Release cipher_data on error path too for EVP_CTRL_INIT and EVP_CTRL_COPY

[torben-hansen]

Description of changes:

On the error-path, which I don't think is actually reachable right now, cipher_data should be released, otherwise it would/can leak. It's not exactly likely a context would ever be re-used in the error case, but who knows. It doesn't cost anything to gate it.

Testing:

Two tests, exercising the error path and test new assertion.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.

[codecov-commenter]

Codecov Report

❌ Patch coverage is 82.14286% with 5 lines in your changes missing coverage. Please review.
✅ Project coverage is 78.15%. Comparing base (0109d48) to head (3317fc4).

Files with missing lines	Patch %	Lines
crypto/cipher_extra/cipher_test.cc	79.16%	3 Missing and 2 partials ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #3243      +/-   ##
==========================================
- Coverage   78.36%   78.15%   -0.22%     
==========================================
  Files         689      689              
  Lines      123265   123291      +26     
  Branches    17143    17143              
==========================================
- Hits        96602    96354     -248     
- Misses      25752    26025     +273     
- Partials      911      912       +1     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[justsmth]

Returning 1 means SUCCESS, not failure:

// Mock ciphers used to exercise the error paths in |EVP_CipherInit_ex| and
// |EVP_CIPHER_CTX_copy|. The mocks need |ctx_size| != 0, otherwise
// |cipher_data| is not allocated before the ctrl callback runs, which is
// what |InitErrorPathReleasesCipherData| and |CopyErrorPathReleasesCipherData|
// test is free'd on the error path.
static int mock_noop_init(EVP_CIPHER_CTX *, const uint8_t *, const uint8_t *,
                          int) {
  return 1;
}

static int mock_noop_cipher(EVP_CIPHER_CTX *, uint8_t *, const uint8_t *,
                            size_t) {
  return 1;
}

static int mock_failing_init_ctrl(EVP_CIPHER_CTX *, int type, int, void *) {
  if (type == EVP_CTRL_INIT) {
    return 0;
  }
  return -1;
}

[torben-hansen]

Right. The namespace is used for mocking a failing cipher operation not for the each individual cipher. So, on the side of not changing name.