From 9bfab337268b42c5d2f6ccb4fa16837f503f3cf7 Mon Sep 17 00:00:00 2001
From: Anthony Hu <anthony@wolfssl.com>
Date: Wed, 3 Apr 2024 09:04:28 -0400
Subject: [PATCH] Address comments from Jacob.

---
 src/ssl.c | 28 +++++++++++++++++++++++++---
 1 file changed, 25 insertions(+), 3 deletions(-)

diff --git a/src/ssl.c b/src/ssl.c
index 7f44bbc5d..da2658151 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -8346,8 +8346,12 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
         #endif /* HAVE_PQC */
 
             default:
+                /* In this case, there was an OID that we didn't recognize.
+                 * This is an error. Use not compiled in because likely the
+                 * given algorithm was not enabled. */
+                ret = NOT_COMPILED_IN;
                 WOLFSSL_MSG("No alt key size check done on certificate");
-                break; /* do no check if not a case for the key */
+                break;
         }
 
         if (ssl != NULL) {
@@ -16686,6 +16690,10 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
     {
         int ret = WOLFSSL_FAILURE;
 
+        if (ctx == NULL || id == NULL) {
+            return ret;
+        }
+
         FreeDer(&ctx->altPrivateKey);
         if (AllocDer(&ctx->altPrivateKey, (word32)sz, ALT_PRIVATEKEY_TYPE,
                                                               ctx->heap) == 0) {
@@ -16706,8 +16714,13 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
                                             int devId)
     {
         int ret = WOLFSSL_FAILURE;
-        word32 sz = (word32)XSTRLEN(label) + 1;
+        word32 sz;
 
+        if (ctx == NULL || label == NULL) {
+            return ret;
+        }
+
+        sz = (word32)XSTRLEN(label) + 1;
         FreeDer(&ctx->altPrivateKey);
         if (AllocDer(&ctx->altPrivateKey, (word32)sz, ALT_PRIVATEKEY_TYPE,
                                                               ctx->heap) == 0) {
@@ -17000,6 +17013,10 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
     {
         int ret = WOLFSSL_FAILURE;
 
+        if (ssl == NULL || id == NULL) {
+            return ret;
+        }
+
         if (ssl->buffers.weOwnAltKey)
             FreeDer(&ssl->buffers.altKey);
         if (AllocDer(&ssl->buffers.altKey, (word32)sz, ALT_PRIVATEKEY_TYPE,
@@ -17022,8 +17039,13 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
                                         int devId)
     {
         int ret = WOLFSSL_FAILURE;
-        word32 sz = (word32)XSTRLEN(label) + 1;
+        word32 sz;
 
+        if (ssl == NULL || label == NULL) {
+            return ret;
+        }
+
+        sz = (word32)XSTRLEN(label) + 1;
         if (ssl->buffers.weOwnAltKey)
             FreeDer(&ssl->buffers.altKey);
         if (AllocDer(&ssl->buffers.altKey, (word32)sz, ALT_PRIVATEKEY_TYPE,