X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=crypto%2Frsa%2Frsa_oaep.c;h=9a01b4afc11fb4da89889ed1362bbbcf9cea0068;hb=82d8cec06ae8af5dbe68c8e4be38ad32ce9fa594;hp=9c2a943cf7786cf2b22e41d4fd9d572127bcc181;hpb=ae5c8664e587f2445c8e4eb436cffbb64af4f6b8;p=oweals%2Fopenssl.git

diff --git a/crypto/rsa/rsa_oaep.c b/crypto/rsa/rsa_oaep.c
index 9c2a943cf7..9a01b4afc1 100644
--- a/crypto/rsa/rsa_oaep.c
+++ b/crypto/rsa/rsa_oaep.c
@@ -89,17 +89,21 @@ int RSA_padding_add_PKCS1_OAEP_mgf1(unsigned char *to, int tlen,
     }
 
     if (PKCS1_MGF1(dbmask, emlen - mdlen, seed, mdlen, mgf1md) < 0)
-        return 0;
+        goto err;
     for (i = 0; i < emlen - mdlen; i++)
         db[i] ^= dbmask[i];
 
     if (PKCS1_MGF1(seedmask, mdlen, db, emlen - mdlen, mgf1md) < 0)
-        return 0;
+        goto err;
     for (i = 0; i < mdlen; i++)
         seed[i] ^= seedmask[i];
 
     OPENSSL_free(dbmask);
     return 1;
+
+ err:
+    OPENSSL_free(dbmask);
+    return 0;
 }
 
 int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
@@ -233,10 +237,14 @@ int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen,
     RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP_MGF1,
            RSA_R_OAEP_DECODING_ERROR);
  cleanup:
-    if (db != NULL)
+    if (db != NULL) {
+        OPENSSL_cleanse(db, dblen);
         OPENSSL_free(db);
-    if (em != NULL)
+    }
+    if (em != NULL) {
+        OPENSSL_cleanse(em, num);
         OPENSSL_free(em);
+    }
     return mlen;
 }