Clean up and fix pkey_cmac_keygen()

A void pointer can be passed without any cast or assigning it to an
intermediate variable. That's one of hte puzzling things in old OpenSSL
code: there are plenty of unnecessary casts and assignments of void
pointers.

Make use of this fact and rework the function to be single exit, error
check consistently, including the EVP_PKEY_assign() call that can't
really fail and free the cmkey on exit.

Why coverity didn't flag this one is another mystery.

ok jsing

1 files changed, 16 insertions, 11 deletions

diff --git a/src/lib/libcrypto/cmac/cm_pmeth.c b/src/lib/libcrypto/cmac/cm_pmeth.c
index fa2d53e53d..03538e204e 100644
--- a/src/lib/libcrypto/cmac/cm_pmeth.c
+++ b/src/lib/libcrypto/cmac/cm_pmeth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: cm_pmeth.c,v 1.11 2023/11/29 21:35:57 tb Exp $ */
+/* $OpenBSD: cm_pmeth.c,v 1.12 2023/12/28 21:56:12 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2010.
  */
@@ -92,18 +92,23 @@ pkey_cmac_cleanup(EVP_PKEY_CTX *ctx)
 static int
 pkey_cmac_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
 {
-        CMAC_CTX *cmkey = CMAC_CTX_new();
-        CMAC_CTX *cmctx = ctx->data;
+        CMAC_CTX *cmkey;
+        int ret = 0;
 
-        if (!cmkey)
-                return 0;
-        if (!CMAC_CTX_copy(cmkey, cmctx)) {
-                CMAC_CTX_free(cmkey);
-                return 0;
-        }
-        EVP_PKEY_assign(pkey, EVP_PKEY_CMAC, cmkey);
+        if ((cmkey = CMAC_CTX_new()) == NULL)
+                goto err;
+        if (!CMAC_CTX_copy(cmkey, ctx->data))
+                goto err;
+        if (!EVP_PKEY_assign(pkey, EVP_PKEY_CMAC, cmkey))
+                goto err;
+        cmkey = NULL;
 
-        return 1;
+        ret = 1;
+
+ err:
+        CMAC_CTX_free(cmkey);
+
+        return ret;
 }
 
 static int