From cb6b0a5e2bec6409da8e1668ede523e52bbdbeed Mon Sep 17 00:00:00 2001 From: tb Date: Thu, 28 Dec 2023 22:10:33 +0000 Subject: [PATCH] Rework pkey_dh_paramgen() Similar to pkey_rsa_paramgen() this function does some strange dances with the pkey_gencb and initialization plus missing error checks. Fix all that and use the idiom established in previous commits. ok jsing --- lib/libcrypto/dh/dh_pmeth.c | 35 +++++++++++++++++++---------------- 1 file changed, 19 insertions(+), 16 deletions(-) diff --git a/lib/libcrypto/dh/dh_pmeth.c b/lib/libcrypto/dh/dh_pmeth.c index 5a43acceffd..5b432144487 100644 --- a/lib/libcrypto/dh/dh_pmeth.c +++ b/lib/libcrypto/dh/dh_pmeth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dh_pmeth.c,v 1.14 2023/12/28 22:06:41 tb Exp $ */ +/* $OpenBSD: dh_pmeth.c,v 1.15 2023/12/28 22:10:33 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2006. */ @@ -189,25 +189,28 @@ out_of_range: static int pkey_dh_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) { - DH *dh = NULL; + DH *dh; DH_PKEY_CTX *dctx = ctx->data; - BN_GENCB *pcb, cb; - int ret; + BN_GENCB *pcb = NULL; + BN_GENCB cb = {0}; + int ret = 0; - if (ctx->pkey_gencb) { + if ((dh = DH_new()) == NULL) + goto err; + if (ctx->pkey_gencb != NULL) { pcb = &cb; evp_pkey_set_cb_translate(pcb, ctx); - } else - pcb = NULL; - dh = DH_new(); - if (!dh) - return 0; - ret = DH_generate_parameters_ex(dh, dctx->prime_len, dctx->generator, - pcb); - if (ret) - EVP_PKEY_assign_DH(pkey, dh); - else - DH_free(dh); + } + if (!DH_generate_parameters_ex(dh, dctx->prime_len, dctx->generator, pcb)) + goto err; + if (!EVP_PKEY_assign_DH(pkey, dh)) + goto err; + dh = NULL; + + ret = 1; + err: + DH_free(dh); + return ret; } -- 2.20.1