RT4047: Set reference count earlier

Make sure it's valid very early.

Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>

crypto/asn1/x_pkey.c

@@ -70,11 +70,12 @@ X509_PKEY *X509_PKEY_new(void)
     if (!ret)
         goto err;
 
+    ret->references = 1;
     ret->enc_algor = X509_ALGOR_new();
     ret->enc_pkey = ASN1_OCTET_STRING_new();
     if (!ret->enc_algor || !ret->enc_pkey)
         goto err;
-    ret->references = 1;
+
     return ret;
 err:
     X509_PKEY_free(ret);

ssl/ssl_cert.c

@@ -192,6 +192,7 @@ CERT *ssl_cert_dup(CERT *cert)
         return (NULL);
     }
 
+    ret->references = 1;
     ret->key = &ret->pkeys[cert->key - cert->pkeys];
 
 #ifndef OPENSSL_NO_RSA
@@ -278,7 +279,6 @@ CERT *ssl_cert_dup(CERT *cert)
         }
     }
 
-    ret->references = 1;
     /* Configured sigalgs copied across */
     if (cert->conf_sigalgs) {
         ret->conf_sigalgs = OPENSSL_malloc(cert->conf_sigalgslen);

ssl/ssl_lib.c

@@ -286,6 +286,7 @@ SSL *SSL_new(SSL_CTX *ctx)
     s->options = ctx->options;
     s->mode = ctx->mode;
     s->max_cert_list = ctx->max_cert_list;
+    s->references = 1;
 
     /*
      * Earlier library versions used to copy the pointer to the CERT, not
@@ -372,7 +373,6 @@ SSL *SSL_new(SSL_CTX *ctx)
     if (!s->method->ssl_new(s))
         goto err;
 
-    s->references = 1;
     s->server = (ctx->method->ssl_accept == ssl_undefined_function) ? 0 : 1;
 
     if (!SSL_clear(s))