From 9fff321e3e31923856f558794ba8f1093d1a8c7b Mon Sep 17 00:00:00 2001
From: Chris Conlon <chris@wolfssl.com>
Date: Fri, 11 Mar 2022 10:11:02 -0700
Subject: [PATCH] address PR review feedback on EVP_PKEY changes

---
 tests/api.c         |  8 +++-----
 wolfcrypt/src/evp.c | 15 ++++++++++++---
 2 files changed, 15 insertions(+), 8 deletions(-)

diff --git a/tests/api.c b/tests/api.c
index 747452b5c..8d8532f1a 100644
--- a/tests/api.c
+++ b/tests/api.c
@@ -42911,7 +42911,7 @@ static void test_wolfSSL_EC_KEY_dup(void)
 
     /* Test EC_KEY_up_ref */
     AssertNotNull(ecKey = wolfSSL_EC_KEY_new());
-    AssertIntEQ(wolfSSL_EC_KEY_generate_key(ecKey), 1);
+    AssertIntEQ(wolfSSL_EC_KEY_generate_key(ecKey), WOLFSSL_SUCCESS);
     AssertIntEQ(wolfSSL_EC_KEY_up_ref(NULL), WOLFSSL_FAILURE);
     AssertIntEQ(wolfSSL_EC_KEY_up_ref(ecKey), WOLFSSL_SUCCESS);
     /* reference count doesn't follow duplicate */
@@ -43529,8 +43529,7 @@ static void test_wolfSSL_EVP_PKEY_keygen(void)
 {
     WOLFSSL_EVP_PKEY* pkey = NULL;
     EVP_PKEY_CTX*     ctx = NULL;
-#if !defined(NO_DH) && (!defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && \
-    (HAVE_FIPS_VERSION>2)))
+#if !defined(NO_DH) && (!defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0))
     WOLFSSL_EVP_PKEY* params = NULL;
     DH* dh = NULL;
     const BIGNUM* pubkey = NULL;
@@ -43557,8 +43556,7 @@ static void test_wolfSSL_EVP_PKEY_keygen(void)
     EVP_PKEY_free(pkey);
     pkey = NULL;
 
-#if !defined(NO_DH) && (!defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && \
-    (HAVE_FIPS_VERSION>2)))
+#if !defined(NO_DH) && (!defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0))
     /* Test DH keygen */
     {
         AssertNotNull(params = wolfSSL_EVP_PKEY_new());
diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c
index 18f11a93e..15e7d5231 100644
--- a/wolfcrypt/src/evp.c
+++ b/wolfcrypt/src/evp.c
@@ -1419,7 +1419,8 @@ WOLFSSL_EVP_PKEY_CTX *wolfSSL_EVP_PKEY_CTX_new(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_E
     if (pkey->ecc && pkey->ecc->group) {
         /* set curve NID from pkey if available */
         ctx->curveNID = pkey->ecc->group->curve_nid;
-    } else {
+    }
+    else {
         ctx->curveNID = ECC_CURVE_DEF;
     }
 #endif
@@ -2104,8 +2105,7 @@ int wolfSSL_EVP_PKEY_keygen(WOLFSSL_EVP_PKEY_CTX *ctx,
             }
             break;
 #endif
-#if !defined(NO_DH) && (!defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && \
-    (HAVE_FIPS_VERSION>2)))
+#if !defined(NO_DH) && (!defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0))
         case EVP_PKEY_DH:
             pkey->dh = wolfSSL_DH_new();
             if (pkey->dh) {
@@ -2226,6 +2226,15 @@ int wolfSSL_EVP_PKEY_copy_parameters(WOLFSSL_EVP_PKEY *to,
                 WOLFSSL_MSG("wolfSSL_DSA_new error");
                 return WOLFSSL_FAILURE;
             }
+
+            /* free existing BIGNUMs if needed before copying over new */
+            wolfSSL_BN_free(to->dsa->p);
+            wolfSSL_BN_free(to->dsa->g);
+            wolfSSL_BN_free(to->dsa->q);
+            to->dsa->p = NULL;
+            to->dsa->g = NULL;
+            to->dsa->q = NULL;
+
             if (!(cpy = wolfSSL_BN_dup(from->dsa->p))) {
                 WOLFSSL_MSG("wolfSSL_BN_dup error");
                 return WOLFSSL_FAILURE;