It seems that an OSSL_FUNC_DECODER_DECODE function dynamically allocates space for a key, sets up an OSSL_OBJECT_PARAM_REFERENCE with the address of a pointer to the key, and passes that to data_cb(), which (typically) calls an OSSL_FUNC_KEYMGMT_LOAD function to copy that pointer into a previously allocated key-management object. After data_cb() returns, the OSSL_FUNC_DECODER_DECODE function passes the pointer to *_free(), so (to avoid use-after-free, double-free, and memory leaks) it's critical for the OSSL_FUNC_KEYMGMT_LOAD function to have set the pointer to 0 (via the supplied address) if and only if it in fact copied the pointer. Did I get the memory-management responsibilities straight here? This is extrapolating from code; I wasn't able to find documentation on point. ---D. J. Bernstein
Attachment:
signature.asc
Description: PGP signature
