Rework and fix pkey_hmac_keygen()

The usual: single exit, error check all functions even if they can't
actually fail. This one was flagged again.

ok jsing

CID 471706 (false positive)

1 files changed, 15 insertions, 8 deletions

diff --git a/src/lib/libcrypto/hmac/hm_pmeth.c b/src/lib/libcrypto/hmac/hm_pmeth.c
index 5ec86aa095..05eb1bf85d 100644
--- a/src/lib/libcrypto/hmac/hm_pmeth.c
+++ b/src/lib/libcrypto/hmac/hm_pmeth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: hm_pmeth.c,v 1.16 2023/11/29 21:35:57 tb Exp $ */
+/* $OpenBSD: hm_pmeth.c,v 1.17 2023/12/28 22:00:56 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2007.
  */
@@ -131,15 +131,22 @@ pkey_hmac_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
 {
         ASN1_OCTET_STRING *hkey = NULL;
         HMAC_PKEY_CTX *hctx = ctx->data;
+        int ret = 0;
 
-        if (!hctx->ktmp.data)
-                return 0;
-        hkey = ASN1_OCTET_STRING_dup(&hctx->ktmp);
-        if (!hkey)
-                return 0;
-        EVP_PKEY_assign(pkey, EVP_PKEY_HMAC, hkey);
+        if (hctx->ktmp.data == NULL)
+                goto err;
+        if ((hkey = ASN1_OCTET_STRING_dup(&hctx->ktmp)) == NULL)
+                goto err;
+        if (!EVP_PKEY_assign(pkey, EVP_PKEY_HMAC, hkey))
+                goto err;
+        hkey = NULL;
 
-        return 1;
+        ret = 1;
+
+ err:
+        ASN1_OCTET_STRING_free(hkey);
+
+        return ret;
 }
 
 static int