Rework pkey_dh_keygen()

Single exit, fix error checking and hold on to the DH by keeping a reference. In other words, switch from EVP_PKEY_assign() to using EVP_PKEY_set1_DH() and free unconditionally in the error path. ok jsing
author: tb <> 2023-12-28 22:06:41 +0000
committer: tb <> 2023-12-28 22:06:41 +0000
commit: a2ec44f21cb7149881a7d2ec865bfe4822a0855a (patch)
tree: 8f02dcb52a16df9fdc942c939f21c7f11f701806
parent: da696300181170af441e4635858fb24e8a6273f3 (diff)
download: openbsd-a2ec44f21cb7149881a7d2ec865bfe4822a0855a.tar.gz
openbsd-a2ec44f21cb7149881a7d2ec865bfe4822a0855a.tar.bz2
openbsd-a2ec44f21cb7149881a7d2ec865bfe4822a0855a.zip
1 files changed, 19 insertions, 9 deletions
diff --git a/src/lib/libcrypto/dh/dh_pmeth.c b/src/lib/libcrypto/dh/dh_pmeth.c
index 7a598da27b..5a43acceff 100644
--- a/src/lib/libcrypto/dh/dh_pmeth.c
+++ b/src/lib/libcrypto/dh/dh_pmeth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dh_pmeth.c,v 1.13 2022/11/26 16:08:51 tb Exp $ */
+/* $OpenBSD: dh_pmeth.c,v 1.14 2023/12/28 22:06:41 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2006.
 */
@@ -215,19 +215,29 @@ static int
 pkey_dh_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
 {
        DH *dh = NULL;
+        int ret = 0;
        if (ctx->pkey == NULL) {
                DHerror(DH_R_NO_PARAMETERS_SET);
-                return 0;
+                goto err;
        }
-        dh = DH_new();
-        if (!dh)
+        if ((dh = DH_new()) == NULL)
-                return 0;
+                goto err;
-        EVP_PKEY_assign_DH(pkey, dh);
+        if (!EVP_PKEY_set1_DH(pkey, dh))
-        /* Note: if error return, pkey is freed by parent routine */
+                goto err;
        if (!EVP_PKEY_copy_parameters(pkey, ctx->pkey))
-                return 0;
+                goto err;
-        return DH_generate_key(pkey->pkey.dh);
+        if (!DH_generate_key(dh))
+                goto err;
+        ret = 1;
+ err:
+        DH_free(dh);
+        return ret;
 }
 static int
author	tb <>	2023-12-28 22:06:41 +0000
committer	tb <>	2023-12-28 22:06:41 +0000
commit	a2ec44f21cb7149881a7d2ec865bfe4822a0855a (patch)
tree	8f02dcb52a16df9fdc942c939f21c7f11f701806
parent	da696300181170af441e4635858fb24e8a6273f3 (diff)
download	openbsd-a2ec44f21cb7149881a7d2ec865bfe4822a0855a.tar.gz openbsd-a2ec44f21cb7149881a7d2ec865bfe4822a0855a.tar.bz2 openbsd-a2ec44f21cb7149881a7d2ec865bfe4822a0855a.zip

diff --git a/src/lib/libcrypto/dh/dh_pmeth.c b/src/lib/libcrypto/dh/dh_pmeth.c index 7a598da27b..5a43acceff 100644 --- a/src/lib/libcrypto/dh/dh_pmeth.c +++ b/src/lib/libcrypto/dh/dh_pmeth.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: dh_pmeth.c,v 1.13 2022/11/26 16:08:51 tb Exp $ */	1	/* $OpenBSD: dh_pmeth.c,v 1.14 2023/12/28 22:06:41 tb Exp $ */
2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL	2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3	* project 2006.	3	* project 2006.
4	*/	4	*/
@@ -215,19 +215,29 @@ static int
215	pkey_dh_keygen(EVP_PKEY_CTX ctx, EVP_PKEY pkey)	215	pkey_dh_keygen(EVP_PKEY_CTX ctx, EVP_PKEY pkey)
216	{	216	{
217	DH *dh = NULL;	217	DH *dh = NULL;
		218	int ret = 0;
218		219
219	if (ctx->pkey == NULL) {	220	if (ctx->pkey == NULL) {
220	DHerror(DH_R_NO_PARAMETERS_SET);	221	DHerror(DH_R_NO_PARAMETERS_SET);
221	return 0;	222	goto err;
222	}	223	}
223	dh = DH_new();	224
224	if (!dh)	225	if ((dh = DH_new()) == NULL)
225	return 0;	226	goto err;
226	EVP_PKEY_assign_DH(pkey, dh);	227	if (!EVP_PKEY_set1_DH(pkey, dh))
227	/* Note: if error return, pkey is freed by parent routine */	228	goto err;
		229
228	if (!EVP_PKEY_copy_parameters(pkey, ctx->pkey))	230	if (!EVP_PKEY_copy_parameters(pkey, ctx->pkey))
229	return 0;	231	goto err;
230	return DH_generate_key(pkey->pkey.dh);	232	if (!DH_generate_key(dh))
		233	goto err;
		234
		235	ret = 1;
		236
		237	err:
		238	DH_free(dh);
		239
		240	return ret;
231	}	241	}
232		242
233	static int	243	static int