From eba63ef58b29c38f2849e0bc28f26f9b563fa0bb Mon Sep 17 00:00:00 2001
From: Nils Larsch <nils@openssl.org>
Date: Mon, 8 Aug 2005 20:02:18 +0000
Subject: [PATCH] a ssl object needs it's own instance of a ecdh key; remove
 obsolete comment

---
 ssl/s3_lib.c   | 6 +++---
 ssl/ssl_cert.c | 9 ++++++---
 2 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index e98f62900f..f9d536e229 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -1797,12 +1797,12 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
 			SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_ECDH_LIB);
 			return 0;
 			}
-		if (!EC_KEY_up_ref((EC_KEY *)parg))
+		ecdh = EC_KEY_dup((EC_KEY *)parg);
+		if (ecdh == NULL)
 			{
-			SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_ECDH_LIB);
+			SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_EC_LIB);
 			return 0;
 			}
-		ecdh = (EC_KEY *)parg;
 		if (!(ctx->options & SSL_OP_SINGLE_ECDH_USE))
 			{
 			if (!EC_KEY_generate_key(ecdh))
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index 997528e97d..7908dcccdb 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -200,7 +200,6 @@ CERT *ssl_cert_dup(CERT *cert)
 #ifndef OPENSSL_NO_DH
 	if (cert->dh_tmp != NULL)
 		{
-		/* DH parameters don't have a reference count */
 		ret->dh_tmp = DHparams_dup(cert->dh_tmp);
 		if (ret->dh_tmp == NULL)
 			{
@@ -234,8 +233,12 @@ CERT *ssl_cert_dup(CERT *cert)
 #ifndef OPENSSL_NO_ECDH
 	if (cert->ecdh_tmp)
 		{
-		EC_KEY_up_ref(cert->ecdh_tmp);
-		ret->ecdh_tmp = cert->ecdh_tmp;
+		ret->ecdh_tmp = EC_KEY_dup(cert->ecdh_tmp);
+		if (ret->ecdh_tmp == NULL)
+			{
+			SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_EC_LIB);
+			goto err;
+			}
 		}
 	ret->ecdh_tmp_cb = cert->ecdh_tmp_cb;
 #endif
-- 
2.34.1