This is a suggested solution to the issue I describe in issue #527.
By moving the decrement of obj->refcnt to after the if-section for obj->evp_key the counter will not be decremented twice if obj->evp_key is true and we get another call as result of the EVP_PKEY_free().
Without this patch the decrement will be done twice and the comparison with 0 will fail since the value goes negative. This means that the cleanup code at the end is never run.
As far as I can see there shouldn't be scenarios where the current behavior is wanted, but I of course do not have the big picture as clear as you have.
This is a suggested solution to the issue I describe in issue #527.
By moving the decrement of
obj->refcntto after the if-section forobj->evp_keythe counter will not be decremented twice ifobj->evp_keyistrueand we get another call as result of theEVP_PKEY_free().Without this patch the decrement will be done twice and the comparison with
0will fail since the value goes negative. This means that the cleanup code at the end is never run.As far as I can see there shouldn't be scenarios where the current behavior is wanted, but I of course do not have the big picture as clear as you have.