From 1d7fd42aa892a676abd634f0d8bba59c061738a1 Mon Sep 17 00:00:00 2001
From: Eric Blankenhorn <eric@wolfssl.com>
Date: Wed, 13 Dec 2023 13:51:02 -0600
Subject: [PATCH] Fixes for release

---
 wolfcrypt/src/asn.c   | 2 +-
 wolfcrypt/src/pkcs7.c | 7 +++++++
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c
index f17c786bf..6147dea8c 100644
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@@ -32504,7 +32504,7 @@ static int EccSpecifiedECDomainDecode(const byte* input, word32 inSz,
         }
     }
 
-    if (curveSz) {
+    if ((ret == 0) && (curveSz)) {
         *curveSz = curve->size;
     }
 
diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c
index 36983d501..507d9eeeb 100644
--- a/wolfcrypt/src/pkcs7.c
+++ b/wolfcrypt/src/pkcs7.c
@@ -11825,6 +11825,10 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* in,
     }
 #endif
 
+#ifndef WOLFSSL_SMALL_STACK
+    XMEMSET(decryptedKey, 0, MAX_ENCRYPTED_KEY_SZ);
+#endif
+
     switch (pkcs7->state) {
         case WC_PKCS7_START:
         case WC_PKCS7_INFOSET_START:
@@ -11856,6 +11860,9 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* in,
                 ret = MEMORY_E;
                 break;
             }
+            else {
+                XMEMSET(decryptedKey, 0, MAX_ENCRYPTED_KEY_SZ);
+            }
         #ifndef NO_PKCS7_STREAM
             pkcs7->stream->key = decryptedKey;
         #endif