diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c
index 0873e25c8..257242d47 100644
--- a/wolfcrypt/src/ecc.c
+++ b/wolfcrypt/src/ecc.c
@@ -2504,25 +2504,34 @@ int wc_ecc_make_key_ex(WC_RNG* rng, int keysize, ecc_key* key, int curve_id)
 
     /* make up random string */
     err = wc_RNG_GenerateBlock(rng, buf, keysize);
+    if (err != 0) {
+    #ifdef WOLFSSL_SMALL_STACK
+        XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    #endif
+        return err;
+    }
 
     /* setup the key variables */
-    if (err == 0) {
-        err = mp_init_multi(&key->k, &prime, &order, &a, NULL, NULL);
-        if (err == MP_OKAY) {
-        #ifndef ALT_ECC_SIZE
-            err = mp_init_multi(key->pubkey.x, key->pubkey.y, key->pubkey.z,
-                                                            NULL, NULL, NULL);
-        #else
-            key->pubkey.x = (mp_int*)&key->pubkey.xyz[0];
-            key->pubkey.y = (mp_int*)&key->pubkey.xyz[1];
-            key->pubkey.z = (mp_int*)&key->pubkey.xyz[2];
-            alt_fp_init(key->pubkey.x);
-            alt_fp_init(key->pubkey.y);
-            alt_fp_init(key->pubkey.z);
-        #endif
-        }
+    err = mp_init_multi(&key->k, &prime, &order, &a, NULL, NULL);
+    if (err != MP_OKAY) {
+    #ifdef WOLFSSL_SMALL_STACK
+        XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    #endif
+        return err;
     }
 
+#ifndef ALT_ECC_SIZE
+    err = mp_init_multi(key->pubkey.x, key->pubkey.y, key->pubkey.z,
+                                                    NULL, NULL, NULL);
+#else
+    key->pubkey.x = (mp_int*)&key->pubkey.xyz[0];
+    key->pubkey.y = (mp_int*)&key->pubkey.xyz[1];
+    key->pubkey.z = (mp_int*)&key->pubkey.xyz[2];
+    alt_fp_init(key->pubkey.x);
+    alt_fp_init(key->pubkey.y);
+    alt_fp_init(key->pubkey.z);
+#endif
+
     if (err == MP_OKAY) {
         base = wc_ecc_new_point_h(key->heap);
         if (base == NULL)
@@ -2575,14 +2584,15 @@ int wc_ecc_make_key_ex(WC_RNG* rng, int keysize, ecc_key* key, int curve_id)
     if (err == MP_OKAY)
         key->type = ECC_PRIVATEKEY;
 
+    /* cleanup these on failure case only */
     if (err != MP_OKAY) {
-        /* clean up */
         mp_clear(key->pubkey.x);
         mp_clear(key->pubkey.y);
         mp_clear(key->pubkey.z);
         mp_forcezero(&key->k);
     }
 
+    /* cleanup allocations */
     wc_ecc_del_point_h(base, key->heap);
 #ifndef USE_FAST_MATH
     mp_clear(&a);
diff --git a/wolfcrypt/src/integer.c b/wolfcrypt/src/integer.c
index be7bd5fcb..030d3fa01 100644
--- a/wolfcrypt/src/integer.c
+++ b/wolfcrypt/src/integer.c
@@ -100,6 +100,13 @@ int mp_init_multi(mp_int* a, mp_int* b, mp_int* c, mp_int* d, mp_int* e,
 {
     int res = MP_OKAY;
 
+    if (a) XMEMSET(a, 0, sizeof(mp_int));
+    if (b) XMEMSET(b, 0, sizeof(mp_int));
+    if (c) XMEMSET(c, 0, sizeof(mp_int));
+    if (d) XMEMSET(d, 0, sizeof(mp_int));
+    if (e) XMEMSET(e, 0, sizeof(mp_int));
+    if (f) XMEMSET(f, 0, sizeof(mp_int));
+
     if (a && ((res = mp_init(a)) != MP_OKAY))
         return res;
 
@@ -454,7 +461,7 @@ void mp_zero (mp_int * a)
 {
   int       n;
   mp_digit *tmp;
-  
+
   if (a == NULL)
       return;
 
@@ -4418,7 +4425,7 @@ int mp_rand_prime(mp_int* N, int len, WC_RNG* rng, void* heap)
 
     XMEMSET(buf, 0, len);
     XFREE(buf, heap, DYNAMIC_TYPE_RSA);
-    
+
     return MP_OKAY;
 }