From 791afc0d63f6985227ea18752ccb12fa0987c420 Mon Sep 17 00:00:00 2001
From: Paul Kehrer <paul.l.kehrer@gmail.com>
Date: Thu, 5 Mar 2015 14:29:28 -0600
Subject: fix a memory leak pointed out by @aftbit and improve changelog
 phrasing

---
 CHANGELOG.rst                                       | 2 +-
 src/cryptography/hazmat/backends/openssl/backend.py | 2 ++
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.rst b/CHANGELOG.rst
index ce2d3f0b..70fd7a53 100644
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -81,7 +81,7 @@ Changelog
 * Updated Windows wheels to be compiled against OpenSSL 1.0.2.
 * :func:`~cryptography.hazmat.primitives.serialization.load_pem_public_key`
   and :func:`~cryptography.hazmat.primitives.serialization.load_der_public_key`
-  now support PKCS1 RSA public keys (previously these functions supported
+  now support PKCS1 RSA public keys (in addition to the previous support for
   SubjectPublicKeyInfo format for RSA, EC, and DSA).
 * Added
   :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKeyWithSerialization`
diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py
index 613931f7..65c26ba8 100644
--- a/src/cryptography/hazmat/backends/openssl/backend.py
+++ b/src/cryptography/hazmat/backends/openssl/backend.py
@@ -708,6 +708,7 @@ class Backend(object):
                 mem_bio.bio, self._ffi.NULL, self._ffi.NULL, self._ffi.NULL
             )
             if rsa_cdata != self._ffi.NULL:
+                rsa_cdata = self._ffi.gc(rsa_cdata, self._lib.RSA_free)
                 return _RSAPublicKey(self, rsa_cdata)
             else:
                 self._handle_key_loading_error()
@@ -789,6 +790,7 @@ class Backend(object):
                 mem_bio.bio, self._ffi.NULL
             )
             if rsa_cdata != self._ffi.NULL:
+                rsa_cdata = self._ffi.gc(rsa_cdata, self._lib.RSA_free)
                 return _RSAPublicKey(self, rsa_cdata)
             else:
                 self._handle_key_loading_error()
-- 
cgit v1.2.3