kmac_prov.c.in: avoid resource leak on kmac_new_decoder fail in kmac_fetch_new

kctx was not freed in a case of kmac_new_decoder failure;  consolidate
all the error paths under the "err:" label and jump to it on kmac_new_decoder()
returning 0.

Fixes: d5efc853796b "kmac: avoid using ossl_prov_digest_load_from_params()"
Resolves: https://github.com/openssl/project/issues/1419
Resolves: https://scan5.scan.coverity.com/#/project-view/65248/10222?selectedIssue=1453634
Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28516)

diff --git a/providers/implementations/macs/kmac_prov.c.in b/providers/implementations/macs/kmac_prov.c.in
index a1cf8ea2bb8715c7d6b2747f30df9376767e5e4d..6046d2ddcc7ef2da7197bb7efdc711d34b5c072e 100644 (file)
--- a/providers/implementations/macs/kmac_prov.c.in
+++ b/providers/implementations/macs/kmac_prov.c.in
@@ -203,21 +203,23 @@ static void *kmac_fetch_new(void *provctx, const OSSL_PARAM *params)
     struct kmac_new_st p;
     int md_size;
 
-    if (kctx == NULL || !kmac_new_decoder(params, &p))
+    if (kctx == NULL)
         return 0;
+    if (!kmac_new_decoder(params, &p))
+        goto err;
     if (!ossl_prov_digest_load(&kctx->digest, p.digest, p.propq, p.engine,
-                               PROV_LIBCTX_OF(provctx))) {
-        kmac_free(kctx);
-        return 0;
-    }
+                               PROV_LIBCTX_OF(provctx)))
+        goto err;
 
     md_size = EVP_MD_get_size(ossl_prov_digest_md(&kctx->digest));
-    if (md_size <= 0) {
-        kmac_free(kctx);
-        return 0;
-    }
+    if (md_size <= 0)
+        goto err;
     kctx->out_len = (size_t)md_size;
     return kctx;
+
+err:
+    kmac_free(kctx);
+    return NULL;
 }
 
 static void *kmac128_new(void *provctx)