From f69f3e59922d6a1bc42cdb56d8cc327c81883a41 Mon Sep 17 00:00:00 2001
From: tobhe <tobhe@openbsd.org>
Date: Tue, 8 Nov 2022 19:17:05 +0000
Subject: [PATCH] Fix leak of pk if EVP_PKEY_set1_DSA() fails.

Found with CodeChecker
ok jsing@
---
 lib/libcrypto/dsa/dsa_prn.c | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/lib/libcrypto/dsa/dsa_prn.c b/lib/libcrypto/dsa/dsa_prn.c
index fb5e35f9090..a26f3cfc6a3 100644
--- a/lib/libcrypto/dsa/dsa_prn.c
+++ b/lib/libcrypto/dsa/dsa_prn.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dsa_prn.c,v 1.6 2017/01/29 17:49:22 beck Exp $ */
+/* $OpenBSD: dsa_prn.c,v 1.7 2022/11/08 19:17:05 tobhe Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2006.
  */
@@ -98,12 +98,16 @@ int
 DSA_print(BIO *bp, const DSA *x, int off)
 {
 	EVP_PKEY *pk;
-	int ret;
+	int ret = 0;
+
+	if ((pk = EVP_PKEY_new()) == NULL)
+		goto err;
+
+	if (!EVP_PKEY_set1_DSA(pk, (DSA *)x))
+		goto err;
 
-	pk = EVP_PKEY_new();
-	if (!pk || !EVP_PKEY_set1_DSA(pk, (DSA *)x))
-		return 0;
 	ret = EVP_PKEY_print_private(bp, pk, off, NULL);
+ err:
 	EVP_PKEY_free(pk);
 	return ret;
 }
-- 
2.20.1