Rework pkey_dh_paramgen()

Similar to pkey_rsa_paramgen() this function does some strange dances
with the pkey_gencb and initialization plus missing error checks. Fix
all that and use the idiom established in previous commits.

ok jsing

1 files changed, 19 insertions, 16 deletions

diff --git a/src/lib/libcrypto/dh/dh_pmeth.c b/src/lib/libcrypto/dh/dh_pmeth.c
index 5a43acceff..5b43214448 100644
--- a/src/lib/libcrypto/dh/dh_pmeth.c
+++ b/src/lib/libcrypto/dh/dh_pmeth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dh_pmeth.c,v 1.14 2023/12/28 22:06:41 tb Exp $ */
+/* $OpenBSD: dh_pmeth.c,v 1.15 2023/12/28 22:10:33 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2006.
  */
@@ -189,25 +189,28 @@ out_of_range:
 static int
 pkey_dh_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
 {
-        DH *dh = NULL;
+        DH *dh;
         DH_PKEY_CTX *dctx = ctx->data;
-        BN_GENCB *pcb, cb;
-        int ret;
+        BN_GENCB *pcb = NULL;
+        BN_GENCB cb = {0};
+        int ret = 0;
 
-        if (ctx->pkey_gencb) {
+        if ((dh = DH_new()) == NULL)
+                goto err;
+        if (ctx->pkey_gencb != NULL) {
                 pcb = &cb;
                 evp_pkey_set_cb_translate(pcb, ctx);
-        } else
-                pcb = NULL;
-        dh = DH_new();
-        if (!dh)
-                return 0;
-        ret = DH_generate_parameters_ex(dh, dctx->prime_len, dctx->generator,
-            pcb);
-        if (ret)
-                EVP_PKEY_assign_DH(pkey, dh);
-        else
-                DH_free(dh);
+        }
+        if (!DH_generate_parameters_ex(dh, dctx->prime_len, dctx->generator, pcb))
+                goto err;
+        if (!EVP_PKEY_assign_DH(pkey, dh))
+                goto err;
+        dh = NULL;
+
+        ret = 1;
+ err:
+        DH_free(dh);
+
         return ret;
 }