diff --git a/src/ocsp.c b/src/ocsp.c
index 8ba3cb5cb..4862cf939 100644
--- a/src/ocsp.c
+++ b/src/ocsp.c
@@ -987,6 +987,9 @@ int wolfSSL_i2d_OCSP_CERTID(WOLFSSL_OCSP_CERTID* id, unsigned char** data)
     }
     else {
         *data = (unsigned char*)XMALLOC(id->rawCertIdSize, NULL, DYNAMIC_TYPE_OPENSSL);
+        if (*data == NULL) {
+            return WOLFSSL_FAILURE;
+        }
         XMEMCPY(*data, id->rawCertId, id->rawCertIdSize);
     }
 
diff --git a/src/ssl.c b/src/ssl.c
index d61950c5d..51f4c40b5 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -6293,7 +6293,7 @@ int wolfSSL_CertManagerDisableOCSPStapling(WOLFSSL_CERT_MANAGER* cm)
 /* require OCSP stapling response */
 int wolfSSL_CertManagerEnableOCSPMustStaple(WOLFSSL_CERT_MANAGER* cm)
 {
-    int ret = WOLFSSL_SUCCESS;
+    int ret;
 
     WOLFSSL_ENTER("wolfSSL_CertManagerEnableOCSPMustStaple");
 
@@ -6305,6 +6305,7 @@ int wolfSSL_CertManagerEnableOCSPMustStaple(WOLFSSL_CERT_MANAGER* cm)
     #ifndef NO_WOLFSSL_CLIENT
         cm->ocspMustStaple = 1;
     #endif
+    ret = WOLFSSL_SUCCESS;
 #else
     ret = NOT_COMPILED_IN;
 #endif
@@ -6314,7 +6315,7 @@ int wolfSSL_CertManagerEnableOCSPMustStaple(WOLFSSL_CERT_MANAGER* cm)
 
 int wolfSSL_CertManagerDisableOCSPMustStaple(WOLFSSL_CERT_MANAGER* cm)
 {
-    int ret = WOLFSSL_SUCCESS;
+    int ret;
 
     WOLFSSL_ENTER("wolfSSL_CertManagerDisableOCSPMustStaple");
 
@@ -6326,6 +6327,7 @@ int wolfSSL_CertManagerDisableOCSPMustStaple(WOLFSSL_CERT_MANAGER* cm)
     #ifndef NO_WOLFSSL_CLIENT
         cm->ocspMustStaple = 0;
     #endif
+    ret = WOLFSSL_SUCCESS;
 #else
     ret = NOT_COMPILED_IN;
 #endif
@@ -14788,11 +14790,13 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
 
             /* Need a persistent copy of the subject name. */
             node->data.name = wolfSSL_X509_NAME_dup(subjectName);
-            /*
-             * Original cert will be freed so make sure not to try to access
-             * it in the future.
-             */
-            node->data.name->x509 = NULL;
+            if (node->data.name != NULL) {
+                /*
+                * Original cert will be freed so make sure not to try to access
+                * it in the future.
+                */
+                node->data.name->x509 = NULL;
+            }
 
             /* Put node on the front of the list. */
             node->num  = (list == NULL) ? 1 : list->num + 1;
@@ -32192,6 +32196,11 @@ int wolfSSL_PEM_write_bio_RSAPrivateKey(WOLFSSL_BIO* bio, WOLFSSL_RSA* key,
             return WOLFSSL_FAILURE;
         }
 
+        if (derBuf == NULL) {
+            WOLFSSL_MSG("wolfSSL_RSA_To_Der failed to get buffer");
+            return WOLFSSL_FAILURE;
+        }
+
         pkey->pkey.ptr = (char*)XMALLOC(derSz, bio->heap,
                 DYNAMIC_TYPE_TMP_BUFFER);
         if (pkey->pkey.ptr == NULL) {
@@ -32247,6 +32256,11 @@ int wolfSSL_PEM_write_bio_RSA_PUBKEY(WOLFSSL_BIO* bio, WOLFSSL_RSA* rsa)
         return WOLFSSL_FAILURE;
     }
 
+    if (derBuf == NULL) {
+        WOLFSSL_MSG("wolfSSL_RSA_To_Der failed to get buffer");
+        return WOLFSSL_FAILURE;
+    }
+
     pkey->pkey.ptr = (char*)XMALLOC(derSz, bio->heap,
             DYNAMIC_TYPE_TMP_BUFFER);
     if (pkey->pkey.ptr == NULL) {
@@ -37706,7 +37720,7 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl)
     static int CopyX509NameToCert(WOLFSSL_X509_NAME* n, byte* out)
     {
         unsigned char* der = NULL;
-        int length = BAD_FUNC_ARG, ret = BAD_FUNC_ARG;
+        int length = BAD_FUNC_ARG, ret;
         word32 idx = 0;
 
         ret = wolfSSL_i2d_X509_NAME(n, &der);
@@ -39227,9 +39241,11 @@ err:
                 XMEMCPY(fullName + *idx, "=", 1); *idx = *idx + 1;
 
                 data = wolfSSL_ASN1_STRING_data(e->value);
-                sz   = (int)XSTRLEN((const char*)data);
-                XMEMCPY(fullName + *idx, data, sz);
-                *idx += sz;
+                if (data != NULL) {
+                    sz = (int)XSTRLEN((const char*)data);
+                    XMEMCPY(fullName + *idx, data, sz);
+                    *idx += sz;
+                }
 
                 ret++;
             }
diff --git a/src/tls.c b/src/tls.c
index e0b1df0f1..634f30e51 100644
--- a/src/tls.c
+++ b/src/tls.c
@@ -4072,6 +4072,11 @@ int TLSX_SupportedCurve_CheckPriority(WOLFSSL* ssl)
         return ret;
 
     ext = TLSX_Find(priority, TLSX_SUPPORTED_GROUPS);
+    if (ext == NULL) {
+        WOLFSSL_MSG("Could not find supported groups extension");
+        return 0;
+    }
+
     curve = (SupportedCurve*)ext->data;
     name = curve->name;
 
diff --git a/tests/api.c b/tests/api.c
index d6e50b2d8..35ca09009 100644
--- a/tests/api.c
+++ b/tests/api.c
@@ -22065,7 +22065,7 @@ static int test_wc_ecc_sig_size_calc (void)
 #if defined(HAVE_ECC) && !defined(WC_NO_RNG) && !defined(HAVE_SELFTEST)
     ecc_key     key;
     WC_RNG      rng;
-    int         sz;
+    int         sz = 0;
 
     printf(testingFmt, "wc_ecc_sig_size_calc()");
 
@@ -29186,7 +29186,8 @@ static void test_wolfSSL_ASN1_TIME_adj(void)
     offset_day = 7;
     offset_sec = 45 * mini;
     /* offset_sec = -45 * min;*/
-    asn_time = wolfSSL_ASN1_TIME_adj(s, t, offset_day, offset_sec);
+    AssertNotNull(asn_time =
+            wolfSSL_ASN1_TIME_adj(s, t, offset_day, offset_sec));
     AssertTrue(asn_time->type == asn_utc_time);
     XSTRNCPY(date_str, (const char*)&asn_time->data, CTC_DATE_SIZE);
     date_str[CTC_DATE_SIZE] = '\0';
@@ -34689,6 +34690,7 @@ static void test_IncCtr(void)
     EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
     const EVP_CIPHER *init = EVP_des_ede3_cbc();
 
+    AssertNotNull(ctx);
     wolfSSL_EVP_CIPHER_CTX_init(ctx);
     AssertIntEQ(EVP_CipherInit(ctx, init, key, iv, 1), WOLFSSL_SUCCESS);
 
@@ -35442,7 +35444,7 @@ static void test_wolfSSL_OCSP_resp_count()
     WOLFSSL_OCSP_BASICRESP basicResp;
     WOLFSSL_OCSP_SINGLERESP singleRespOne;
     WOLFSSL_OCSP_SINGLERESP singleRespTwo;
-    int count = 1;
+    int count;
 
     printf(testingFmt, "wolfSSL_OCSP_resp_count()");
 
diff --git a/wolfcrypt/benchmark/benchmark.c b/wolfcrypt/benchmark/benchmark.c
index 0fce5ee1e..08c3b4ea5 100644
--- a/wolfcrypt/benchmark/benchmark.c
+++ b/wolfcrypt/benchmark/benchmark.c
@@ -5301,7 +5301,7 @@ exit:
 
 void bench_ecc(int doAsync)
 {
-    int ret = 0, i, times, count, pending = 0;
+    int ret = 0, i, times = 0, count = 0, pending = 0;
     const int keySize = bench_ecc_size;
     ecc_key genKey[BENCH_MAX_PENDING];
 #ifdef HAVE_ECC_DHE
@@ -5313,7 +5313,7 @@ void bench_ecc(int doAsync)
 #endif
 #endif
     word32 x[BENCH_MAX_PENDING];
-    double start;
+    double start = 0;
     const char**desc = bench_desc_words[lng_index];
 
 #ifdef HAVE_ECC_DHE
diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c
index 3036c169e..21ba6b987 100644
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@@ -17556,7 +17556,7 @@ void FreeOcspRequest(OcspRequest* req)
 
 int CompareOcspReqResp(OcspRequest* req, OcspResponse* resp)
 {
-    int cmp;
+    int cmp = 0; /* start as matching if both req and resp have no values */
     OcspEntry *single, *next, *prev = NULL, *top;
 
     WOLFSSL_ENTER("CompareOcspReqResp");
diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c
index e68fee460..ee3a01700 100644
--- a/wolfcrypt/src/ecc.c
+++ b/wolfcrypt/src/ecc.c
@@ -6288,7 +6288,7 @@ int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash,
 #else
 {
    int           err;
-   word32        keySz;
+   word32        keySz = 0;
 #if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A)
    byte sigRS[ATECC_KEY_SIZE*2];
 #elif defined(WOLFSSL_CRYPTOCELL)