From 1a7fe0d4c59251335f782527975982d47958c260 Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Mon, 14 Nov 2016 12:49:42 -0800
Subject: [PATCH] fix non ecc_make_key init_mulit potential problems

---
 src/ssl.c               |  4 ++--
 wolfcrypt/src/ecc.c     | 32 ++++++++++++++++++++++----------
 wolfcrypt/src/integer.c |  6 ++++++
 3 files changed, 30 insertions(+), 12 deletions(-)

diff --git a/src/ssl.c b/src/ssl.c
index 8ac38b8f3..0809d58a5 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -17521,9 +17521,9 @@ WOLFSSL_ECDSA_SIG *wolfSSL_ECDSA_do_sign(const unsigned char *d, int dlen,
                     sig = NULL;
                 }
 
-                mp_clear(&sig_r);
-                mp_clear(&sig_s);
             }
+            mp_clear(&sig_r);
+            mp_clear(&sig_s);
         }
     }
 
diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c
index 0873e25c8..f6ad18767 100644
--- a/wolfcrypt/src/ecc.c
+++ b/wolfcrypt/src/ecc.c
@@ -3452,9 +3452,12 @@ int wc_ecc_import_point_der(byte* in, word32 inLen, const int curve_idx,
 #ifdef HAVE_COMP_KEY
     if (err == MP_OKAY && compressed == 1) {   /* build y */
         mp_int t1, t2, prime, a, b;
+        int did_init = 0;
 
         if (mp_init_multi(&t1, &t2, &prime, &a, &b, NULL) != MP_OKAY)
             err = MEMORY_E;
+        else
+            did_init = 1;
 
         /* read in the specs for this curve */
         if (err == MP_OKAY)
@@ -3495,13 +3498,15 @@ int wc_ecc_import_point_der(byte* in, word32 inLen, const int curve_idx,
             }
         }
 
+        if (did_init) {
     #ifndef USE_FAST_MATH
-        mp_clear(&a);
-        mp_clear(&b);
-        mp_clear(&prime);
-        mp_clear(&t2);
-        mp_clear(&t1);
+            mp_clear(&a);
+            mp_clear(&b);
+            mp_clear(&prime);
+            mp_clear(&t2);
+            mp_clear(&t1);
     #endif
+        }
     }
 #endif
 
@@ -3881,6 +3886,8 @@ int wc_ecc_check_key(ecc_key* key)
         return ECC_INF_E;
 
     err = mp_init_multi(&prime, &a, &order, NULL, NULL, NULL);
+    if (err != MP_OKAY)
+        return err;
 
     /* read in the specs for this curve */
     if (err == MP_OKAY)
@@ -3975,9 +3982,12 @@ int wc_ecc_import_x963_ex(const byte* in, word32 inLen, ecc_key* key,
 #ifdef HAVE_COMP_KEY
     if (err == MP_OKAY && compressed == 1) {   /* build y */
         mp_int t1, t2, prime, a, b;
+        int did_init = 0;
 
         if (mp_init_multi(&t1, &t2, &prime, &a, &b, NULL) != MP_OKAY)
             err = MEMORY_E;
+        else
+            did_init = 1;
 
         /* read in the specs for this curve */
         if (err == MP_OKAY)
@@ -4019,13 +4029,15 @@ int wc_ecc_import_x963_ex(const byte* in, word32 inLen, ecc_key* key,
             mp_copy(&t2, key->pubkey.y);
         }
 
+        if (did_init) {
     #ifndef USE_FAST_MATH
-        mp_clear(&a);
-        mp_clear(&b);
-        mp_clear(&prime);
-        mp_clear(&t2);
-        mp_clear(&t1);
+            mp_clear(&a);
+            mp_clear(&b);
+            mp_clear(&prime);
+            mp_clear(&t2);
+            mp_clear(&t1);
     #endif
+        }
     }
 #endif /* HAVE_COMP_KEY */
 
diff --git a/wolfcrypt/src/integer.c b/wolfcrypt/src/integer.c
index be7bd5fcb..be1de0812 100644
--- a/wolfcrypt/src/integer.c
+++ b/wolfcrypt/src/integer.c
@@ -1067,6 +1067,12 @@ int mp_invmod_slow (mp_int * a, mp_int * b, mp_int * c)
 
   /* init rest of tmps temps */
   if ((res = mp_init_multi(&C, &D, 0, 0, 0, 0)) != MP_OKAY) {
+     mp_clear(&x);
+     mp_clear(&y);
+     mp_clear(&u);
+     mp_clear(&v);
+     mp_clear(&A);
+     mp_clear(&B);
      return res;
   }