From a21e684406ff918992e7652163c56a09bda12860 Mon Sep 17 00:00:00 2001 From: tb Date: Thu, 28 Dec 2023 22:07:23 +0000 Subject: [PATCH] Rework pkey_dsa_keygen() Very similar to pkey_dh_keygen(): single exit and hold on to an extra reference by calling EVP_PKEY_set1_DSA() instead of assigning the DSA to the pkey. "Fixes" another leak that Coverity missed. ok jsing --- lib/libcrypto/dsa/dsa_pmeth.c | 27 ++++++++++++++++++--------- 1 file changed, 18 insertions(+), 9 deletions(-) diff --git a/lib/libcrypto/dsa/dsa_pmeth.c b/lib/libcrypto/dsa/dsa_pmeth.c index 9b03a2fc3ab..dff47ed348d 100644 --- a/lib/libcrypto/dsa/dsa_pmeth.c +++ b/lib/libcrypto/dsa/dsa_pmeth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dsa_pmeth.c,v 1.17 2023/04/25 15:48:48 tb Exp $ */ +/* $OpenBSD: dsa_pmeth.c,v 1.18 2023/12/28 22:07:23 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2006. */ @@ -314,19 +314,28 @@ static int pkey_dsa_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) { DSA *dsa = NULL; + int ret = 0; if (ctx->pkey == NULL) { DSAerror(DSA_R_NO_PARAMETERS_SET); - return 0; + goto err; } - dsa = DSA_new(); - if (!dsa) - return 0; - EVP_PKEY_assign_DSA(pkey, dsa); - /* Note: if error return, pkey is freed by parent routine */ + if ((dsa = DSA_new()) == NULL) + goto err; + if (!EVP_PKEY_set1_DSA(pkey, dsa)) + goto err; + if (!EVP_PKEY_copy_parameters(pkey, ctx->pkey)) - return 0; - return DSA_generate_key(pkey->pkey.dsa); + goto err; + if (!DSA_generate_key(dsa)) + goto err; + + ret = 1; + + err: + DSA_free(dsa); + + return ret; } const EVP_PKEY_METHOD dsa_pkey_meth = { -- 2.20.1