From dc7bfa45b82ffcce7e66aeae4c54a79f34b064d4 Mon Sep 17 00:00:00 2001
From: tb <tb@openbsd.org>
Date: Wed, 17 Apr 2024 08:24:11 +0000
Subject: [PATCH] Avoid NULL dereference in EVP_PKEY_paramgen()

If EVP_PKEY_new() returns NULL, it would be passed to the paramgen() pmeth
which would typically dereference it. This is identical to a recent change
in keygen().

ok jsing
---
 lib/libcrypto/evp/pmeth_gn.c | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/lib/libcrypto/evp/pmeth_gn.c b/lib/libcrypto/evp/pmeth_gn.c
index b8b51ced3d8..1c355e594a2 100644
--- a/lib/libcrypto/evp/pmeth_gn.c
+++ b/lib/libcrypto/evp/pmeth_gn.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pmeth_gn.c,v 1.18 2024/04/12 09:41:39 tb Exp $ */
+/* $OpenBSD: pmeth_gn.c,v 1.19 2024/04/17 08:24:11 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2006.
  */
@@ -87,7 +87,7 @@ EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey)
 {
 	int ret;
 
-	if (!ctx || !ctx->pmeth || !ctx->pmeth->paramgen) {
+	if (ctx == NULL || ctx->pmeth == NULL || ctx->pmeth->paramgen == NULL) {
 		EVPerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
 		return -2;
 	}
@@ -97,17 +97,19 @@ EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey)
 		return -1;
 	}
 
-	if (!ppkey)
+	if (ppkey == NULL)
 		return -1;
 
-	if (!*ppkey)
+	if (*ppkey == NULL)
 		*ppkey = EVP_PKEY_new();
+	if (*ppkey == NULL)
+		return -1;
 
-	ret = ctx->pmeth->paramgen(ctx, *ppkey);
-	if (ret <= 0) {
+	if ((ret = ctx->pmeth->paramgen(ctx, *ppkey)) <= 0) {
 		EVP_PKEY_free(*ppkey);
 		*ppkey = NULL;
 	}
+
 	return ret;
 }
 LCRYPTO_ALIAS(EVP_PKEY_paramgen);
-- 
2.20.1