Rework pkey_dsa_keygen()

Very similar to pkey_dh_keygen(): single exit and hold on to an extra reference by calling EVP_PKEY_set1_DSA() instead of assigning the DSA to the pkey. "Fixes" another leak that Coverity missed. ok jsing
author: tb <> 2023-12-28 22:07:23 +0000
committer: tb <> 2023-12-28 22:07:23 +0000
commit: 1a97887b534c60ad7359cc3059cc7de91eab190d (patch)
tree: 4293afa06b7ba4c6226d7e42b32b6f2dd2c085fc
parent: f17548a214654a2b6d13345be9dd4218a9a20182 (diff)
download: openbsd-1a97887b534c60ad7359cc3059cc7de91eab190d.tar.gz
openbsd-1a97887b534c60ad7359cc3059cc7de91eab190d.tar.bz2
openbsd-1a97887b534c60ad7359cc3059cc7de91eab190d.zip
1 files changed, 18 insertions, 9 deletions
diff --git a/src/lib/libcrypto/dsa/dsa_pmeth.c b/src/lib/libcrypto/dsa/dsa_pmeth.c
index 9b03a2fc3a..dff47ed348 100644
--- a/src/lib/libcrypto/dsa/dsa_pmeth.c
+++ b/src/lib/libcrypto/dsa/dsa_pmeth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dsa_pmeth.c,v 1.17 2023/04/25 15:48:48 tb Exp $ */
+/* $OpenBSD: dsa_pmeth.c,v 1.18 2023/12/28 22:07:23 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2006.
 */
@@ -314,19 +314,28 @@ static int
 pkey_dsa_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
 {
        DSA *dsa = NULL;
+        int ret = 0;
        if (ctx->pkey == NULL) {
                DSAerror(DSA_R_NO_PARAMETERS_SET);
-                return 0;
+                goto err;
        }
-        dsa = DSA_new();
+        if ((dsa = DSA_new()) == NULL)
-        if (!dsa)
+                goto err;
-                return 0;
+        if (!EVP_PKEY_set1_DSA(pkey, dsa))
-        EVP_PKEY_assign_DSA(pkey, dsa);
+                goto err;
-        /* Note: if error return, pkey is freed by parent routine */
        if (!EVP_PKEY_copy_parameters(pkey, ctx->pkey))
-                return 0;
+                goto err;
-        return DSA_generate_key(pkey->pkey.dsa);
+        if (!DSA_generate_key(dsa))
+                goto err;
+        ret = 1;
+ err:
+        DSA_free(dsa);
+        return ret;
 }
 const EVP_PKEY_METHOD dsa_pkey_meth = {
author	tb <>	2023-12-28 22:07:23 +0000
committer	tb <>	2023-12-28 22:07:23 +0000
commit	1a97887b534c60ad7359cc3059cc7de91eab190d (patch)
tree	4293afa06b7ba4c6226d7e42b32b6f2dd2c085fc
parent	f17548a214654a2b6d13345be9dd4218a9a20182 (diff)
download	openbsd-1a97887b534c60ad7359cc3059cc7de91eab190d.tar.gz openbsd-1a97887b534c60ad7359cc3059cc7de91eab190d.tar.bz2 openbsd-1a97887b534c60ad7359cc3059cc7de91eab190d.zip

diff --git a/src/lib/libcrypto/dsa/dsa_pmeth.c b/src/lib/libcrypto/dsa/dsa_pmeth.c index 9b03a2fc3a..dff47ed348 100644 --- a/src/lib/libcrypto/dsa/dsa_pmeth.c +++ b/src/lib/libcrypto/dsa/dsa_pmeth.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: dsa_pmeth.c,v 1.17 2023/04/25 15:48:48 tb Exp $ */	1	/* $OpenBSD: dsa_pmeth.c,v 1.18 2023/12/28 22:07:23 tb Exp $ */
2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL	2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3	* project 2006.	3	* project 2006.
4	*/	4	*/
@@ -314,19 +314,28 @@ static int
314	pkey_dsa_keygen(EVP_PKEY_CTX ctx, EVP_PKEY pkey)	314	pkey_dsa_keygen(EVP_PKEY_CTX ctx, EVP_PKEY pkey)
315	{	315	{
316	DSA *dsa = NULL;	316	DSA *dsa = NULL;
		317	int ret = 0;
317		318
318	if (ctx->pkey == NULL) {	319	if (ctx->pkey == NULL) {
319	DSAerror(DSA_R_NO_PARAMETERS_SET);	320	DSAerror(DSA_R_NO_PARAMETERS_SET);
320	return 0;	321	goto err;
321	}	322	}
322	dsa = DSA_new();	323	if ((dsa = DSA_new()) == NULL)
323	if (!dsa)	324	goto err;
324	return 0;	325	if (!EVP_PKEY_set1_DSA(pkey, dsa))
325	EVP_PKEY_assign_DSA(pkey, dsa);	326	goto err;
326	/* Note: if error return, pkey is freed by parent routine */	327
327	if (!EVP_PKEY_copy_parameters(pkey, ctx->pkey))	328	if (!EVP_PKEY_copy_parameters(pkey, ctx->pkey))
328	return 0;	329	goto err;
329	return DSA_generate_key(pkey->pkey.dsa);	330	if (!DSA_generate_key(dsa))
		331	goto err;
		332
		333	ret = 1;
		334
		335	err:
		336	DSA_free(dsa);
		337
		338	return ret;
330	}	339	}
331		340
332	const EVP_PKEY_METHOD dsa_pkey_meth = {	341	const EVP_PKEY_METHOD dsa_pkey_meth = {