diff --git a/changes/bug20553 b/changes/bug20553
new file mode 100644
index 000000000..12a278030
--- /dev/null
+++ b/changes/bug20553
@@ -0,0 +1,3 @@
+  o Minor bugfixes (memory leak):
+    - Work around a memory leak in OpenSSL 1.1 when encoding public keys.
+      Fixes bug 20553; bugfix on 0.0.2pre8.
diff --git a/src/common/crypto.c b/src/common/crypto.c
index 2b96324d3..c5d07dfb6 100644
--- a/src/common/crypto.c
+++ b/src/common/crypto.c
@@ -755,14 +755,13 @@ crypto_pk_write_key_to_string_impl(crypto_pk_t *env, char **dest,
   }
 
   BIO_get_mem_ptr(b, &buf);
-  (void)BIO_set_close(b, BIO_NOCLOSE); /* so BIO_free doesn't free buf */
-  BIO_free(b);
 
   *dest = tor_malloc(buf->length+1);
   memcpy(*dest, buf->data, buf->length);
   (*dest)[buf->length] = 0; /* nul terminate it */
   *len = buf->length;
-  BUF_MEM_free(buf);
+
+  BIO_free(b);
 
   return 0;
 }
diff --git a/src/tools/tor-gencert.c b/src/tools/tor-gencert.c
index 5f2cd3a92..ed6c0667a 100644
--- a/src/tools/tor-gencert.c
+++ b/src/tools/tor-gencert.c
@@ -429,12 +429,11 @@ key_to_string(EVP_PKEY *key)
   }
 
   BIO_get_mem_ptr(b, &buf);
-  (void) BIO_set_close(b, BIO_NOCLOSE);
-  BIO_free(b);
   result = tor_malloc(buf->length + 1);
   memcpy(result, buf->data, buf->length);
   result[buf->length] = 0;
-  BUF_MEM_free(buf);
+
+  BIO_free(b);
 
   RSA_free(rsa);
   return result;