Test api.c: change more tests to use Expect instead of Assert

Changed EXPECT_DECL to start of as TEST_SKIPPED.
Modified other EXPECT macros appropriately.
Change test functions to not use 'res' when EXPECT_DECL is used.

memory.c:
  wc_MemFailCount_Init(): don't declare variable after a statement

conf.c:
wolfSSL_TXT_DB_read(): free the whole WOLFSSL_TXT_DB on failure
instead of just the memory
wolfSSL_CONF_add_string(): pop the value added into section->value
(sk) if it can't be pushed onto conf->data
  wolfSSL_NCONF_load(): free the new value if it wasn't able to be added

ocsp.c:
  wolfSSL_OCSP_cert_to_id():
free the decoded certificate if parsing failed (is freed after use
otherwise)
free the certificate id on failure and make it NULL and continue
freeing other variables

pk.c:
wolfSSL_RSA_set0_crt_params(): set dmp1, dmq1 and iqmp fields to NULL
if setting the internal failed - returns error and caller needs to free
the passed in BNs
wolfSSL_RSA_set0_factors(): set p and q fields to NULL if setting the
internal failed - returns error and caller needs to free the passed in
BNs
wolfSSL_RSA_set0_key(): set n, e abd d fields to NULL if setting the
internal failed - returns error and caller needs to free the passed in
BNs

x509.c:
wolfSSL_X509_set_serialNumber(): explicit NULL
checkwolfSSL_X509_REQ_add1_attr_by_NID(): check whether push succeeded
and on failure free attribute

asn.c:
ConfirmSignature(): for DSA, allocate separately to ensure no leak on
memory allocation failure.

dh.c:
wc_DhGenerateParams(): ensure tmp and tmp2 are able to be cleared on
error

evp.c:
wolfSSL_EVP_PKEY_CTX_add1_hkdf_info(): fix realloc use to no leak on
failure
  wolfSSL_EVP_CIPHER_CTX_iv_length(): handle ctx being NULL.

src/conf.c

@@ -143,7 +143,7 @@ WOLFSSL_TXT_DB *wolfSSL_TXT_DB_read(WOLFSSL_BIO *in, int num)
     failed = 0;
 error:
     if (failed && ret) {
-        XFREE(ret, NULL, DYNAMIC_TYPE_OPENSSL);
+        wolfSSL_TXT_DB_free(ret);
         ret = NULL;
     }
     if (buf) {
@@ -458,6 +458,7 @@ int wolfSSL_CONF_add_string(WOLFSSL_CONF *conf,
     }
     if (wolfSSL_sk_CONF_VALUE_push(conf->data, value) != WOLFSSL_SUCCESS) {
         WOLFSSL_MSG("wolfSSL_sk_CONF_VALUE_push error");
+        wolfssl_sk_pop_type(sk, STACK_TYPE_CONF_VALUE);
         return WOLFSSL_FAILURE;
     }
 
@@ -948,6 +949,7 @@ int wolfSSL_NCONF_load(WOLFSSL_CONF *conf, const char *file, long *eline)
 
             if (wolfSSL_CONF_add_string(conf, section, newVal) !=
                     WOLFSSL_SUCCESS) {
+                wolfSSL_X509V3_conf_free(newVal);
                 WOLFSSL_MSG("wolfSSL_CONF_add_string error");
                 goto cleanup;
             }

src/ocsp.c

@@ -659,6 +659,7 @@ WOLFSSL_OCSP_CERTID* wolfSSL_OCSP_cert_to_id(
     InitDecodedCert(cert, subject->derCert->buffer,
                     subject->derCert->length, NULL);
     if (ParseCertRelative(cert, CERT_TYPE, VERIFY_OCSP, cm) != 0) {
+        FreeDecodedCert(cert);
         goto out;
     }
     else {
@@ -676,11 +677,12 @@ WOLFSSL_OCSP_CERTID* wolfSSL_OCSP_cert_to_id(
     if (ret != 0) {
         if (derCert != NULL)
             FreeDer(&derCert);
-        if (certId != NULL)
+        if (certId != NULL) {
             XFREE(certId, cm->heap, DYNAMIC_TYPE_OPENSSL);
+            certId = NULL;
+        }
         if (certStatus)
             XFREE(certStatus, cm->heap, DYNAMIC_TYPE_OPENSSL);
-        return NULL;
     }
 
 #ifdef WOLFSSL_SMALL_STACK
@@ -1115,7 +1117,7 @@ WOLFSSL_OCSP_CERTID* wolfSSL_d2i_OCSP_CERTID(WOLFSSL_OCSP_CERTID** cidOut,
         }
     }
 
-    if (cid && (!cidOut || cid != *cidOut)) {
+    if ((cid != NULL) && ((cidOut == NULL) || (cid != *cidOut))) {
         XFREE(cid, NULL, DYNAMIC_TYPE_OPENSSL);
     }
 

src/pk.c

@@ -825,6 +825,7 @@ WOLFSSL_RSA_METHOD *wolfSSL_RSA_meth_new(const char *name, int flags)
     if (err) {
         /* meth->name won't be allocated on error. */
         XFREE(meth, NULL, DYNAMIC_TYPE_OPENSSL);
+        meth = NULL;
     }
     return meth;
 }
@@ -2751,6 +2752,15 @@ int wolfSSL_RSA_set0_crt_params(WOLFSSL_RSA *rsa, WOLFSSL_BIGNUM *dmp1,
 
         /* Set the values into the wolfCrypt RSA key. */
         if (SetRsaInternal(rsa) != 1) {
+            if (dmp1 != NULL) {
+                rsa->dmp1 = NULL;
+            }
+            if (dmq1 != NULL) {
+                rsa->dmq1 = NULL;
+            }
+            if (iqmp != NULL) {
+                rsa->iqmp = NULL;
+            }
             ret = 0;
         }
     }
@@ -2815,6 +2825,12 @@ int wolfSSL_RSA_set0_factors(WOLFSSL_RSA *rsa, WOLFSSL_BIGNUM *p,
 
         /* Set the values into the wolfCrypt RSA key. */
         if (SetRsaInternal(rsa) != 1) {
+             if (p != NULL) {
+                 rsa->p = NULL;
+             }
+             if (q != NULL) {
+                 rsa->q = NULL;
+             }
              ret = 0;
         }
     }
@@ -2890,6 +2906,15 @@ int wolfSSL_RSA_set0_key(WOLFSSL_RSA *rsa, WOLFSSL_BIGNUM *n, WOLFSSL_BIGNUM *e,
 
         /* Set the values into the wolfCrypt RSA key. */
         if (SetRsaInternal(rsa) != 1) {
+            if (n != NULL) {
+                rsa->n = NULL;
+            }
+            if (e != NULL) {
+                rsa->e = NULL;
+            }
+            if (d != NULL) {
+                rsa->d = NULL;
+            }
             ret = 0;
         }
     }

src/x509.c

@@ -13490,7 +13490,7 @@ int wolfSSL_X509_set_notBefore(WOLFSSL_X509* x509, const WOLFSSL_ASN1_TIME* t)
 int wolfSSL_X509_set_serialNumber(WOLFSSL_X509* x509, WOLFSSL_ASN1_INTEGER* s)
 {
     WOLFSSL_ENTER("wolfSSL_X509_set_serialNumber");
-    if (!x509 || !s || s->length >= EXTERNAL_SERIAL_SIZE)
+    if (x509 == NULL || s == NULL || s->length >= EXTERNAL_SERIAL_SIZE)
         return WOLFSSL_FAILURE;
 
     /* WOLFSSL_ASN1_INTEGER has type | size | data
@@ -13970,6 +13970,9 @@ int wolfSSL_X509_REQ_add1_attr_by_NID(WOLFSSL_X509 *req,
             }
         }
         ret = wolfSSL_sk_push(req->reqAttributes, attr);
+        if (ret != WOLFSSL_SUCCESS) {
+            wolfSSL_X509_ATTRIBUTE_free(attr);
+        }
     }
 
     return ret;