EVP: fix reference counting for EVP_CIPHER.

Under some circumstances, the reference count for a cipher wasn't updated properly. This shows up best when fetches are not being queried but would be possible if the cache flushed at a bad time. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14126)
author: Pauli <ppzgs1@gmail.com> 2021-02-08 04:38:21 +0300
committer: Pauli <ppzgs1@gmail.com> 2021-02-12 05:28:55 +0300
commit: aea01d13135565680c7b1bc74222f5b2bf3f66c4 (patch)
tree: 7077e5b2375140c999aae2fb5a3ddc0900aa98fd /crypto/evp/evp_enc.c
parent: 7dce37e2ec3d580eccce65c32f8d60dea600a28a (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c
index eb8c0faf14..b804d74914 100644
--- a/crypto/evp/evp_enc.c
+++ b/crypto/evp/evp_enc.c
@@ -182,6 +182,14 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
 #endif
     }
 
+    if (cipher->prov != NULL) {
+        if (!EVP_CIPHER_up_ref((EVP_CIPHER *)cipher)) {
+            ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
+            return 0;
+        }
+        EVP_CIPHER_free(ctx->fetched_cipher);
+        ctx->fetched_cipher = (EVP_CIPHER *)cipher;
+    }
     ctx->cipher = cipher;
     if (ctx->provctx == NULL) {
         ctx->provctx = ctx->cipher->newctx(ossl_provider_ctx(cipher->prov));
author	Pauli <ppzgs1@gmail.com>	2021-02-08 04:38:21 +0300
committer	Pauli <ppzgs1@gmail.com>	2021-02-12 05:28:55 +0300
commit	aea01d13135565680c7b1bc74222f5b2bf3f66c4 (patch)
tree	7077e5b2375140c999aae2fb5a3ddc0900aa98fd /crypto/evp/evp_enc.c
parent	7dce37e2ec3d580eccce65c32f8d60dea600a28a (diff)