evp_keyex_init is called from two locations. Both of them assume that if the functions returns zero (success) the ownership of pkey is transferred to evp_pkey_init, or if the function returns non-zero (failure) the reference count of pkey remains as-is.
However, evp_keyex_init has been inconsistent in what to do upon failure; it has been retaining reference count as-is if malloc failed, but has been decrementing the reference count if EVP_PKEY_get1_tls_encodedpoint failed.
This PR address the latter, making sure that if an error is returned the reference count remains as-is.
evp_keyex_init
is called from two locations. Both of them assume that if the functions returns zero (success) the ownership ofpkey
is transferred toevp_pkey_init
, or if the function returns non-zero (failure) the reference count ofpkey
remains as-is.However,
evp_keyex_init
has been inconsistent in what to do upon failure; it has been retaining reference count as-is ifmalloc
failed, but has been decrementing the reference count ifEVP_PKEY_get1_tls_encodedpoint
failed.This PR address the latter, making sure that if an error is returned the reference count remains as-is.