From ba3caa56963640507391feec47e3cc1b7491509a Mon Sep 17 00:00:00 2001
From: Anton Moryakov <ant.v.moryakov@gmail.com>
Date: Wed, 27 Aug 2025 13:58:24 +0300
Subject: [PATCH] keymgmt_from_algorithm(): Fix unchecked return of
 ossl_provider_up_ref

The ossl_provider_up_ref() call in keymgmt_from_algorithm() was not
checking its return value, unlike other similar calls in the codebase.
This could lead to inconsistent reference counting if the up-ref failed.

Now the return value is checked, and if the up-ref fails, the keymgmt
is freed and an error is raised, ensuring consistent cleanup.

Signed-off-by: Anton Moryakov <ant.v.moryakov@gmail.com>

Reviewed-by: Norbert Pocs <norbertp@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28353)
---
 crypto/evp/keymgmt_meth.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/crypto/evp/keymgmt_meth.c b/crypto/evp/keymgmt_meth.c
index f57153b2c1a..7efab623270 100644
--- a/crypto/evp/keymgmt_meth.c
+++ b/crypto/evp/keymgmt_meth.c
@@ -261,8 +261,11 @@ static void *keymgmt_from_algorithm(int name_id,
         return NULL;
     }
     keymgmt->prov = prov;
-    if (prov != NULL)
-        ossl_provider_up_ref(prov);
+    if (prov != NULL && !ossl_provider_up_ref(prov)) {
+        EVP_KEYMGMT_free(keymgmt);
+        ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
+        return NULL;
+    }
 
 #ifndef FIPS_MODULE
     keymgmt->legacy_alg = get_legacy_alg_type_from_keymgmt(keymgmt);
-- 
2.47.3