Commit ba3caa5696 for openssl.org

commit ba3caa56963640507391feec47e3cc1b7491509a
Author: Anton Moryakov <ant.v.moryakov@gmail.com>
Date:   Wed Aug 27 13:58:24 2025 +0300

    keymgmt_from_algorithm(): Fix unchecked return of ossl_provider_up_ref

    The ossl_provider_up_ref() call in keymgmt_from_algorithm() was not
    checking its return value, unlike other similar calls in the codebase.
    This could lead to inconsistent reference counting if the up-ref failed.

    Now the return value is checked, and if the up-ref fails, the keymgmt
    is freed and an error is raised, ensuring consistent cleanup.

    Signed-off-by: Anton Moryakov <ant.v.moryakov@gmail.com>

    Reviewed-by: Norbert Pocs <norbertp@openssl.org>
    Reviewed-by: Paul Dale <paul.dale@oracle.com>
    Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
    (Merged from https://github.com/openssl/openssl/pull/28353)

diff --git a/crypto/evp/keymgmt_meth.c b/crypto/evp/keymgmt_meth.c
index f57153b2c1..7efab62327 100644
--- a/crypto/evp/keymgmt_meth.c
+++ b/crypto/evp/keymgmt_meth.c
@@ -261,8 +261,11 @@ static void *keymgmt_from_algorithm(int name_id,
         return NULL;
     }
     keymgmt->prov = prov;
-    if (prov != NULL)
-        ossl_provider_up_ref(prov);
+    if (prov != NULL && !ossl_provider_up_ref(prov)) {
+        EVP_KEYMGMT_free(keymgmt);
+        ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
+        return NULL;
+    }

 #ifndef FIPS_MODULE
     keymgmt->legacy_alg = get_legacy_alg_type_from_keymgmt(keymgmt);