> 2. For some reason the following code does not work - subsequent requests
> that involve pub key fail:
>
> dup_ekey = EVP_PKEY_get1_EC_KEY(pubkey);
> group = (EC_GROUP*) EC_KEY_get0_group(dup_ekey);
> nid = EC_GROUP_get_curve_name(group);
> printf("wrap: Deriving ECC keys over curve \"%s\"\n",
> EC_curve_nid2nist(nid));
> EC_GROUP_free(group);
>
> EC_KEY_free(dup_ekey);
>
> But if I move the two XXX_free() calls to the end of the function -
> everything is fine. So in my working version of the code these lines are
> just before the return, after everything has been done. But I don?t
> understand why it behaves that way, given the man pages here:
> https://www.openssl.org/docs/man1.0.2/crypto/EVP_PKEY_set1_RSA.html
get0 means the reference count was _not_ bumped, so the object should
not be free'd.
get1 means the reference count was incremented, and it needs an
accompanying free on the object.
I think the call to `EC_GROUP_free(group)` is superfluous and causing
memory corruption/double free.
Jeff
