From 0de951ba9a590d2cd856481bf56cd12b485c7b07 Mon Sep 17 00:00:00 2001
From: Dmitry Belyavskiy <beldmit@gmail.com>
Date: Fri, 29 Aug 2025 15:42:04 +0200
Subject: [PATCH] Correctly dealing with refcount in EVP_SKEY

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28369)
---
 crypto/evp/s_lib.c | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/crypto/evp/s_lib.c b/crypto/evp/s_lib.c
index b8cf42260c0..15d16a05a60 100644
--- a/crypto/evp/s_lib.c
+++ b/crypto/evp/s_lib.c
@@ -47,8 +47,12 @@ static EVP_SKEY *evp_skey_alloc(EVP_SKEYMGMT *skeymgmt)
         ERR_raise(ERR_LIB_EVP, ERR_R_CRYPTO_LIB);
         goto err;
     }
-    skey->skeymgmt = skeymgmt;
-    return skey;
+    if (EVP_SKEYMGMT_up_ref(skeymgmt)) {
+        skey->skeymgmt = skeymgmt;
+        return skey;
+    } else {
+        goto err;
+    }
 
  err:
     CRYPTO_FREE_REF(&skey->references);
@@ -78,8 +82,7 @@ static EVP_SKEY *evp_skey_alloc_fetch(OSSL_LIB_CTX *libctx,
     }
 
     skey = evp_skey_alloc(skeymgmt);
-    if (skey == NULL)
-        EVP_SKEYMGMT_free(skeymgmt);
+    EVP_SKEYMGMT_free(skeymgmt);
 
     return skey;
 }
-- 
2.47.3