Rework and fix pkey_hmac_keygen()

The usual: single exit, error check all functions even if they can't
actually fail. This one was flagged again.

ok jsing

CID 471706 (false positive)

diff --git a/lib/libcrypto/hmac/hm_pmeth.c b/lib/libcrypto/hmac/hm_pmeth.c
index 5ec86aa..05eb1bf 100644 (file)
--- a/lib/libcrypto/hmac/hm_pmeth.c
+++ b/lib/libcrypto/hmac/hm_pmeth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: hm_pmeth.c,v 1.16 2023/11/29 21:35:57 tb Exp $ */
+/* $OpenBSD: hm_pmeth.c,v 1.17 2023/12/28 22:00:56 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2007.
  */
@@ -131,15 +131,22 @@ pkey_hmac_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
 {
        ASN1_OCTET_STRING *hkey = NULL;
        HMAC_PKEY_CTX *hctx = ctx->data;
+       int ret = 0;
 
-       if (!hctx->ktmp.data)
-               return 0;
-       hkey = ASN1_OCTET_STRING_dup(&hctx->ktmp);
-       if (!hkey)
-               return 0;
-       EVP_PKEY_assign(pkey, EVP_PKEY_HMAC, hkey);
+       if (hctx->ktmp.data == NULL)
+               goto err;
+       if ((hkey = ASN1_OCTET_STRING_dup(&hctx->ktmp)) == NULL)
+               goto err;
+       if (!EVP_PKEY_assign(pkey, EVP_PKEY_HMAC, hkey))
+               goto err;
+       hkey = NULL;
 
-       return 1;
+       ret = 1;
+
+ err:
+       ASN1_OCTET_STRING_free(hkey);
+
+       return ret;
 }
 
 static int