hashLen, WC_RNG* rng, mp_int* priv,
     sp_digit carry;
     sp_digit* s = NULL;
     sp_digit* kInv = NULL;
-    int err = MP_OKAY;
+    int err;
     int64_t c;
     int i;
 
@@ -47778,7 +47776,7 @@ int sp_ecc_verify_256(const byte* hash, word32 hashLen, mp_int* pX,
 static int sp_256_ecc_is_point_4(sp_point* point, void* heap)
 {
 #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
-    sp_digit* d = NULL;
+    sp_digit* d;
 #else
     sp_digit t1d[2*4];
     sp_digit t2d[2*4];

wolfcrypt/src/sp_armthumb.c

@@ -15715,16 +15715,18 @@ static const sp_digit p256_b[8] = {
 static int sp_ecc_point_new_ex(void* heap, sp_point* sp, sp_point** p)
 {
     int ret = MP_OKAY;
-    (void)heap;
-#if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
-    (void)sp;
-    *p = (sp_point*)XMALLOC(sizeof(sp_point), heap, DYNAMIC_TYPE_ECC);
-#else
-    *p = sp;
-#endif
     if (p == NULL) {
         ret = MEMORY_E;
     }
+    else {
+    #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
+        *p = (sp_point*)XMALLOC(sizeof(sp_point), heap, DYNAMIC_TYPE_ECC);
+        (void)sp;
+    #else
+        *p = sp;
+        (void)heap;
+    #endif
+    }
     return ret;
 }
 
@@ -18522,11 +18524,12 @@ int sp_ecc_mulmod_256(mp_int* km, ecc_point* gm, ecc_point* r, int map,
 {
 #if !defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)
     sp_point p;
-    sp_digit kd[8];
+    sp_digit k[8];
+#else
+    sp_digit* k = NULL;
 #endif
     sp_point* point;
-    sp_digit* k = NULL;
-    int err = MP_OKAY;
+    int err;
 
     err = sp_ecc_point_new(heap, p, point);
 #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
@@ -18536,8 +18539,6 @@ int sp_ecc_mulmod_256(mp_int* km, ecc_point* gm, ecc_point* r, int map,
         if (k == NULL)
             err = MEMORY_E;
     }
-#else
-    k = kd;
 #endif
     if (err == MP_OKAY) {
         sp_256_from_mp(k, 8, km);
@@ -19970,11 +19971,12 @@ int sp_ecc_mulmod_base_256(mp_int* km, ecc_point* r, int map, void* heap)
 {
 #if !defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)
     sp_point p;
-    sp_digit kd[8];
+    sp_digit k[8];
+#else
+    sp_digit* k = NULL;
 #endif
     sp_point* point;
-    sp_digit* k = NULL;
-    int err = MP_OKAY;
+    int err;
 
     err = sp_ecc_point_new(heap, p, point);
 #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
@@ -19985,8 +19987,6 @@ int sp_ecc_mulmod_base_256(mp_int* km, ecc_point* r, int map, void* heap)
             err = MEMORY_E;
         }
     }
-#else
-    k = kd;
 #endif
     if (err == MP_OKAY) {
         sp_256_from_mp(k, 8, km);
@@ -20134,13 +20134,14 @@ int sp_ecc_make_key_256(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap)
 {
 #if !defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)
     sp_point p;
-    sp_digit kd[8];
+    sp_digit k[8];
 #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
     sp_point inf;
 #endif
+#else
+    sp_digit* k = NULL;
 #endif
     sp_point* point;
-    sp_digit* k = NULL;
 #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
     sp_point* infinity;
 #endif
@@ -20162,8 +20163,6 @@ int sp_ecc_make_key_256(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap)
             err = MEMORY_E;
         }
     }
-#else
-    k = kd;
 #endif
 
     if (err == MP_OKAY) {
@@ -20257,10 +20256,11 @@ int sp_ecc_secret_gen_256(mp_int* priv, ecc_point* pub, byte* out,
 {
 #if !defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)
     sp_point p;
-    sp_digit kd[8];
+    sp_digit k[8];
+#else
+    sp_digit* k = NULL;
 #endif
     sp_point* point = NULL;
-    sp_digit* k = NULL;
     int err = MP_OKAY;
 
     if (*outLen < 32U) {
@@ -20277,8 +20277,6 @@ int sp_ecc_secret_gen_256(mp_int* priv, ecc_point* pub, byte* out,
         if (k == NULL)
             err = MEMORY_E;
     }
-#else
-    k = kd;
 #endif
 
     if (err == MP_OKAY) {
@@ -20883,7 +20881,7 @@ int sp_ecc_sign_256(const byte* hash, word32 hashLen, WC_RNG* rng, mp_int* priv,
     sp_digit carry;
     sp_digit* s = NULL;
     sp_digit* kInv = NULL;
-    int err = MP_OKAY;
+    int err;
     int32_t c;
     int i;
 
@@ -21191,7 +21189,7 @@ int sp_ecc_verify_256(const byte* hash, word32 hashLen, mp_int* pX,
 static int sp_256_ecc_is_point_8(sp_point* point, void* heap)
 {
 #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
-    sp_digit* d = NULL;
+    sp_digit* d;
 #else
     sp_digit t1d[2*8];
     sp_digit t2d[2*8];

wolfcrypt/src/sp_c32.c

@@ -1896,7 +1896,7 @@ static int sp_2048_mod_exp_45(sp_digit* r, const sp_digit* a, const sp_digit* e,
 #ifdef WOLFSSL_SP_SMALL
     sp_digit* td;
     sp_digit* t[3];
-    sp_digit* norm;
+    sp_digit* norm = NULL;
     sp_digit mp = 1;
     sp_digit n;
     int i;
@@ -2828,7 +2828,7 @@ static int sp_2048_mod_exp_90(sp_digit* r, const sp_digit* a, const sp_digit* e,
 #ifdef WOLFSSL_SP_SMALL
     sp_digit* td;
     sp_digit* t[3];
-    sp_digit* norm;
+    sp_digit* norm = NULL;
     sp_digit mp = 1;
     sp_digit n;
     int i;
@@ -3226,7 +3226,7 @@ int sp_RsaPublic_2048(const byte* in, word32 inLen, mp_int* em, mp_int* mm,
 #else
         e[0] = (sp_digit)em->dp[0];
         if (em->used > 1) {
-            e[0] |= ((sp_digit)em->dp[1]) << DIGIT_BIT;
+            e[0] |= ((sp_int_digit)em->dp[1]) << DIGIT_BIT;
         }
 #endif
         if (e[0] == 0) {
@@ -3327,7 +3327,7 @@ int sp_RsaPublic_2048(const byte* in, word32 inLen, mp_int* em, mp_int* mm,
 #else
         e[0] = (sp_digit)em->dp[0];
         if (em->used > 1) {
-            e[0] |= ((sp_digit)em->dp[1]) << DIGIT_BIT;
+            e[0] |= ((sp_int_digit)em->dp[1]) << DIGIT_BIT;
         }
 #endif
         if (e[0] == 0) {
@@ -3799,13 +3799,13 @@ int sp_ModExp_2048(mp_int* base, mp_int* exp, mp_int* mod, mp_int* res)
     return err;
 #else
 #ifndef WOLFSSL_SMALL_STACK
-    sp_digit bd[180], ed[90], md[90];
+    sp_digit b[180], e[90], m[90];
 #else
     sp_digit* d = NULL;
-#endif
     sp_digit* b;
     sp_digit* e;
     sp_digit* m;
+#endif
     sp_digit* r;
     int err = MP_OKAY;
     int expBits = mp_count_bits(exp);
@@ -3832,20 +3832,16 @@ int sp_ModExp_2048(mp_int* base, mp_int* exp, mp_int* mod, mp_int* res)
         if (d == NULL)
             err = MEMORY_E;
     }
+#endif
 
     if (err == MP_OKAY) {
+#ifdef WOLFSSL_SMALL_STACK
         b = d;
         e = b + 90 * 2;
         m = e + 90;
-        r = b;
-    }
-#else
-    r = b = bd;
-    e = ed;
-    m = md;
 #endif
+        r = b;
 
-    if (err == MP_OKAY) {
         sp_2048_from_mp(b, 90, base);
         sp_2048_from_mp(e, 90, exp);
         sp_2048_from_mp(m, 90, mod);
@@ -4081,13 +4077,13 @@ SP_NOINLINE static void sp_2048_lshift_90(sp_digit* r, sp_digit* a, byte n)
 static int sp_2048_mod_exp_2_90(sp_digit* r, const sp_digit* e, int bits, const sp_digit* m)
 {
 #ifndef WOLFSSL_SMALL_STACK
-    sp_digit nd[180];
-    sp_digit td[91];
+    sp_digit norm[180];
+    sp_digit tmp[91];
 #else
     sp_digit* td;
-#endif
     sp_digit* norm;
     sp_digit* tmp;
+#endif
     sp_digit mp = 1;
     sp_digit n, o;
     int i;
@@ -4106,11 +4102,6 @@ static int sp_2048_mod_exp_2_90(sp_digit* r, const sp_digit* e, int bits, const
 #ifdef WOLFSSL_SMALL_STACK
         norm = td;
         tmp  = td + 180;
-        XMEMSET(td, 0, sizeof(sp_digit) * 271);
-#else
-        norm = nd;
-        tmp  = td;
-        XMEMSET(td, 0, sizeof(td));
 #endif
 
         sp_2048_mont_setup(m, &mp);
@@ -4416,13 +4407,13 @@ int sp_ModExp_1024(mp_int* base, mp_int* exp, mp_int* mod, mp_int* res)
     return err;
 #else
 #ifndef WOLFSSL_SMALL_STACK
-    sp_digit bd[90], ed[45], md[45];
+    sp_digit b[90], e[45], m[45];
 #else
     sp_digit* d = NULL;
-#endif
     sp_digit* b;
     sp_digit* e;
     sp_digit* m;
+#endif
     sp_digit* r;
     int err = MP_OKAY;
     int expBits = mp_count_bits(exp);
@@ -4449,20 +4440,16 @@ int sp_ModExp_1024(mp_int* base, mp_int* exp, mp_int* mod, mp_int* res)
         if (d == NULL)
             err = MEMORY_E;
     }
+#endif
 
     if (err == MP_OKAY) {
+#ifdef WOLFSSL_SMALL_STACK
         b = d;
         e = b + 45 * 2;
         m = e + 45;
-        r = b;
-    }
-#else
-    r = b = bd;
-    e = ed;
-    m = md;
 #endif
+        r = b;
 
-    if (err == MP_OKAY) {
         sp_2048_from_mp(b, 45, base);
         sp_2048_from_mp(e, 45, exp);
         sp_2048_from_mp(m, 45, mod);
@@ -5733,7 +5720,7 @@ static int sp_3072_mod_exp_67(sp_digit* r, const sp_digit* a, const sp_digit* e,
 #ifdef WOLFSSL_SP_SMALL
     sp_digit* td;
     sp_digit* t[3];
-    sp_digit* norm;
+    sp_digit* norm = NULL;
     sp_digit mp = 1;
     sp_digit n;
     int i;
@@ -6701,7 +6688,7 @@ static int sp_3072_mod_exp_134(sp_digit* r, const sp_digit* a, const sp_digit* e
 #ifdef WOLFSSL_SP_SMALL
     sp_digit* td;
     sp_digit* t[3];
-    sp_digit* norm;
+    sp_digit* norm = NULL;
     sp_digit mp = 1;
     sp_digit n;
     int i;
@@ -7097,7 +7084,7 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, mp_int* em, mp_int* mm,
 #else
         e[0] = (sp_digit)em->dp[0];
         if (em->used > 1) {
-            e[0] |= ((sp_digit)em->dp[1]) << DIGIT_BIT;
+            e[0] |= ((sp_int_digit)em->dp[1]) << DIGIT_BIT;
         }
 #endif
         if (e[0] == 0) {
@@ -7198,7 +7185,7 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, mp_int* em, mp_int* mm,
 #else
         e[0] = (sp_digit)em->dp[0];
         if (em->used > 1) {
-            e[0] |= ((sp_digit)em->dp[1]) << DIGIT_BIT;
+            e[0] |= ((sp_int_digit)em->dp[1]) << DIGIT_BIT;
         }
 #endif
         if (e[0] == 0) {
@@ -7670,13 +7657,13 @@ int sp_ModExp_3072(mp_int* base, mp_int* exp, mp_int* mod, mp_int* res)
     return err;
 #else
 #ifndef WOLFSSL_SMALL_STACK
-    sp_digit bd[268], ed[134], md[134];
+    sp_digit b[268], e[134], m[134];
 #else
     sp_digit* d = NULL;
-#endif
     sp_digit* b;
     sp_digit* e;
     sp_digit* m;
+#endif
     sp_digit* r;
     int err = MP_OKAY;
     int expBits = mp_count_bits(exp);
@@ -7703,20 +7690,16 @@ int sp_ModExp_3072(mp_int* base, mp_int* exp, mp_int* mod, mp_int* res)
         if (d == NULL)
             err = MEMORY_E;
     }
+#endif
 
     if (err == MP_OKAY) {
+#ifdef WOLFSSL_SMALL_STACK
         b = d;
         e = b + 134 * 2;
         m = e + 134;
-        r = b;
-    }
-#else
-    r = b = bd;
-    e = ed;
-    m = md;
 #endif
+        r = b;
 
-    if (err == MP_OKAY) {
         sp_3072_from_mp(b, 134, base);
         sp_3072_from_mp(e, 134, exp);
         sp_3072_from_mp(m, 134, mod);
@@ -8040,13 +8023,13 @@ SP_NOINLINE static void sp_3072_lshift_134(sp_digit* r, sp_digit* a, byte n)
 static int sp_3072_mod_exp_2_134(sp_digit* r, const sp_digit* e, int bits, const sp_digit* m)
 {
 #ifndef WOLFSSL_SMALL_STACK
-    sp_digit nd[268];
-    sp_digit td[135];
+    sp_digit norm[268];
+    sp_digit tmp[135];
 #else
     sp_digit* td;
-#endif
     sp_digit* norm;
     sp_digit* tmp;
+#endif
     sp_digit mp = 1;
     sp_digit n, o;
     int i;
@@ -8065,11 +8048,6 @@ static int sp_3072_mod_exp_2_134(sp_digit* r, const sp_digit* e, int bits, const
 #ifdef WOLFSSL_SMALL_STACK
         norm = td;
         tmp  = td + 268;
-        XMEMSET(td, 0, sizeof(sp_digit) * 403);
-#else
-        norm = nd;
-        tmp  = td;
-        XMEMSET(td, 0, sizeof(td));
 #endif
 
         sp_3072_mont_setup(m, &mp);
@@ -8375,13 +8353,13 @@ int sp_ModExp_1536(mp_int* base, mp_int* exp, mp_int* mod, mp_int* res)
     return err;
 #else
 #ifndef WOLFSSL_SMALL_STACK
-    sp_digit bd[134], ed[67], md[67];
+    sp_digit b[134], e[67], m[67];
 #else
     sp_digit* d = NULL;
-#endif
     sp_digit* b;
     sp_digit* e;
     sp_digit* m;
+#endif
     sp_digit* r;
     int err = MP_OKAY;
     int expBits = mp_count_bits(exp);
@@ -8408,20 +8386,16 @@ int sp_ModExp_1536(mp_int* base, mp_int* exp, mp_int* mod, mp_int* res)
         if (d == NULL)
             err = MEMORY_E;
     }
+#endif
 
     if (err == MP_OKAY) {
+#ifdef WOLFSSL_SMALL_STACK
         b = d;
         e = b + 67 * 2;
         m = e + 67;
-        r = b;
-    }
-#else
-    r = b = bd;
-    e = ed;
-    m = md;
 #endif
+        r = b;
 
-    if (err == MP_OKAY) {
         sp_3072_from_mp(b, 67, base);
         sp_3072_from_mp(e, 67, exp);
         sp_3072_from_mp(m, 67, mod);
@@ -9788,7 +9762,7 @@ static int sp_4096_mod_exp_98(sp_digit* r, const sp_digit* a, const sp_digit* e,
 #ifdef WOLFSSL_SP_SMALL
     sp_digit* td;
     sp_digit* t[3];
-    sp_digit* norm;
+    sp_digit* norm = NULL;
     sp_digit mp = 1;
     sp_digit n;
     int i;
@@ -10732,7 +10706,7 @@ static int sp_4096_mod_exp_196(sp_digit* r, const sp_digit* a, const sp_digit* e
 #ifdef WOLFSSL_SP_SMALL
     sp_digit* td;
     sp_digit* t[3];
-    sp_digit* norm;
+    sp_digit* norm = NULL;
     sp_digit mp = 1;
     sp_digit n;
     int i;
@@ -11127,7 +11101,7 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, mp_int* em, mp_int* mm,
 #else
         e[0] = (sp_digit)em->dp[0];
         if (em->used > 1) {
-            e[0] |= ((sp_digit)em->dp[1]) << DIGIT_BIT;
+            e[0] |= ((sp_int_digit)em->dp[1]) << DIGIT_BIT;
         }
 #endif
         if (e[0] == 0) {
@@ -11228,7 +11202,7 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, mp_int* em, mp_int* mm,
 #else
         e[0] = (sp_digit)em->dp[0];
         if (em->used > 1) {
-            e[0] |= ((sp_digit)em->dp[1]) << DIGIT_BIT;
+            e[0] |= ((sp_int_digit)em->dp[1]) << DIGIT_BIT;
         }
 #endif
         if (e[0] == 0) {
@@ -11700,13 +11674,13 @@ int sp_ModExp_4096(mp_int* base, mp_int* exp, mp_int* mod, mp_int* res)
     return err;
 #else
 #ifndef WOLFSSL_SMALL_STACK
-    sp_digit bd[392], ed[196], md[196];
+    sp_digit b[392], e[196], m[196];
 #else
     sp_digit* d = NULL;
-#endif
     sp_digit* b;
     sp_digit* e;
     sp_digit* m;
+#endif
     sp_digit* r;
     int err = MP_OKAY;
     int expBits = mp_count_bits(exp);
@@ -11733,20 +11707,16 @@ int sp_ModExp_4096(mp_int* base, mp_int* exp, mp_int* mod, mp_int* res)
         if (d == NULL)
             err = MEMORY_E;
     }
+#endif
 
     if (err == MP_OKAY) {
+#ifdef WOLFSSL_SMALL_STACK
         b = d;
         e = b + 196 * 2;
         m = e + 196;
-        r = b;
-    }
-#else
-    r = b = bd;
-    e = ed;
-    m = md;
 #endif
+        r = b;
 
-    if (err == MP_OKAY) {
         sp_4096_from_mp(b, 196, base);
         sp_4096_from_mp(e, 196, exp);
         sp_4096_from_mp(m, 196, mod);
@@ -12194,13 +12164,13 @@ SP_NOINLINE static void sp_4096_lshift_196(sp_digit* r, sp_digit* a, byte n)
 static int sp_4096_mod_exp_2_196(sp_digit* r, const sp_digit* e, int bits, const sp_digit* m)
 {
 #ifndef WOLFSSL_SMALL_STACK
-    sp_digit nd[392];
-    sp_digit td[197];
+    sp_digit norm[392];
+    sp_digit tmp[197];
 #else
     sp_digit* td;
-#endif
     sp_digit* norm;
     sp_digit* tmp;
+#endif
     sp_digit mp = 1;
     sp_digit n, o;
     int i;
@@ -12219,11 +12189,6 @@ static int sp_4096_mod_exp_2_196(sp_digit* r, const sp_digit* e, int bits, const
 #ifdef WOLFSSL_SMALL_STACK
         norm = td;
         tmp  = td + 392;
-        XMEMSET(td, 0, sizeof(sp_digit) * 589);
-#else
-        norm = nd;
-        tmp  = td;
-        XMEMSET(td, 0, sizeof(td));
 #endif
 
         sp_4096_mont_setup(m, &mp);
@@ -12543,16 +12508,18 @@ static const sp_digit p256_b[10] = {
 static int sp_ecc_point_new_ex(void* heap, sp_point* sp, sp_point** p)
 {
     int ret = MP_OKAY;
-    (void)heap;
-#if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
-    (void)sp;
-    *p = (sp_point*)XMALLOC(sizeof(sp_point), heap, DYNAMIC_TYPE_ECC);
-#else
-    *p = sp;
-#endif
     if (p == NULL) {
         ret = MEMORY_E;
     }
+    else {
+    #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
+        *p = (sp_point*)XMALLOC(sizeof(sp_point), heap, DYNAMIC_TYPE_ECC);
+        (void)sp;
+    #else
+        *p = sp;
+        (void)heap;
+    #endif
+    }
     return ret;
 }
 
@@ -12622,30 +12589,30 @@ static int sp_256_mod_mul_norm_10(sp_digit* r, const sp_digit* a, const sp_digit
         a32 = a32d;
 #endif
 
-        a32[0] = a[0];
-        a32[0] |= a[1] << 26U;
+        a32[0] = (sp_int_digit)a[0];
+        a32[0] |= (sp_int_digit)a[1] << 26U;
         a32[0] &= 0xffffffffL;
         a32[1] = (sp_digit)(a[1] >> 6);
-        a32[1] |= a[2] << 20U;
+        a32[1] |= (sp_int_digit)a[2] << 20U;
         a32[1] &= 0xffffffffL;
         a32[2] = (sp_digit)(a[2] >> 12);
-        a32[2] |= a[3] << 14U;
+        a32[2] |= (sp_int_digit)a[3] << 14U;
         a32[2] &= 0xffffffffL;
         a32[3] = (sp_digit)(a[3] >> 18);
-        a32[3] |= a[4] << 8U;
+        a32[3] |= (sp_int_digit)a[4] << 8U;
         a32[3] &= 0xffffffffL;
         a32[4] = (sp_digit)(a[4] >> 24);
-        a32[4] |= a[5] << 2U;
-        a32[4] |= a[6] << 28U;
+        a32[4] |= (sp_int_digit)a[5] << 2U;
+        a32[4] |= (sp_int_digit)a[6] << 28U;
         a32[4] &= 0xffffffffL;
         a32[5] = (sp_digit)(a[6] >> 4);
-        a32[5] |= a[7] << 22U;
+        a32[5] |= (sp_int_digit)a[7] << 22U;
         a32[5] &= 0xffffffffL;
         a32[6] = (sp_digit)(a[7] >> 10);
-        a32[6] |= a[8] << 16U;
+        a32[6] |= (sp_int_digit)a[8] << 16U;
         a32[6] &= 0xffffffffL;
         a32[7] = (sp_digit)(a[8] >> 16);
-        a32[7] |= a[9] << 10U;
+        a32[7] |= (sp_int_digit)a[9] << 10U;
         a32[7] &= 0xffffffffL;
 
         /*  1  1  0 -1 -1 -1 -1  0 */
@@ -12687,26 +12654,26 @@ static int sp_256_mod_mul_norm_10(sp_digit* r, const sp_digit* a, const sp_digit
 
         r[0] = (sp_digit)(t[0]) & 0x3ffffffL;
         r[1] = (sp_digit)(t[0] >> 26U);
-        r[1] |= t[1] << 6U;
+        r[1] |= (sp_int_digit)t[1] << 6U;
         r[1] &= 0x3ffffffL;
         r[2] = (sp_digit)(t[1] >> 20U);
-        r[2] |= t[2] << 12U;
+        r[2] |= (sp_int_digit)t[2] << 12U;
         r[2] &= 0x3ffffffL;
         r[3] = (sp_digit)(t[2] >> 14U);
-        r[3] |= t[3] << 18U;
+        r[3] |= (sp_int_digit)t[3] << 18U;
         r[3] &= 0x3ffffffL;
         r[4] = (sp_digit)(t[3] >> 8U);
-        r[4] |= t[4] << 24U;
+        r[4] |= (sp_int_digit)t[4] << 24U;
         r[4] &= 0x3ffffffL;
         r[5] = (sp_digit)(t[4] >> 2U) & 0x3ffffffL;
         r[6] = (sp_digit)(t[4] >> 28U);
-        r[6] |= t[5] << 4U;
+        r[6] |= (sp_int_digit)t[5] << 4U;
         r[6] &= 0x3ffffffL;
         r[7] = (sp_digit)(t[5] >> 22U);
-        r[7] |= t[6] << 10U;
+        r[7] |= (sp_int_digit)t[6] << 10U;
         r[7] &= 0x3ffffffL;
         r[8] = (sp_digit)(t[6] >> 16U);
-        r[8] |= t[7] << 16U;
+        r[8] |= (sp_int_digit)t[7] << 16U;
         r[8] &= 0x3ffffffL;
         r[9] = (sp_digit)(t[7] >> 10U);
     }
@@ -14842,11 +14809,12 @@ int sp_ecc_mulmod_256(mp_int* km, ecc_point* gm, ecc_point* r, int map,
 {
 #if !defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)
     sp_point p;
-    sp_digit kd[10];
+    sp_digit k[10];
+#else
+    sp_digit* k = NULL;
 #endif
     sp_point* point;
-    sp_digit* k = NULL;
-    int err = MP_OKAY;
+    int err;
 
     err = sp_ecc_point_new(heap, p, point);
 #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
@@ -14856,8 +14824,6 @@ int sp_ecc_mulmod_256(mp_int* km, ecc_point* gm, ecc_point* r, int map,
         if (k == NULL)
             err = MEMORY_E;
     }
-#else
-    k = kd;
 #endif
     if (err == MP_OKAY) {
         sp_256_from_mp(k, 10, km);
@@ -16209,11 +16175,12 @@ int sp_ecc_mulmod_base_256(mp_int* km, ecc_point* r, int map, void* heap)
 {
 #if !defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)
     sp_point p;
-    sp_digit kd[10];
+    sp_digit k[10];
+#else
+    sp_digit* k = NULL;
 #endif
     sp_point* point;
-    sp_digit* k = NULL;
-    int err = MP_OKAY;
+    int err;
 
     err = sp_ecc_point_new(heap, p, point);
 #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
@@ -16224,8 +16191,6 @@ int sp_ecc_mulmod_base_256(mp_int* km, ecc_point* r, int map, void* heap)
             err = MEMORY_E;
         }
     }
-#else
-    k = kd;
 #endif
     if (err == MP_OKAY) {
         sp_256_from_mp(k, 10, km);
@@ -16346,13 +16311,14 @@ int sp_ecc_make_key_256(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap)
 {
 #if !defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)
     sp_point p;
-    sp_digit kd[10];
+    sp_digit k[10];
 #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
     sp_point inf;
 #endif
+#else
+    sp_digit* k = NULL;
 #endif
     sp_point* point;
-    sp_digit* k = NULL;
 #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
     sp_point* infinity;
 #endif
@@ -16374,8 +16340,6 @@ int sp_ecc_make_key_256(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap)
             err = MEMORY_E;
         }
     }
-#else
-    k = kd;
 #endif
 
     if (err == MP_OKAY) {
@@ -16473,10 +16437,11 @@ int sp_ecc_secret_gen_256(mp_int* priv, ecc_point* pub, byte* out,
 {
 #if !defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)
     sp_point p;
-    sp_digit kd[10];
+    sp_digit k[10];
+#else
+    sp_digit* k = NULL;
 #endif
     sp_point* point = NULL;
-    sp_digit* k = NULL;
     int err = MP_OKAY;
 
     if (*outLen < 32U) {
@@ -16493,8 +16458,6 @@ int sp_ecc_secret_gen_256(mp_int* priv, ecc_point* pub, byte* out,
         if (k == NULL)
             err = MEMORY_E;
     }
-#else
-    k = kd;
 #endif
 
     if (err == MP_OKAY) {
@@ -16930,7 +16893,7 @@ int sp_ecc_sign_256(const byte* hash, word32 hashLen, WC_RNG* rng, mp_int* priv,
     sp_digit carry;
     sp_digit* s = NULL;
     sp_digit* kInv = NULL;
-    int err = MP_OKAY;
+    int err;
     int32_t c;
     int i;
 
@@ -17240,7 +17203,7 @@ int sp_ecc_verify_256(const byte* hash, word32 hashLen, mp_int* pX,
 static int sp_256_ecc_is_point_10(sp_point* point, void* heap)
 {
 #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
-    sp_digit* d = NULL;
+    sp_digit* d;
 #else
     sp_digit t1d[2*10];
     sp_digit t2d[2*10];

wolfcrypt/src/sp_c64.c

@@ -1544,7 +1544,7 @@ static int sp_2048_mod_exp_18(sp_digit* r, const sp_digit* a, const sp_digit* e,
 #ifdef WOLFSSL_SP_SMALL
     sp_digit* td;
     sp_digit* t[3];
-    sp_digit* norm;
+    sp_digit* norm = NULL;
     sp_digit mp = 1;
     sp_digit n;
     int i;
@@ -2468,7 +2468,7 @@ static int sp_2048_mod_exp_36(sp_digit* r, const sp_digit* a, const sp_digit* e,
 #ifdef WOLFSSL_SP_SMALL
     sp_digit* td;
     sp_digit* t[3];
-    sp_digit* norm;
+    sp_digit* norm = NULL;
     sp_digit mp = 1;
     sp_digit n;
     int i;
@@ -2863,7 +2863,7 @@ int sp_RsaPublic_2048(const byte* in, word32 inLen, mp_int* em, mp_int* mm,
 #else
         e[0] = (sp_digit)em->dp[0];
         if (em->used > 1) {
-            e[0] |= ((sp_digit)em->dp[1]) << DIGIT_BIT;
+            e[0] |= ((sp_int_digit)em->dp[1]) << DIGIT_BIT;
         }
 #endif
         if (e[0] == 0) {
@@ -2964,7 +2964,7 @@ int sp_RsaPublic_2048(const byte* in, word32 inLen, mp_int* em, mp_int* mm,
 #else
         e[0] = (sp_digit)em->dp[0];
         if (em->used > 1) {
-            e[0] |= ((sp_digit)em->dp[1]) << DIGIT_BIT;
+            e[0] |= ((sp_int_digit)em->dp[1]) << DIGIT_BIT;
         }
 #endif
         if (e[0] == 0) {
@@ -3436,13 +3436,13 @@ int sp_ModExp_2048(mp_int* base, mp_int* exp, mp_int* mod, mp_int* res)
     return err;
 #else
 #ifndef WOLFSSL_SMALL_STACK
-    sp_digit bd[72], ed[36], md[36];
+    sp_digit b[72], e[36], m[36];
 #else
     sp_digit* d = NULL;
-#endif
     sp_digit* b;
     sp_digit* e;
     sp_digit* m;
+#endif
     sp_digit* r;
     int err = MP_OKAY;
     int expBits = mp_count_bits(exp);
@@ -3469,20 +3469,16 @@ int sp_ModExp_2048(mp_int* base, mp_int* exp, mp_int* mod, mp_int* res)
         if (d == NULL)
             err = MEMORY_E;
     }
+#endif
 
     if (err == MP_OKAY) {
+#ifdef WOLFSSL_SMALL_STACK
         b = d;
         e = b + 36 * 2;
         m = e + 36;
-        r = b;
-    }
-#else
-    r = b = bd;
-    e = ed;
-    m = md;
 #endif
+        r = b;
 
-    if (err == MP_OKAY) {
         sp_2048_from_mp(b, 36, base);
         sp_2048_from_mp(e, 36, exp);
         sp_2048_from_mp(m, 36, mod);
@@ -3610,13 +3606,13 @@ SP_NOINLINE static void sp_2048_lshift_36(sp_digit* r, sp_digit* a, byte n)
 static int sp_2048_mod_exp_2_36(sp_digit* r, const sp_digit* e, int bits, const sp_digit* m)
 {
 #ifndef WOLFSSL_SMALL_STACK
-    sp_digit nd[72];
-    sp_digit td[37];
+    sp_digit norm[72];
+    sp_digit tmp[37];
 #else
     sp_digit* td;
-#endif
     sp_digit* norm;
     sp_digit* tmp;
+#endif
     sp_digit mp = 1;
     sp_digit n, o;
     int i;
@@ -3635,11 +3631,6 @@ static int sp_2048_mod_exp_2_36(sp_digit* r, const sp_digit* e, int bits, const
 #ifdef WOLFSSL_SMALL_STACK
         norm = td;
         tmp  = td + 72;
-        XMEMSET(td, 0, sizeof(sp_digit) * 109);
-#else
-        norm = nd;
-        tmp  = td;
-        XMEMSET(td, 0, sizeof(td));
 #endif
 
         sp_2048_mont_setup(m, &mp);
@@ -3946,13 +3937,13 @@ int sp_ModExp_1024(mp_int* base, mp_int* exp, mp_int* mod, mp_int* res)
     return err;
 #else
 #ifndef WOLFSSL_SMALL_STACK
-    sp_digit bd[36], ed[18], md[18];
+    sp_digit b[36], e[18], m[18];
 #else
     sp_digit* d = NULL;
-#endif
     sp_digit* b;
     sp_digit* e;
     sp_digit* m;
+#endif
     sp_digit* r;
     int err = MP_OKAY;
     int expBits = mp_count_bits(exp);
@@ -3979,20 +3970,16 @@ int sp_ModExp_1024(mp_int* base, mp_int* exp, mp_int* mod, mp_int* res)
         if (d == NULL)
             err = MEMORY_E;
     }
+#endif
 
     if (err == MP_OKAY) {
+#ifdef WOLFSSL_SMALL_STACK
         b = d;
         e = b + 18 * 2;
         m = e + 18;
-        r = b;
-    }
-#else
-    r = b = bd;
-    e = ed;
-    m = md;
 #endif
+        r = b;
 
-    if (err == MP_OKAY) {
         sp_2048_from_mp(b, 18, base);
         sp_2048_from_mp(e, 18, exp);
         sp_2048_from_mp(m, 18, mod);
@@ -5718,7 +5705,7 @@ static int sp_3072_mod_exp_27(sp_digit* r, const sp_digit* a, const sp_digit* e,
 #ifdef WOLFSSL_SP_SMALL
     sp_digit* td;
     sp_digit* t[3];
-    sp_digit* norm;
+    sp_digit* norm = NULL;
     sp_digit mp = 1;
     sp_digit n;
     int i;
@@ -6612,7 +6599,7 @@ static int sp_3072_mod_exp_54(sp_digit* r, const sp_digit* a, const sp_digit* e,
 #ifdef WOLFSSL_SP_SMALL
     sp_digit* td;
     sp_digit* t[3];
-    sp_digit* norm;
+    sp_digit* norm = NULL;
     sp_digit mp = 1;
     sp_digit n;
     int i;
@@ -7008,7 +6995,7 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, mp_int* em, mp_int* mm,
 #else
         e[0] = (sp_digit)em->dp[0];
         if (em->used > 1) {
-            e[0] |= ((sp_digit)em->dp[1]) << DIGIT_BIT;
+            e[0] |= ((sp_int_digit)em->dp[1]) << DIGIT_BIT;
         }
 #endif
         if (e[0] == 0) {
@@ -7109,7 +7096,7 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, mp_int* em, mp_int* mm,
 #else
         e[0] = (sp_digit)em->dp[0];
         if (em->used > 1) {
-            e[0] |= ((sp_digit)em->dp[1]) << DIGIT_BIT;
+            e[0] |= ((sp_int_digit)em->dp[1]) << DIGIT_BIT;
         }
 #endif
         if (e[0] == 0) {
@@ -7581,13 +7568,13 @@ int sp_ModExp_3072(mp_int* base, mp_int* exp, mp_int* mod, mp_int* res)
     return err;
 #else
 #ifndef WOLFSSL_SMALL_STACK
-    sp_digit bd[108], ed[54], md[54];
+    sp_digit b[108], e[54], m[54];
 #else
     sp_digit* d = NULL;
-#endif
     sp_digit* b;
     sp_digit* e;
     sp_digit* m;
+#endif
     sp_digit* r;
     int err = MP_OKAY;
     int expBits = mp_count_bits(exp);
@@ -7614,20 +7601,16 @@ int sp_ModExp_3072(mp_int* base, mp_int* exp, mp_int* mod, mp_int* res)
         if (d == NULL)
             err = MEMORY_E;
     }
+#endif
 
     if (err == MP_OKAY) {
+#ifdef WOLFSSL_SMALL_STACK
         b = d;
         e = b + 54 * 2;
         m = e + 54;
-        r = b;
-    }
-#else
-    r = b = bd;
-    e = ed;
-    m = md;
 #endif
+        r = b;
 
-    if (err == MP_OKAY) {
         sp_3072_from_mp(b, 54, base);
         sp_3072_from_mp(e, 54, exp);
         sp_3072_from_mp(m, 54, mod);
@@ -7791,13 +7774,13 @@ SP_NOINLINE static void sp_3072_lshift_54(sp_digit* r, sp_digit* a, byte n)
 static int sp_3072_mod_exp_2_54(sp_digit* r, const sp_digit* e, int bits, const sp_digit* m)
 {
 #ifndef WOLFSSL_SMALL_STACK
-    sp_digit nd[108];
-    sp_digit td[55];
+    sp_digit norm[108];
+    sp_digit tmp[55];
 #else
     sp_digit* td;
-#endif
     sp_digit* norm;
     sp_digit* tmp;
+#endif
     sp_digit mp = 1;
     sp_digit n, o;
     int i;
@@ -7816,11 +7799,6 @@ static int sp_3072_mod_exp_2_54(sp_digit* r, const sp_digit* e, int bits, const
 #ifdef WOLFSSL_SMALL_STACK
         norm = td;
         tmp  = td + 108;
-        XMEMSET(td, 0, sizeof(sp_digit) * 163);
-#else
-        norm = nd;
-        tmp  = td;
-        XMEMSET(td, 0, sizeof(td));
 #endif
 
         sp_3072_mont_setup(m, &mp);
@@ -8127,13 +8105,13 @@ int sp_ModExp_1536(mp_int* base, mp_int* exp, mp_int* mod, mp_int* res)
     return err;
 #else
 #ifndef WOLFSSL_SMALL_STACK
-    sp_digit bd[54], ed[27], md[27];
+    sp_digit b[54], e[27], m[27];
 #else
     sp_digit* d = NULL;
-#endif
     sp_digit* b;
     sp_digit* e;
     sp_digit* m;
+#endif
     sp_digit* r;
     int err = MP_OKAY;
     int expBits = mp_count_bits(exp);
@@ -8160,20 +8138,16 @@ int sp_ModExp_1536(mp_int* base, mp_int* exp, mp_int* mod, mp_int* res)
         if (d == NULL)
             err = MEMORY_E;
     }
+#endif
 
     if (err == MP_OKAY) {
+#ifdef WOLFSSL_SMALL_STACK
         b = d;
         e = b + 27 * 2;
         m = e + 27;
-        r = b;
-    }
-#else
-    r = b = bd;
-    e = ed;
-    m = md;
 #endif
+        r = b;
 
-    if (err == MP_OKAY) {
         sp_3072_from_mp(b, 27, base);
         sp_3072_from_mp(e, 27, exp);
         sp_3072_from_mp(m, 27, mod);
@@ -10006,7 +9980,7 @@ static int sp_4096_mod_exp_39(sp_digit* r, const sp_digit* a, const sp_digit* e,
 #ifdef WOLFSSL_SP_SMALL
     sp_digit* td;
     sp_digit* t[3];
-    sp_digit* norm;
+    sp_digit* norm = NULL;
     sp_digit mp = 1;
     sp_digit n;
     int i;
@@ -10998,7 +10972,7 @@ static int sp_4096_mod_exp_78(sp_digit* r, const sp_digit* a, const sp_digit* e,
 #ifdef WOLFSSL_SP_SMALL
     sp_digit* td;
     sp_digit* t[3];
-    sp_digit* norm;
+    sp_digit* norm = NULL;
     sp_digit mp = 1;
     sp_digit n;
     int i;
@@ -11398,7 +11372,7 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, mp_int* em, mp_int* mm,
 #else
         e[0] = (sp_digit)em->dp[0];
         if (em->used > 1) {
-            e[0] |= ((sp_digit)em->dp[1]) << DIGIT_BIT;
+            e[0] |= ((sp_int_digit)em->dp[1]) << DIGIT_BIT;
         }
 #endif
         if (e[0] == 0) {
@@ -11499,7 +11473,7 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, mp_int* em, mp_int* mm,
 #else
         e[0] = (sp_digit)em->dp[0];
         if (em->used > 1) {
-            e[0] |= ((sp_digit)em->dp[1]) << DIGIT_BIT;
+            e[0] |= ((sp_int_digit)em->dp[1]) << DIGIT_BIT;
         }
 #endif
         if (e[0] == 0) {
@@ -11971,13 +11945,13 @@ int sp_ModExp_4096(mp_int* base, mp_int* exp, mp_int* mod, mp_int* res)
     return err;
 #else
 #ifndef WOLFSSL_SMALL_STACK
-    sp_digit bd[156], ed[78], md[78];
+    sp_digit b[156], e[78], m[78];
 #else
     sp_digit* d = NULL;
-#endif
     sp_digit* b;
     sp_digit* e;
     sp_digit* m;
+#endif
     sp_digit* r;
     int err = MP_OKAY;
     int expBits = mp_count_bits(exp);
@@ -12004,20 +11978,16 @@ int sp_ModExp_4096(mp_int* base, mp_int* exp, mp_int* mod, mp_int* res)
         if (d == NULL)
             err = MEMORY_E;
     }
+#endif
 
     if (err == MP_OKAY) {
+#ifdef WOLFSSL_SMALL_STACK
         b = d;
         e = b + 78 * 2;
         m = e + 78;
-        r = b;
-    }
-#else
-    r = b = bd;
-    e = ed;
-    m = md;
 #endif
+        r = b;
 
-    if (err == MP_OKAY) {
         sp_4096_from_mp(b, 78, base);
         sp_4096_from_mp(e, 78, exp);
         sp_4096_from_mp(m, 78, mod);
@@ -12229,13 +12199,13 @@ SP_NOINLINE static void sp_4096_lshift_78(sp_digit* r, sp_digit* a, byte n)
 static int sp_4096_mod_exp_2_78(sp_digit* r, const sp_digit* e, int bits, const sp_digit* m)
 {
 #ifndef WOLFSSL_SMALL_STACK
-    sp_digit nd[156];
-    sp_digit td[79];
+    sp_digit norm[156];
+    sp_digit tmp[79];
 #else
     sp_digit* td;
-#endif
     sp_digit* norm;
     sp_digit* tmp;
+#endif
     sp_digit mp = 1;
     sp_digit n, o;
     int i;
@@ -12254,11 +12224,6 @@ static int sp_4096_mod_exp_2_78(sp_digit* r, const sp_digit* e, int bits, const
 #ifdef WOLFSSL_SMALL_STACK
         norm = td;
         tmp  = td + 156;
-        XMEMSET(td, 0, sizeof(sp_digit) * 235);
-#else
-        norm = nd;
-        tmp  = td;
-        XMEMSET(td, 0, sizeof(td));
 #endif
 
         sp_4096_mont_setup(m, &mp);
@@ -12579,16 +12544,18 @@ static const sp_digit p256_b[5] = {
 static int sp_ecc_point_new_ex(void* heap, sp_point* sp, sp_point** p)
 {
     int ret = MP_OKAY;
-    (void)heap;
-#if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
-    (void)sp;
-    *p = (sp_point*)XMALLOC(sizeof(sp_point), heap, DYNAMIC_TYPE_ECC);
-#else
-    *p = sp;
-#endif
     if (p == NULL) {
         ret = MEMORY_E;
     }
+    else {
+    #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
+        *p = (sp_point*)XMALLOC(sizeof(sp_point), heap, DYNAMIC_TYPE_ECC);
+        (void)sp;
+    #else
+        *p = sp;
+        (void)heap;
+    #endif
+    }
     return ret;
 }
 
@@ -12660,18 +12627,18 @@ static int sp_256_mod_mul_norm_5(sp_digit* r, const sp_digit* a, const sp_digit*
 
         a32[0] = (sp_digit)(a[0]) & 0xffffffffL;
         a32[1] = (sp_digit)(a[0] >> 32U);
-        a32[1] |= a[1] << 20U;
+        a32[1] |= (sp_int_digit)a[1] << 20U;
         a32[1] &= 0xffffffffL;
         a32[2] = (sp_digit)(a[1] >> 12U) & 0xffffffffL;
         a32[3] = (sp_digit)(a[1] >> 44U);
-        a32[3] |= a[2] << 8U;
+        a32[3] |= (sp_int_digit)a[2] << 8U;
         a32[3] &= 0xffffffffL;
         a32[4] = (sp_digit)(a[2] >> 24U);
-        a32[4] |= a[3] << 28U;
+        a32[4] |= (sp_int_digit)a[3] << 28U;
         a32[4] &= 0xffffffffL;
         a32[5] = (sp_digit)(a[3] >> 4U) & 0xffffffffL;
         a32[6] = (sp_digit)(a[3] >> 36U);
-        a32[6] |= a[4] << 16U;
+        a32[6] |= (sp_int_digit)a[4] << 16U;
         a32[6] &= 0xffffffffL;
         a32[7] = (sp_digit)(a[4] >> 16U) & 0xffffffffL;
 
@@ -12712,22 +12679,22 @@ static int sp_256_mod_mul_norm_5(sp_digit* r, const sp_digit* a, const sp_digit*
         t[6] += t[5] >> 32U; t[5] &= 0xffffffffL;
         t[7] += t[6] >> 32U; t[6] &= 0xffffffffL;
 
-        r[0] = t[0];
-        r[0] |= t[1] << 32U;
+        r[0] = (sp_int_digit)t[0];
+        r[0] |= (sp_int_digit)t[1] << 32U;
         r[0] &= 0xfffffffffffffLL;
         r[1] = (sp_digit)(t[1] >> 20);
-        r[1] |= t[2] << 12U;
-        r[1] |= t[3] << 44U;
+        r[1] |= (sp_int_digit)t[2] << 12U;
+        r[1] |= (sp_int_digit)t[3] << 44U;
         r[1] &= 0xfffffffffffffLL;
         r[2] = (sp_digit)(t[3] >> 8);
-        r[2] |= t[4] << 24U;
+        r[2] |= (sp_int_digit)t[4] << 24U;
         r[2] &= 0xfffffffffffffLL;
         r[3] = (sp_digit)(t[4] >> 28);
-        r[3] |= t[5] << 4U;
-        r[3] |= t[6] << 36U;
+        r[3] |= (sp_int_digit)t[5] << 4U;
+        r[3] |= (sp_int_digit)t[6] << 36U;
         r[3] &= 0xfffffffffffffLL;
         r[4] = (sp_digit)(t[6] >> 16);
-        r[4] |= t[7] << 16U;
+        r[4] |= (sp_int_digit)t[7] << 16U;
     }
 
 #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
@@ -14664,11 +14631,12 @@ int sp_ecc_mulmod_256(mp_int* km, ecc_point* gm, ecc_point* r, int map,
 {
 #if !defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)
     sp_point p;
-    sp_digit kd[5];
+    sp_digit k[5];
+#else
+    sp_digit* k = NULL;
 #endif
     sp_point* point;
-    sp_digit* k = NULL;
-    int err = MP_OKAY;
+    int err;
 
     err = sp_ecc_point_new(heap, p, point);
 #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
@@ -14678,8 +14646,6 @@ int sp_ecc_mulmod_256(mp_int* km, ecc_point* gm, ecc_point* r, int map,
         if (k == NULL)
             err = MEMORY_E;
     }
-#else
-    k = kd;
 #endif
     if (err == MP_OKAY) {
         sp_256_from_mp(k, 5, km);
@@ -16031,11 +15997,12 @@ int sp_ecc_mulmod_base_256(mp_int* km, ecc_point* r, int map, void* heap)
 {
 #if !defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)
     sp_point p;
-    sp_digit kd[5];
+    sp_digit k[5];
+#else
+    sp_digit* k = NULL;
 #endif
     sp_point* point;
-    sp_digit* k = NULL;
-    int err = MP_OKAY;
+    int err;
 
     err = sp_ecc_point_new(heap, p, point);
 #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
@@ -16046,8 +16013,6 @@ int sp_ecc_mulmod_base_256(mp_int* km, ecc_point* r, int map, void* heap)
             err = MEMORY_E;
         }
     }
-#else
-    k = kd;
 #endif
     if (err == MP_OKAY) {
         sp_256_from_mp(k, 5, km);
@@ -16167,13 +16132,14 @@ int sp_ecc_make_key_256(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap)
 {
 #if !defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)
     sp_point p;
-    sp_digit kd[5];
+    sp_digit k[5];
 #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
     sp_point inf;
 #endif
+#else
+    sp_digit* k = NULL;
 #endif
     sp_point* point;
-    sp_digit* k = NULL;
 #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
     sp_point* infinity;
 #endif
@@ -16195,8 +16161,6 @@ int sp_ecc_make_key_256(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap)
             err = MEMORY_E;
         }
     }
-#else
-    k = kd;
 #endif
 
     if (err == MP_OKAY) {
@@ -16294,10 +16258,11 @@ int sp_ecc_secret_gen_256(mp_int* priv, ecc_point* pub, byte* out,
 {
 #if !defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)
     sp_point p;
-    sp_digit kd[5];
+    sp_digit k[5];
+#else
+    sp_digit* k = NULL;
 #endif
     sp_point* point = NULL;
-    sp_digit* k = NULL;
     int err = MP_OKAY;
 
     if (*outLen < 32U) {
@@ -16314,8 +16279,6 @@ int sp_ecc_secret_gen_256(mp_int* priv, ecc_point* pub, byte* out,
         if (k == NULL)
             err = MEMORY_E;
     }
-#else
-    k = kd;
 #endif
 
     if (err == MP_OKAY) {
@@ -16733,7 +16696,7 @@ int sp_ecc_sign_256(const byte* hash, word32 hashLen, WC_RNG* rng, mp_int* priv,
     sp_digit carry;
     sp_digit* s = NULL;
     sp_digit* kInv = NULL;
-    int err = MP_OKAY;
+    int err;
     int64_t c;
     int i;
 
@@ -17038,7 +17001,7 @@ int sp_ecc_verify_256(const byte* hash, word32 hashLen, mp_int* pX,
 static int sp_256_ecc_is_point_5(sp_point* point, void* heap)
 {
 #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
-    sp_digit* d = NULL;
+    sp_digit* d;
 #else
     sp_digit t1d[2*5];
     sp_digit t2d[2*5];

wolfcrypt/src/sp_cortexm.c

@@ -13456,16 +13456,18 @@ static const sp_digit p256_b[8] = {
 static int sp_ecc_point_new_ex(void* heap, sp_point* sp, sp_point** p)
 {
     int ret = MP_OKAY;
-    (void)heap;
-#if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
-    (void)sp;
-    *p = (sp_point*)XMALLOC(sizeof(sp_point), heap, DYNAMIC_TYPE_ECC);
-#else
-    *p = sp;
-#endif
     if (p == NULL) {
         ret = MEMORY_E;
     }
+    else {
+    #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
+        *p = (sp_point*)XMALLOC(sizeof(sp_point), heap, DYNAMIC_TYPE_ECC);
+        (void)sp;
+    #else
+        *p = sp;
+        (void)heap;
+    #endif
+    }
     return ret;
 }
 
@@ -16771,11 +16773,12 @@ int sp_ecc_mulmod_256(mp_int* km, ecc_point* gm, ecc_point* r, int map,
 {
 #if !defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)
     sp_point p;
-    sp_digit kd[8];
+    sp_digit k[8];
+#else
+    sp_digit* k = NULL;
 #endif
     sp_point* point;
-    sp_digit* k = NULL;
-    int err = MP_OKAY;
+    int err;
 
     err = sp_ecc_point_new(heap, p, point);
 #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
@@ -16785,8 +16788,6 @@ int sp_ecc_mulmod_256(mp_int* km, ecc_point* gm, ecc_point* r, int map,
         if (k == NULL)
             err = MEMORY_E;
     }
-#else
-    k = kd;
 #endif
     if (err == MP_OKAY) {
         sp_256_from_mp(k, 8, km);
@@ -18219,11 +18220,12 @@ int sp_ecc_mulmod_base_256(mp_int* km, ecc_point* r, int map, void* heap)
 {
 #if !defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)
     sp_point p;
-    sp_digit kd[8];
+    sp_digit k[8];
+#else
+    sp_digit* k = NULL;
 #endif
     sp_point* point;
-    sp_digit* k = NULL;
-    int err = MP_OKAY;
+    int err;
 
     err = sp_ecc_point_new(heap, p, point);
 #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
@@ -18234,8 +18236,6 @@ int sp_ecc_mulmod_base_256(mp_int* km, ecc_point* r, int map, void* heap)
             err = MEMORY_E;
         }
     }
-#else
-    k = kd;
 #endif
     if (err == MP_OKAY) {
         sp_256_from_mp(k, 8, km);
@@ -18383,13 +18383,14 @@ int sp_ecc_make_key_256(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap)
 {
 #if !defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)
     sp_point p;
-    sp_digit kd[8];
+    sp_digit k[8];
 #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
     sp_point inf;
 #endif
+#else
+    sp_digit* k = NULL;
 #endif
     sp_point* point;
-    sp_digit* k = NULL;
 #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
     sp_point* infinity;
 #endif
@@ -18411,8 +18412,6 @@ int sp_ecc_make_key_256(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap)
             err = MEMORY_E;
         }
     }
-#else
-    k = kd;
 #endif
 
     if (err == MP_OKAY) {
@@ -18506,10 +18505,11 @@ int sp_ecc_secret_gen_256(mp_int* priv, ecc_point* pub, byte* out,
 {
 #if !defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)
     sp_point p;
-    sp_digit kd[8];
+    sp_digit k[8];
+#else
+    sp_digit* k = NULL;
 #endif
     sp_point* point = NULL;
-    sp_digit* k = NULL;
     int err = MP_OKAY;
 
     if (*outLen < 32U) {
@@ -18526,8 +18526,6 @@ int sp_ecc_secret_gen_256(mp_int* priv, ecc_point* pub, byte* out,
         if (k == NULL)
             err = MEMORY_E;
     }
-#else
-    k = kd;
 #endif
 
     if (err == MP_OKAY) {
@@ -19000,7 +18998,7 @@ int sp_ecc_sign_256(const byte* hash, word32 hashLen, WC_RNG* rng, mp_int* priv,
     sp_digit carry;
     sp_digit* s = NULL;
     sp_digit* kInv = NULL;
-    int err = MP_OKAY;
+    int err;
     int32_t c;
     int i;
 
@@ -19308,7 +19306,7 @@ int sp_ecc_verify_256(const byte* hash, word32 hashLen, mp_int* pX,
 static int sp_256_ecc_is_point_8(sp_point* point, void* heap)
 {
 #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
-    sp_digit* d = NULL;
+    sp_digit* d;
 #else
     sp_digit t1d[2*8];
     sp_digit t2d[2*8];

wolfcrypt/src/sp_dsp32.c

@@ -4441,6 +4441,9 @@ int wolfSSL_DSP_ECC_Verify_256(remote_handle64 h, int32 *u1, int hashLen, int32*
     int err;
     void* heap = NULL;
 
+    (void)h;
+    (void)hashLen;
+
     err = sp_ecc_point_new(heap, p1d, p1);
     if (err == MP_OKAY) {
         err = sp_ecc_point_new(heap, p2d, p2);
@@ -4450,10 +4453,6 @@ int wolfSSL_DSP_ECC_Verify_256(remote_handle64 h, int32 *u1, int hashLen, int32*
         u2 = u2d;
         tmp = tmpd;
 
-        if (hashLen > 32U) {
-            hashLen = 32U;
-        }
-
 	XMEMCPY(u2, r, 40);
 	XMEMCPY(p2->x, x, 40);
 	XMEMCPY(p2->y, y, 40);
@@ -4533,7 +4532,7 @@ void wc_ecc_fp_free(void)
 
 AEEResult wolfSSL_open(const char *uri, remote_handle64 *handle) 
 {
-   void *tptr = NULL;
+   void *tptr;
   /* can be any value or ignored, rpc layer doesn't care
    * also ok
    * *handle = 0;

wolfcrypt/src/sp_x86_64.c

@@ -5880,16 +5880,18 @@ static const sp_digit p256_b[4] = {
 static int sp_ecc_point_new_ex(void* heap, sp_point* sp, sp_point** p)
 {
     int ret = MP_OKAY;
-    (void)heap;
-#if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
-    (void)sp;
-    *p = (sp_point*)XMALLOC(sizeof(sp_point), heap, DYNAMIC_TYPE_ECC);
-#else
-    *p = sp;
-#endif
     if (p == NULL) {
         ret = MEMORY_E;
     }
+    else {
+    #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
+        *p = (sp_point*)XMALLOC(sizeof(sp_point), heap, DYNAMIC_TYPE_ECC);
+        (void)sp;
+    #else
+        *p = sp;
+        (void)heap;
+    #endif
+    }
     return ret;
 }
 
@@ -8340,11 +8342,12 @@ int sp_ecc_mulmod_256(mp_int* km, ecc_point* gm, ecc_point* r, int map,
 {
 #if !defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)
     sp_point p;
-    sp_digit kd[4];
+    sp_digit k[4];
+#else
+    sp_digit* k = NULL;
 #endif
     sp_point* point;
-    sp_digit* k = NULL;
-    int err = MP_OKAY;
+    int err;
 #ifdef HAVE_INTEL_AVX2
     word32 cpuid_flags = cpuid_get_flags();
 #endif
@@ -8357,8 +8360,6 @@ int sp_ecc_mulmod_256(mp_int* km, ecc_point* gm, ecc_point* r, int map,
         if (k == NULL)
             err = MEMORY_E;
     }
-#else
-    k = kd;
 #endif
     if (err == MP_OKAY) {
         sp_256_from_mp(k, 4, km);
@@ -21936,11 +21937,12 @@ int sp_ecc_mulmod_base_256(mp_int* km, ecc_point* r, int map, void* heap)
 {
 #if !defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)
     sp_point p;
-    sp_digit kd[4];
+    sp_digit k[4];
+#else
+    sp_digit* k = NULL;
 #endif
     sp_point* point;
-    sp_digit* k = NULL;
-    int err = MP_OKAY;
+    int err;
 #ifdef HAVE_INTEL_AVX2
     word32 cpuid_flags = cpuid_get_flags();
 #endif
@@ -21954,8 +21956,6 @@ int sp_ecc_mulmod_base_256(mp_int* km, ecc_point* r, int map, void* heap)
             err = MEMORY_E;
         }
     }
-#else
-    k = kd;
 #endif
     if (err == MP_OKAY) {
         sp_256_from_mp(k, 4, km);
@@ -22070,13 +22070,14 @@ int sp_ecc_make_key_256(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap)
 {
 #if !defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)
     sp_point p;
-    sp_digit kd[4];
+    sp_digit k[4];
 #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
     sp_point inf;
 #endif
+#else
+    sp_digit* k = NULL;
 #endif
     sp_point* point;
-    sp_digit* k = NULL;
 #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
     sp_point* infinity;
 #endif
@@ -22101,8 +22102,6 @@ int sp_ecc_make_key_256(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap)
             err = MEMORY_E;
         }
     }
-#else
-    k = kd;
 #endif
 
     if (err == MP_OKAY) {
@@ -22208,10 +22207,11 @@ int sp_ecc_secret_gen_256(mp_int* priv, ecc_point* pub, byte* out,
 {
 #if !defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SMALL_STACK)
     sp_point p;
-    sp_digit kd[4];
+    sp_digit k[4];
+#else
+    sp_digit* k = NULL;
 #endif
     sp_point* point = NULL;
-    sp_digit* k = NULL;
     int err = MP_OKAY;
 #ifdef HAVE_INTEL_AVX2
     word32 cpuid_flags = cpuid_get_flags();
@@ -22231,8 +22231,6 @@ int sp_ecc_secret_gen_256(mp_int* priv, ecc_point* pub, byte* out,
         if (k == NULL)
             err = MEMORY_E;
     }
-#else
-    k = kd;
 #endif
 
     if (err == MP_OKAY) {
@@ -22721,7 +22719,7 @@ int sp_ecc_sign_256(const byte* hash, word32 hashLen, WC_RNG* rng, mp_int* priv,
     sp_digit carry;
     sp_digit* s = NULL;
     sp_digit* kInv = NULL;
-    int err = MP_OKAY;
+    int err;
     int64_t c;
     int i;
 #ifdef HAVE_INTEL_AVX2
@@ -23099,7 +23097,7 @@ int sp_ecc_verify_256(const byte* hash, word32 hashLen, mp_int* pX,
 static int sp_256_ecc_is_point_4(sp_point* point, void* heap)
 {
 #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)
-    sp_digit* d = NULL;
+    sp_digit* d;
 #else
     sp_digit t1d[2*4];
     sp_digit t2d[2*4];

wolfcrypt/src/tfm.c

@@ -479,6 +479,9 @@ WC_INLINE static int fp_mul_comba_mulx(fp_int *A, fp_int *B, fp_int *C)
 #else
    fp_int    *tmp;
 #endif
+ 
+   /* Variables used but not seen by cppcheck. */
+   (void)ix; (void)iy; (void)iz;
 
 #ifdef WOLFSSL_SMALL_STACK
    tmp = (fp_int*)XMALLOC(sizeof(fp_int), NULL, DYNAMIC_TYPE_BIGINT);
@@ -526,6 +529,9 @@ int fp_mul_comba(fp_int *A, fp_int *B, fp_int *C)
    fp_int    *tmp;
 #endif
 
+   /* Variables used but not seen by cppcheck. */
+   (void)c0; (void)c1; (void)c2;
+
    IF_HAVE_INTEL_MULX(ret = fp_mul_comba_mulx(A, B, C), return ret) ;
 
 #ifdef WOLFSSL_SMALL_STACK
@@ -2503,6 +2509,12 @@ int fp_sqr_comba(fp_int *A, fp_int *B)
    fp_int    *tmp;
 #endif
 
+   /* Variables used but not seen by cppcheck. */
+   (void)c0; (void)c1; (void)c2;
+#ifdef TFM_ISO
+   (void)tt;
+#endif
+
 #ifdef WOLFSSL_SMALL_STACK
    tmp = (fp_int*)XMALLOC(sizeof(fp_int), NULL, DYNAMIC_TYPE_BIGINT);
    if (tmp == NULL)
@@ -3362,22 +3374,26 @@ void fp_init(fp_int *a)
 
 void fp_zero(fp_int *a)
 {
-    int size = FP_SIZE;
+    int size;
     a->used = 0;
     a->sign = FP_ZPOS;
 #if defined(ALT_ECC_SIZE) || defined(HAVE_WOLF_BIGINT)
     size = a->size;
+#else
+    size = FP_SIZE;
 #endif
     XMEMSET(a->dp, 0, size * sizeof(fp_digit));
 }
 
 void fp_clear(fp_int *a)
 {
-    int size = FP_SIZE;
+    int size;
     a->used = 0;
     a->sign = FP_ZPOS;
 #if defined(ALT_ECC_SIZE) || defined(HAVE_WOLF_BIGINT)
     size = a->size;
+#else
+    size = FP_SIZE;
 #endif
     XMEMSET(a->dp, 0, size * sizeof(fp_digit));
     fp_free(a);
@@ -3385,11 +3401,13 @@ void fp_clear(fp_int *a)
 
 void fp_forcezero (mp_int * a)
 {
-    int size = FP_SIZE;
+    int size;
     a->used = 0;
     a->sign = FP_ZPOS;
 #if defined(ALT_ECC_SIZE) || defined(HAVE_WOLF_BIGINT)
     size = a->size;
+#else
+    size = FP_SIZE;
 #endif
     ForceZero(a->dp, size * sizeof(fp_digit));
 #ifdef HAVE_WOLF_BIGINT
@@ -4883,10 +4901,12 @@ int mp_toradix (mp_int *a, char *str, int radix)
 void mp_dump(const char* desc, mp_int* a, byte verbose)
 {
   char buffer[FP_SIZE * sizeof(fp_digit) * 2];
-  int size = FP_SIZE;
+  int size;
 
 #if defined(ALT_ECC_SIZE) || defined(HAVE_WOLF_BIGINT)
   size = a->size;
+#else
+  size = FP_SIZE;
 #endif
 
   printf("%s: ptr=%p, used=%d, sign=%d, size=%d, fpd=%d\n",

wolfcrypt/src/wc_encrypt.c

@@ -87,7 +87,7 @@ int wc_AesCbcEncryptWithKey(byte* out, const byte* in, word32 inSz,
 {
     int  ret = 0;
 #ifdef WOLFSSL_SMALL_STACK
-    Aes* aes = NULL;
+    Aes* aes;
 #else
     Aes  aes[1];
 #endif
@@ -122,7 +122,7 @@ int wc_Des_CbcEncryptWithKey(byte* out, const byte* in, word32 sz,
 {
     int ret  = 0;
 #ifdef WOLFSSL_SMALL_STACK
-    Des* des = NULL;
+    Des* des;
 #else
     Des  des[1];
 #endif
@@ -149,7 +149,7 @@ int wc_Des_CbcDecryptWithKey(byte* out, const byte* in, word32 sz,
 {
     int ret  = 0;
 #ifdef WOLFSSL_SMALL_STACK
-    Des* des = NULL;
+    Des* des;
 #else
     Des  des[1];
 #endif
@@ -177,7 +177,7 @@ int wc_Des3_CbcEncryptWithKey(byte* out, const byte* in, word32 sz,
 {
     int ret    = 0;
 #ifdef WOLFSSL_SMALL_STACK
-    Des3* des3 = NULL;
+    Des3* des3;
 #else
     Des3  des3[1];
 #endif
@@ -209,7 +209,7 @@ int wc_Des3_CbcDecryptWithKey(byte* out, const byte* in, word32 sz,
 {
     int ret    = 0;
 #ifdef WOLFSSL_SMALL_STACK
-    Des3* des3 = NULL;
+    Des3* des3;
 #else
     Des3  des3[1];
 #endif

wolfcrypt/src/wc_pkcs11.c

@@ -869,7 +869,7 @@ static int Pkcs11RsaPublic(Pkcs11Session* session, wc_CryptoInfo* info)
 
     WOLFSSL_MSG("PKCS#11: RSA Public Key Operation");
 
-    if (ret == 0 && info->pk.rsa.outLen == NULL) {
+    if (info->pk.rsa.outLen == NULL) {
         ret = BAD_FUNC_ARG;
     }
 
@@ -941,7 +941,7 @@ static int Pkcs11RsaPrivate(Pkcs11Session* session, wc_CryptoInfo* info)
 
     WOLFSSL_MSG("PKCS#11: RSA Private Key Operation");
 
-    if (ret == 0 && info->pk.rsa.outLen == NULL) {
+    if (info->pk.rsa.outLen == NULL) {
         ret = BAD_FUNC_ARG;
     }
 
@@ -1611,9 +1611,9 @@ static word32 Pkcs11ECDSASig_Encode(byte* sig, word32 sz)
     word32 i;
 
     /* Find first byte of data in r and s. */
-    while (sig[rStart] == 0x00 && rStart < sz - 1)
+    while (rStart < sz - 1 && sig[rStart] == 0x00)
         rStart++;
-    while (sig[sz + sStart] == 0x00 && sStart < sz - 1)
+    while (sStart < sz - 1 && sig[sz + sStart] == 0x00)
         sStart++;
     /* Check if 0 needs to be prepended to make integer a positive number. */
     rHigh = sig[rStart] >> 7;

wolfcrypt/src/wc_port.c

@@ -1335,7 +1335,7 @@ int wolfSSL_CryptHwMutexUnLock(void) {
 
     void *uITRON4_malloc(size_t sz) {
         ER ercd;
-        void *p;
+        void *p = NULL;
         ercd = get_mpl(ID_wolfssl_MPOOL, sz, (VP)&p);
         if (ercd == E_OK) {
             return p;
@@ -1429,7 +1429,7 @@ int wolfSSL_CryptHwMutexUnLock(void) {
 
     void *uTKernel_malloc(unsigned int sz) {
         ER ercd;
-        void *p;
+        void *p = NULL;
         ercd = tk_get_mpl(ID_wolfssl_MPOOL, sz, (VP)&p, TMO_FEVR);
         if (ercd == E_OK) {
             return p;
@@ -2206,7 +2206,6 @@ char* mystrnstr(const char* s1, const char* s2, unsigned int n)
 
     void* nucleus_realloc(void* ptr, unsigned long size, void* heap, int type)
     {
-        STATUS     status;
         DM_HEADER* old_header;
         word32     old_size, copy_size;
         void*      new_mem;

wolfcrypt/test/test.c

@@ -2982,6 +2982,8 @@ int sha3_test(void)
 {
     int ret;
 
+    (void)ret;
+
 #ifndef WOLFSSL_NOSHA3_224
     if ((ret = sha3_224_test()) != 0)
         return ret;
@@ -7576,7 +7578,7 @@ int aesgcm_test(void)
     int  result;
 #ifdef WOLFSSL_AES_256
     int  alen;
-    #ifndef WOLFSSL_AFALG_XILINX_AES
+    #if !defined(WOLFSSL_AFALG_XILINX_AES) && !defined(WOLFSSL_XILINX_CRYPT)
     int  plen;
     #endif
 #endif
@@ -7594,6 +7596,8 @@ int aesgcm_test(void)
     XMEMSET(large_outdec, 0, sizeof(large_outdec));
 #endif
 
+    (void)result;
+
     XMEMSET(resultT, 0, sizeof(resultT));
     XMEMSET(resultC, 0, sizeof(resultC));
     XMEMSET(resultP, 0, sizeof(resultP));
@@ -7739,7 +7743,7 @@ int aesgcm_test(void)
             return -5715;
 #endif /* HAVE_AES_DECRYPT */
     }
-#else
+#else /* BENCH_AESGCM_LARGE */
     /* Variable plain text length test */
     for (plen=1; plen<(int)sizeof(p); plen++) {
          /* AES-GCM encrypt and decrypt both use AES encrypt internally */
@@ -9074,7 +9078,7 @@ int random_test(void)
 static int simple_mem_test(int sz)
 {
     int ret = 0;
-    byte* b = NULL;
+    byte* b;
     int i;
 
     b = (byte*)XMALLOC(sz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
@@ -10979,7 +10983,7 @@ int rsa_no_pad_test(void)
 {
     WC_RNG rng;
     RsaKey key;
-    byte*  tmp = NULL;
+    byte*  tmp;
     size_t bytes;
     int    ret;
     word32 inLen   = 0;
@@ -11193,7 +11197,7 @@ exit_rsa_nopadding:
 static int rsa_certgen_test(RsaKey* key, RsaKey* keypub, WC_RNG* rng, byte* tmp)
 {
     RsaKey      caKey;
-    byte*       der = NULL;
+    byte*       der;
     byte*       pem = NULL;
     int         ret;
     Cert*       myCert = NULL;
@@ -11475,11 +11479,8 @@ exit_rsa:
     wc_FreeRsaKey(&caKey);
 
     XFREE(myCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    myCert = NULL;
     XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    pem = NULL;
     XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    der = NULL;
 
     return ret;
 }
@@ -11492,7 +11493,7 @@ static int rsa_ecc_certgen_test(WC_RNG* rng, byte* tmp)
     RsaKey      caKey;
     ecc_key     caEccKey;
     ecc_key     caEccKeyPub;
-    byte*       der = NULL;
+    byte*       der;
     byte*       pem = NULL;
     Cert*       myCert = NULL;
     int         certSz;
@@ -11698,7 +11699,7 @@ static int rsa_keygen_test(WC_RNG* rng)
     byte*  pem = NULL;
     word32 idx = 0;
     int    derSz = 0;
-#ifndef WOLFSSL_SP_MATH
+#if !defined(WOLFSSL_SP_MATH) && !defined(HAVE_FIPS)
     int    keySz = 1024;
 #else
     int    keySz = 2048;
@@ -11706,10 +11707,6 @@ static int rsa_keygen_test(WC_RNG* rng)
 
     XMEMSET(&genKey, 0, sizeof(genKey));
 
-    #ifdef HAVE_FIPS
-        keySz = 2048;
-    #endif /* HAVE_FIPS */
-
     ret = wc_InitRsaKey_ex(&genKey, HEAP_HINT, devId);
     if (ret != 0) {
         ERROR_OUT(-6962, exit_rsa);
@@ -11786,7 +11783,7 @@ exit_rsa:
 int rsa_test(void)
 {
     int    ret;
-    byte*  tmp = NULL;
+    byte*  tmp;
     byte*  der = NULL;
     byte*  pem = NULL;
     size_t bytes;
@@ -15770,7 +15767,7 @@ int openssl_pkey1_test(void)
     EVP_PKEY_CTX* enc = NULL;
     EVP_PKEY* pubKey  = NULL;
     EVP_PKEY* prvKey  = NULL;
-    X509* x509 = NULL;
+    X509* x509;
 
     const unsigned char msg[] = "sugar slapped";
     const unsigned char* clikey;
@@ -17052,8 +17049,8 @@ done:
 static int ecc_test_make_pub(WC_RNG* rng)
 {
     ecc_key key;
-    unsigned char* exportBuf = NULL;
-    unsigned char* tmp = NULL;
+    unsigned char* exportBuf;
+    unsigned char* tmp;
     unsigned char msg[] = "test wolfSSL ECC public gen";
     word32 x, tmpSz;
     int ret = 0;
@@ -17170,6 +17167,9 @@ static int ecc_test_make_pub(WC_RNG* rng)
 #if defined(WOLFSSL_CRYPTOCELL)
     /* create a new key since building private key from public key is unsupported */
     ret  = wc_ecc_make_key(rng, 32, &key);
+    if (ret == 0) {
+        ERROR_OUT(-8323, done);
+    }
 #endif
 #ifdef HAVE_ECC_SIGN
     tmpSz = FOURK_BUF;
@@ -18564,7 +18564,7 @@ static int ecc_test_cert_gen(WC_RNG* rng)
 #ifdef WOLFSSL_TEST_CERT
     DecodedCert decode;
 #endif
-    byte*  der = NULL;
+    byte*  der;
     byte*  pem = NULL;
     ecc_key caEccKey;
     ecc_key certPubKey;
@@ -19429,14 +19429,14 @@ static int curve25519_check_public_test(void)
     }
 
     /* Little-endian fail cases */
-    for (i = 0; i < (int)(sizeof(fail_le) / sizeof(fail_le)); i++) {
+    for (i = 0; i < (int)(sizeof(fail_le) / sizeof(*fail_le)); i++) {
         if (wc_curve25519_check_public(fail_le[i], CURVE25519_KEYSIZE,
                                                   EC25519_LITTLE_ENDIAN) == 0) {
             return -10390 - i;
         }
     }
     /* Big-endian fail cases */
-    for (i = 0; i < (int)(sizeof(fail_be) / sizeof(fail_be)); i++) {
+    for (i = 0; i < (int)(sizeof(fail_be) / sizeof(*fail_be)); i++) {
         if (wc_curve25519_check_public(fail_be[i], CURVE25519_KEYSIZE,
                                                      EC25519_BIG_ENDIAN) == 0) {
             return -10394 - i;
@@ -19520,6 +19520,8 @@ int curve25519_test(void)
     };
 #endif /* HAVE_CURVE25519_SHARED_SECRET */
 
+    (void)x;
+
 #ifndef HAVE_FIPS
     ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
 #else
@@ -21049,8 +21051,8 @@ int compress_test(void)
     int ret = 0;
     word32 dSz = sizeof(sample_text);
     word32 cSz = (dSz + (word32)(dSz * 0.001) + 12);
-    byte *c = NULL;
-    byte *d = NULL;
+    byte *c;
+    byte *d;
 
     c = XMALLOC(cSz * sizeof(byte), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
     d = XMALLOC(dSz * sizeof(byte), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
@@ -21074,7 +21076,6 @@ int compress_test(void)
     if (XMEMCMP(d, sample_text, dSz) != 0) {
         ERROR_OUT(-9203, exit);
     }
-    ret = 0;
 
     /* GZIP tests */
     cSz = (dSz + (word32)(dSz * 0.001) + 12); /* reset cSz */
@@ -21170,6 +21171,9 @@ static int pkcs7_load_certs_keys(
 #ifndef NO_FILESYSTEM
     XFILE  certFile;
     XFILE  keyFile;
+
+    (void)certFile;
+    (void)keyFile;
 #endif
 
 #ifndef NO_RSA
@@ -25417,7 +25421,9 @@ int memcb_test(void)
         ret = -10006;
 #endif /* !WOLFSSL_NO_MALLOC */
 
+#ifndef WOLFSSL_NO_MALLOC
 exit_memcb:
+#endif
 
     /* restore memory callbacks */
     wolfSSL_SetAllocators(mc, fc, rc);
@@ -25806,7 +25812,10 @@ static int myCryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
             /* reset devId */
             info->hash.sha256->devId = devIdArg;
         }
+        else
     #endif
+        {
+        }
     }
 #endif /* !NO_SHA || !NO_SHA256 */
 #ifndef NO_HMAC

wolfcrypt/user-crypto/src/rsa.c

@@ -693,7 +693,7 @@ static IppStatus init_mont(IppsMontState** mont, int* ctxSz,
 
     /* 2. Allocate working buffer using malloc */
     *mont = (IppsMontState*)XMALLOC(*ctxSz, 0, DYNAMIC_TYPE_USER_CRYPTO);
-    if (mont == NULL) {
+    if (*mont == NULL) {
         XFREE(m, NULL, DYNAMIC_TYPE_USER_CRYPTO);
         return ippStsNoMemErr;
     }
@@ -1620,7 +1620,6 @@ static void Free_BN(IppsBigNumState* bn)
             USER_DEBUG(("Issue with clearing a struct in RsaSSL_Sign free\n"));
         }
         XFREE(bn, NULL, DYNAMIC_TYPE_USER_CRYPTO);
-        bn = NULL;
     }
 }
 
@@ -2552,7 +2551,7 @@ static int SetRsaPublicKey(byte* output, RsaKey* key,
     if (with_header) {
         int  algoSz;
 #ifdef WOLFSSL_SMALL_STACK
-        byte* algo = NULL;
+        byte* algo;
 
         algo = (byte*)XMALLOC(MAX_ALGO_SZ, NULL, DYNAMIC_TYPE_USER_CRYPTO);
         if (algo == NULL) {

wolfssl/test.h

@@ -1164,6 +1164,8 @@ static WC_INLINE void udp_accept(SOCKET_T* sockfd, SOCKET_T* clientfd,
     tcp_ready* ready = args->signal;
     ready->ready = 1;
     ready->port = port;
+#else
+    (void)port;
 #endif
 
     *clientfd = *sockfd;
@@ -1215,7 +1217,7 @@ static WC_INLINE void tcp_accept(SOCKET_T* sockfd, SOCKET_T* clientfd,
                 ready = args->signal;
 
             if (ready) {
-                srf = fopen(ready->srfName, "w");
+                srf = XFOPEN(ready->srfName, "w");
 
                 if (srf) {
                     /* let's write port sever is listening on to ready file
@@ -1495,7 +1497,7 @@ static WC_INLINE void OCSPRespFreeCb(void* ioCtx, unsigned char* response)
         *bufLen = 0;
 
         /* open file (read-only binary) */
-        file = fopen(fname, "rb");
+        file = XFOPEN(fname, "rb");
         if (!file) {
             printf("Error loading %s\n", fname);
             return BAD_PATH_ERROR;
@@ -1891,7 +1893,7 @@ static WC_INLINE void CaCb(unsigned char* der, int sz, int type)
             int depth, res;
             XFILE file;
             for(depth = 0; depth <= MAX_WOLF_ROOT_DEPTH; depth++) {
-                file = fopen(ntruKeyFile, "rb");
+                file = XFOPEN(ntruKeyFile, "rb");
                 if (file != NULL) {
                     fclose(file);
                     return depth;
@@ -2457,11 +2459,14 @@ static WC_INLINE int myEccKeyGen(WOLFSSL* ssl, ecc_key* key, word32 keySz,
     int       ret;
     WC_RNG    rng;
     PkCbInfo* cbInfo = (PkCbInfo*)ctx;
-    ecc_key*  new_key = key;
+    ecc_key*  new_key;
 #ifdef TEST_PK_PRIVKEY
     byte qx[MAX_ECC_BYTES], qy[MAX_ECC_BYTES];
     word32 qxLen = sizeof(qx), qyLen = sizeof(qy);
+
     new_key = &cbInfo->keyGen.ecc;
+#else
+    new_key = key;
 #endif
 
     (void)ssl;