From a441f0de270097e4cecdc9542c5c92c4eb391644 Mon Sep 17 00:00:00 2001
From: Yann Ylavic <ylavic@apache.org>
Date: Mon, 6 Nov 2023 10:53:28 +0000
Subject: [PATCH] md_crypt: Fix potential memory leak with openssl < 3.

EVP_PKEY_get1_RSA()'s returned value should be EVP_PKEY_free()d, but
we can use EVP_PKEY_get0_RSA() here.



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1913616 13f79535-47bb-0310-9956-ffa450edef68
---
 modules/md/md_crypt.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/modules/md/md_crypt.c b/modules/md/md_crypt.c
index e0b1a2f75a2..4b2af89a040 100644
--- a/modules/md/md_crypt.c
+++ b/modules/md/md_crypt.c
@@ -992,7 +992,7 @@ static const char *bn64(const BIGNUM *b, apr_pool_t *p)
 const char *md_pkey_get_rsa_e64(md_pkey_t *pkey, apr_pool_t *p)
 {
 #if OPENSSL_VERSION_NUMBER < 0x30000000L
-    RSA *rsa = EVP_PKEY_get1_RSA(pkey->pkey);
+    const RSA *rsa = EVP_PKEY_get0_RSA(pkey->pkey);
     if (rsa) {
         const BIGNUM *e;
         RSA_get0_key(rsa, NULL, &e, NULL);
@@ -1012,7 +1012,7 @@ const char *md_pkey_get_rsa_e64(md_pkey_t *pkey, apr_pool_t *p)
 const char *md_pkey_get_rsa_n64(md_pkey_t *pkey, apr_pool_t *p)
 {
 #if OPENSSL_VERSION_NUMBER < 0x30000000L
-    RSA *rsa = EVP_PKEY_get1_RSA(pkey->pkey);
+    const RSA *rsa = EVP_PKEY_get0_RSA(pkey->pkey);
     if (rsa) {
         const BIGNUM *n;
         RSA_get0_key(rsa, &n, NULL, NULL);