Rework pkey_dh_paramgen()

Similar to pkey_rsa_paramgen() this function does some strange dances
with the pkey_gencb and initialization plus missing error checks. Fix
all that and use the idiom established in previous commits.

ok jsing

diff --git a/lib/libcrypto/dh/dh_pmeth.c b/lib/libcrypto/dh/dh_pmeth.c
index 5a43acc..5b43214 100644 (file)
--- a/lib/libcrypto/dh/dh_pmeth.c
+++ b/lib/libcrypto/dh/dh_pmeth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dh_pmeth.c,v 1.14 2023/12/28 22:06:41 tb Exp $ */
+/* $OpenBSD: dh_pmeth.c,v 1.15 2023/12/28 22:10:33 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2006.
  */
@@ -189,25 +189,28 @@ out_of_range:
 static int
 pkey_dh_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
 {
-       DH *dh = NULL;
+       DH *dh;
        DH_PKEY_CTX *dctx = ctx->data;
-       BN_GENCB *pcb, cb;
-       int ret;
+       BN_GENCB *pcb = NULL;
+       BN_GENCB cb = {0};
+       int ret = 0;
 
-       if (ctx->pkey_gencb) {
+       if ((dh = DH_new()) == NULL)
+               goto err;
+       if (ctx->pkey_gencb != NULL) {
                pcb = &cb;
                evp_pkey_set_cb_translate(pcb, ctx);
-       } else
-               pcb = NULL;
-       dh = DH_new();
-       if (!dh)
-               return 0;
-       ret = DH_generate_parameters_ex(dh, dctx->prime_len, dctx->generator,
-           pcb);
-       if (ret)
-               EVP_PKEY_assign_DH(pkey, dh);
-       else
-               DH_free(dh);
+       }
+       if (!DH_generate_parameters_ex(dh, dctx->prime_len, dctx->generator, pcb))
+               goto err;
+       if (!EVP_PKEY_assign_DH(pkey, dh))
+               goto err;
+       dh = NULL;
+
+       ret = 1;
+ err:
+       DH_free(dh);
+
        return ret;
 }