Memory leak fix: RSA_blinding_on() didn't free Ai under certain circumstances.

#define RSA_FLAG_CACHE_PUBLIC		0x02

#define RSA_FLAG_CACHE_PRIVATE		0x04

#define RSA_FLAG_BLINDING		0x08

#define RSA_FLAG_NO_BLINDING		0x80 /* new with 0.9.6j and 0.9.7b; the built-in

                                              * RSA implementation now uses blinding by

                                              * default (ignoring RSA_FLAG_BLINDING),

                                              * but other engines might not need it

                                              */

#define RSA_FLAG_THREAD_SAFE		0x10

/* This flag means the private key operations will be handled by rsa_mod_exp

 * and that they do not depend on the private key components being present:

 */

#define RSA_FLAG_SIGN_VER		0x40

#define RSA_FLAG_NO_BLINDING		0x80

#define RSA_FLAG_NO_BLINDING		0x80 /* new with 0.9.6j and 0.9.7b; the built-in

                                              * RSA implementation now uses blinding by

                                              * default (ignoring RSA_FLAG_BLINDING),

                                              * but other engines might not need it

                                              */

#define RSA_PKCS1_PADDING	1

#define RSA_SSLV23_PADDING	2

int RSA_blinding_on(RSA *rsa, BN_CTX *p_ctx)

	{

	BIGNUM *A,*Ai;

	BIGNUM *A,*Ai = NULL;

	BN_CTX *ctx;

	int ret=0;

	else

		ctx=p_ctx;

	/* XXXXX: Shouldn't this be RSA_blinding_off(rsa)? */

	if (rsa->blinding != NULL)

		{

		BN_BLINDING_free(rsa->blinding);

		rsa->blinding = NULL;

		}

	/* NB: similar code appears in setup_blinding (rsa_eay.c);

	 * this should be placed in a new function of its own, but for reasons

	rsa->blinding->thread_id = CRYPTO_thread_id();

	rsa->flags |= RSA_FLAG_BLINDING;

	rsa->flags &= ~RSA_FLAG_NO_BLINDING;

	BN_free(Ai);

	ret=1;

err:

	if (Ai != NULL) BN_free(Ai);

	BN_CTX_end(ctx);

	if (ctx != p_ctx) BN_CTX_free(ctx);

	return(ret);