While you're there, all alloc error paths need to free sktmp and whatever else is done at `end:'. But I am not sure the X509_get_pubkey_parameters() needs to be performed upon error as well, despite the code disagreeing with me.
I mean, I would investigate, but my glasses just turned dark on me.
