fix memory allocation and reference counting issues

Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Kurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/21341)
author: Pauli <pauli@openssl.org> 2023-07-02 17:19:17 +1000
committer: Pauli <pauli@openssl.org> 2023-07-05 08:34:00 +1000
commit: 97beb77f319f119957235233396627bb22283da0 (patch)
tree: e2c58f0b0e46f90ca732da86e9a315a781622ed9 /crypto
parent: 52c362b3fe5ab9b1c44ec560820b242eb3df0e3b (diff)
7 files changed, 25 insertions, 13 deletions
diff --git a/crypto/bio/bio_lib.c b/crypto/bio/bio_lib.c
index 209b74730e..c0dfc6cc44 100644
--- a/crypto/bio/bio_lib.c
+++ b/crypto/bio/bio_lib.c
@@ -98,7 +98,6 @@ BIO *BIO_new_ex(OSSL_LIB_CTX *libctx, const BIO_METHOD *method)
     if (method->create != NULL && !method->create(bio)) {
         ERR_raise(ERR_LIB_BIO, ERR_R_INIT_FAIL);
         CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, bio, &bio->ex_data);
-        CRYPTO_FREE_REF(&bio->references);
         goto err;
     }
     if (method->create == NULL)
diff --git a/crypto/dh/dh_lib.c b/crypto/dh/dh_lib.c
index f774c04383..d67511f15c 100644
--- a/crypto/dh/dh_lib.c
+++ b/crypto/dh/dh_lib.c
@@ -85,8 +85,11 @@ static DH *dh_new_intern(ENGINE *engine, OSSL_LIB_CTX *libctx)
         return NULL;
     }
 
-    if (!CRYPTO_NEW_REF(&ret->references, 1))
-        goto err;
+    if (!CRYPTO_NEW_REF(&ret->references, 1)) {
+        CRYPTO_THREAD_lock_free(ret->lock);
+        OPENSSL_free(ret);
+        return NULL;
+    }
 
     ret->libctx = libctx;
     ret->meth = DH_get_default_method();
diff --git a/crypto/dsa/dsa_lib.c b/crypto/dsa/dsa_lib.c
index 03c4cb0c06..c2ae3bf158 100644
--- a/crypto/dsa/dsa_lib.c
+++ b/crypto/dsa/dsa_lib.c
@@ -144,8 +144,11 @@ static DSA *dsa_new_intern(ENGINE *engine, OSSL_LIB_CTX *libctx)
         return NULL;
     }
 
-    if (!CRYPTO_NEW_REF(&ret->references, 1))
-        goto err;
+    if (!CRYPTO_NEW_REF(&ret->references, 1)) {
+        CRYPTO_THREAD_lock_free(ret->lock);
+        OPENSSL_free(ret);
+        return NULL;
+    }
 
     ret->libctx = libctx;
     ret->meth = DSA_get_default_method();
diff --git a/crypto/ec/ec_kmeth.c b/crypto/ec/ec_kmeth.c
index ec68ab154e..3471a82d7c 100644
--- a/crypto/ec/ec_kmeth.c
+++ b/crypto/ec/ec_kmeth.c
@@ -86,6 +86,11 @@ EC_KEY *ossl_ec_key_new_method_int(OSSL_LIB_CTX *libctx, const char *propq,
     if (ret == NULL)
         return NULL;
 
+    if (!CRYPTO_NEW_REF(&ret->references, 1)) {
+        OPENSSL_free(ret);
+        return NULL;
+    }
+
     ret->libctx = libctx;
     if (propq != NULL) {
         ret->propq = OPENSSL_strdup(propq);
@@ -93,9 +98,6 @@ EC_KEY *ossl_ec_key_new_method_int(OSSL_LIB_CTX *libctx, const char *propq,
             goto err;
     }
 
-    if (!CRYPTO_NEW_REF(&ret->references, 1))
-        goto err;
-
     ret->meth = EC_KEY_get_default_method();
 #if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
     if (engine != NULL) {
@@ -133,7 +135,6 @@ EC_KEY *ossl_ec_key_new_method_int(OSSL_LIB_CTX *libctx, const char *propq,
     return ret;
 
  err:
-    CRYPTO_FREE_REF(&ret->references);
     EC_KEY_free(ret);
     return NULL;
 }
diff --git a/crypto/evp/evp_rand.c b/crypto/evp/evp_rand.c
index e8dfd32ff7..03458a090f 100644
--- a/crypto/evp/evp_rand.c
+++ b/crypto/evp/evp_rand.c
@@ -78,7 +78,10 @@ static void *evp_rand_new(void)
 {
     EVP_RAND *rand = OPENSSL_zalloc(sizeof(*rand));
 
-    if (rand == NULL || !CRYPTO_NEW_REF(&rand->refcnt, 1)) {
+    if (rand == NULL)
+        return NULL;
+
+    if (!CRYPTO_NEW_REF(&rand->refcnt, 1)) {
         OPENSSL_free(rand);
         return NULL;
     }
diff --git a/crypto/provider_core.c b/crypto/provider_core.c
index 5a7f603037..49a0eb8c46 100644
--- a/crypto/provider_core.c
+++ b/crypto/provider_core.c
@@ -443,7 +443,7 @@ static OSSL_PROVIDER *provider_new(const char *name,
     if ((prov = OPENSSL_zalloc(sizeof(*prov))) == NULL)
         return NULL;
     if (!CRYPTO_NEW_REF(&prov->refcnt, 1)) {
-        ossl_provider_free(prov);
+        OPENSSL_free(prov);
         return NULL;
     }
 #ifndef HAVE_ATOMICS
diff --git a/crypto/rsa/rsa_lib.c b/crypto/rsa/rsa_lib.c
index c591b8941d..1601e92ddb 100644
--- a/crypto/rsa/rsa_lib.c
+++ b/crypto/rsa/rsa_lib.c
@@ -86,8 +86,11 @@ static RSA *rsa_new_intern(ENGINE *engine, OSSL_LIB_CTX *libctx)
         return NULL;
     }
 
-    if (!CRYPTO_NEW_REF(&ret->references, 1))
-        goto err;
+    if (!CRYPTO_NEW_REF(&ret->references, 1)) {
+        CRYPTO_THREAD_lock_free(ret->lock);
+        OPENSSL_free(ret);
+        return NULL;
+    }
 
     ret->libctx = libctx;
     ret->meth = RSA_get_default_method();
author	Pauli <pauli@openssl.org>	2023-07-02 17:19:17 +1000
committer	Pauli <pauli@openssl.org>	2023-07-05 08:34:00 +1000
commit	97beb77f319f119957235233396627bb22283da0 (patch)
tree	e2c58f0b0e46f90ca732da86e9a315a781622ed9 /crypto
parent	52c362b3fe5ab9b1c44ec560820b242eb3df0e3b (diff)