diff -Naur boinc-6.2.18/checkin_notes boinc-6.2.18-mp/checkin_notes
--- boinc-6.2.18/checkin_notes	2008-08-25 16:29:18.000000000 -0400
+++ boinc-6.2.18-mp/checkin_notes	2009-01-14 14:05:04.000000000 -0500
@@ -1,3 +1,13 @@
+David  Jan 12 2009 
+    - lib: check return values of RSA_*() functions. 
+       Also fix a memory leak, missing RSA_free(). 
+       Fixes #823. 
+
+    lib/ 
+       crypt.cpp 
+       error_numbers.h 
+       str_util.cpp 
+
 David  Jan 1 2008
     - fixed bug in upgrade
 
diff -Naur boinc-6.2.18/lib/crypt.C boinc-6.2.18-mp/lib/crypt.C
--- boinc-6.2.18/lib/crypt.C	2008-08-25 16:27:59.000000000 -0400
+++ boinc-6.2.18-mp/lib/crypt.C	2009-01-14 14:08:24.000000000 -0500
@@ -210,7 +210,7 @@
 // The output block must be decrypted in its entirety.
 //
 int encrypt_private(R_RSA_PRIVATE_KEY& key, DATA_BLOCK& in, DATA_BLOCK& out) {
-    int n, modulus_len;
+    int n, modulus_len, retval;
 
     modulus_len = (key.bits+7)/8;
     n = in.len;
@@ -219,17 +219,27 @@
     }
     RSA* rp = RSA_new();
     private_to_openssl(key, rp);
-    RSA_private_encrypt(n, in.data, out.data, rp, RSA_PKCS1_PADDING);
+    retval = RSA_private_encrypt(n, in.data, out.data, rp, RSA_PKCS1_PADDING);
+    if (retval < 0) { 
+	RSA_free(rp); 
+	return ERR_CRYPTO; 
+    } 
     out.len = RSA_size(rp);
     RSA_free(rp);
     return 0;
 }
 
 int decrypt_public(R_RSA_PUBLIC_KEY& key, DATA_BLOCK& in, DATA_BLOCK& out) {
+    int retval; 
     RSA* rp = RSA_new();
     public_to_openssl(key, rp);
-    RSA_public_decrypt(in.len, in.data, out.data, rp, RSA_PKCS1_PADDING);
+    retval = RSA_public_decrypt(in.len, in.data, out.data, rp, RSA_PKCS1_PADDING);
+    if (retval < 0) { 
+	RSA_free(rp); 
+	return ERR_CRYPTO; 
+    } 
     out.len = RSA_size(rp);
+    RSA_free(rp); 
     return 0;
 }
 
diff -Naur boinc-6.2.18/lib/error_numbers.h boinc-6.2.18-mp/lib/error_numbers.h
--- boinc-6.2.18/lib/error_numbers.h	2008-08-25 16:27:59.000000000 -0400
+++ boinc-6.2.18-mp/lib/error_numbers.h	2009-01-14 14:12:59.000000000 -0500
@@ -187,6 +187,7 @@
 #define ERR_CHILD_FAILED    -228
 #define ERR_SYMLINK         -229
 #define ERR_DB_CONN_LOST    -230
+#define ERR_CRYPTO           -231
 
 // PLEASE: add a text description of your error to 
 // the text description function boincerror() in str_util.C.
diff -Naur boinc-6.2.18/lib/str_util.C boinc-6.2.18-mp/lib/str_util.C
--- boinc-6.2.18/lib/str_util.C	2008-08-25 16:27:59.000000000 -0400
+++ boinc-6.2.18-mp/lib/str_util.C	2009-01-14 14:13:57.000000000 -0500
@@ -735,6 +735,7 @@
         case ERR_BAD_FILENAME: return "file name is empty or has '..'";
         case ERR_TOO_MANY_EXITS: return "application exited too many times";
         case ERR_RMDIR: return "rmdir() failed";
+        case ERR_CRYPTO: return "encryption error";
         case 404: return "HTTP file not found";
         case 407: return "HTTP proxy authentication failure";
         case 416: return "HTTP range request error";