From 0a9919b57c5018a25b17fb9d604a8be158d30e12 Mon Sep 17 00:00:00 2001
From: David Woodhouse <David.Woodhouse@intel.com>
Date: Tue, 12 Jun 2012 10:32:23 +0100
Subject: [PATCH] OpenSSL: Clean up leaks in TPM ENGINE handling

The key, in the ctx, holds a reference on the engine. We should be dropping
our own.

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
---
 openssl.c | 17 ++++++++++-------
 1 file changed, 10 insertions(+), 7 deletions(-)

diff --git a/openssl.c b/openssl.c
index 0ca95475..f454f65a 100644
--- a/openssl.c
+++ b/openssl.c
@@ -510,6 +510,8 @@ static int load_tpm_certificate(struct openconnect_info *vpninfo)
 	ENGINE *e;
 	EVP_PKEY *key;
 	UI_METHOD *meth = NULL;
+	int ret = 0;
+
 	ENGINE_load_builtin_engines();
 
 	e = ENGINE_by_id("tpm");
@@ -546,18 +548,19 @@ static int load_tpm_certificate(struct openconnect_info *vpninfo)
 		vpn_progress(vpninfo, PRG_ERR,
 			     _("Failed to load TPM private key\n"));
 		openconnect_report_ssl_errors(vpninfo);
-		ENGINE_free(e);
-		ENGINE_finish(e);
-		return -EINVAL;
+		ret = -EINVAL;
+		goto out;
 	}
 	if (!SSL_CTX_use_PrivateKey(vpninfo->https_ctx, key)) {
 		vpn_progress(vpninfo, PRG_ERR, _("Add key from TPM failed\n"));
 		openconnect_report_ssl_errors(vpninfo);
-		ENGINE_free(e);
-		ENGINE_finish(e);
-		return -EINVAL;
+		ret = -EINVAL;
 	}
-	return 0;
+	EVP_PKEY_free(key);
+ out:
+	ENGINE_finish(e);
+	ENGINE_free(e);
+	return ret;
 }
 #else
 static int load_tpm_certificate(struct openconnect_info *vpninfo)