Rework pkey_das_paramgen()

Another copy-paste-then-tweak-and-diverge version of the same old thing.
Fix it the same way as pkey_rsa_paramgen() and pkey_dh_paramgen(). The
callbacks are initialized at the top and the weird error checking is
turned into something much simpler.

ok jsing

1 files changed, 21 insertions, 16 deletions

diff --git a/lib/libcrypto/dsa/dsa_pmeth.c b/lib/libcrypto/dsa/dsa_pmeth.c
index dff47ed348d..001bdec201d 100644
--- a/lib/libcrypto/dsa/dsa_pmeth.c
+++ b/lib/libcrypto/dsa/dsa_pmeth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dsa_pmeth.c,v 1.18 2023/12/28 22:07:23 tb Exp $ */
+/* $OpenBSD: dsa_pmeth.c,v 1.19 2023/12/28 22:11:26 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2006.
  */
@@ -288,25 +288,30 @@ out_of_range:
 static int
 pkey_dsa_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
 {
-	DSA *dsa = NULL;
+	DSA *dsa;
 	DSA_PKEY_CTX *dctx = ctx->data;
-	BN_GENCB *pcb, cb;
-	int ret;
+	BN_GENCB *pcb = NULL;
+	BN_GENCB cb = {0};
+	int ret = 0;
 
-	if (ctx->pkey_gencb) {
+	if ((dsa = DSA_new()) == NULL)
+		goto err;
+	if (ctx->pkey_gencb != NULL) {
 		pcb = &cb;
 		evp_pkey_set_cb_translate(pcb, ctx);
-	} else
-		pcb = NULL;
-	dsa = DSA_new();
-	if (!dsa)
-		return 0;
-	ret = dsa_builtin_paramgen(dsa, dctx->nbits, dctx->qbits, dctx->pmd,
-	    NULL, 0, NULL, NULL, NULL, pcb);
-	if (ret)
-		EVP_PKEY_assign_DSA(pkey, dsa);
-	else
-		DSA_free(dsa);
+	}
+	if (!dsa_builtin_paramgen(dsa, dctx->nbits, dctx->qbits, dctx->pmd,
+	    NULL, 0, NULL, NULL, NULL, pcb))
+		goto err;
+	if (!EVP_PKEY_assign_DSA(pkey, dsa))
+		goto err;
+	dsa = NULL;
+
+	ret = 1;
+
+ err:
+	DSA_free(dsa);
+
 	return ret;
 }