From d038647e3a4f1ef5e7535103a39d0cdc628ed9e0 Mon Sep 17 00:00:00 2001
From: tb <>
Date: Thu, 28 Dec 2023 22:10:33 +0000
Subject: Rework pkey_dh_paramgen()

Similar to pkey_rsa_paramgen() this function does some strange dances
with the pkey_gencb and initialization plus missing error checks. Fix
all that and use the idiom established in previous commits.

ok jsing
---
 src/lib/libcrypto/dh/dh_pmeth.c | 35 +++++++++++++++++++----------------
 1 file changed, 19 insertions(+), 16 deletions(-)

(limited to 'src/lib')

diff --git a/src/lib/libcrypto/dh/dh_pmeth.c b/src/lib/libcrypto/dh/dh_pmeth.c
index 5a43acceff..5b43214448 100644
--- a/src/lib/libcrypto/dh/dh_pmeth.c
+++ b/src/lib/libcrypto/dh/dh_pmeth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dh_pmeth.c,v 1.14 2023/12/28 22:06:41 tb Exp $ */
+/* $OpenBSD: dh_pmeth.c,v 1.15 2023/12/28 22:10:33 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2006.
  */
@@ -189,25 +189,28 @@ out_of_range:
 static int
 pkey_dh_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
 {
-	DH *dh = NULL;
+	DH *dh;
 	DH_PKEY_CTX *dctx = ctx->data;
-	BN_GENCB *pcb, cb;
-	int ret;
+	BN_GENCB *pcb = NULL;
+	BN_GENCB cb = {0};
+	int ret = 0;
 
-	if (ctx->pkey_gencb) {
+	if ((dh = DH_new()) == NULL)
+		goto err;
+	if (ctx->pkey_gencb != NULL) {
 		pcb = &cb;
 		evp_pkey_set_cb_translate(pcb, ctx);
-	} else
-		pcb = NULL;
-	dh = DH_new();
-	if (!dh)
-		return 0;
-	ret = DH_generate_parameters_ex(dh, dctx->prime_len, dctx->generator,
-	    pcb);
-	if (ret)
-		EVP_PKEY_assign_DH(pkey, dh);
-	else
-		DH_free(dh);
+	}
+	if (!DH_generate_parameters_ex(dh, dctx->prime_len, dctx->generator, pcb))
+		goto err;
+	if (!EVP_PKEY_assign_DH(pkey, dh))
+		goto err;
+	dh = NULL;
+
+	ret = 1;
+ err:
+	DH_free(dh);
+
 	return ret;
 }
 
-- 
cgit v1.2.3-55-g6feb