keymgmt_from_algorithm(): Fix unchecked return of ossl_provider_up_ref

The ossl_provider_up_ref() call in keymgmt_from_algorithm() was not
checking its return value, unlike other similar calls in the codebase.
This could lead to inconsistent reference counting if the up-ref failed.

Now the return value is checked, and if the up-ref fails, the keymgmt
is freed and an error is raised, ensuring consistent cleanup.

Signed-off-by: Anton Moryakov <ant.v.moryakov@gmail.com>
Reviewed-by: Norbert Pocs <norbertp@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28353)

diff --git a/crypto/evp/keymgmt_meth.c b/crypto/evp/keymgmt_meth.c
index f57153b2c1a1de846d29046d1752b5cb1a572147..7efab6232703a36a5cf0c61e1b81da300ef5a3af 100644 (file)
--- a/crypto/evp/keymgmt_meth.c
+++ b/crypto/evp/keymgmt_meth.c
@@ -261,8 +261,11 @@ static void *keymgmt_from_algorithm(int name_id,
         return NULL;
     }
     keymgmt->prov = prov;
-    if (prov != NULL)
-        ossl_provider_up_ref(prov);
+    if (prov != NULL && !ossl_provider_up_ref(prov)) {
+        EVP_KEYMGMT_free(keymgmt);
+        ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
+        return NULL;
+    }
 
 #ifndef FIPS_MODULE
     keymgmt->legacy_alg = get_legacy_alg_type_from_keymgmt(keymgmt);