1 files changed, 11 insertions, 5 deletions

diff --git a/lib/dns/openssldh_link.c b/lib/dns/openssldh_link.c
index be1d880280eb..04fb9fe5afa1 100644
--- a/lib/dns/openssldh_link.c
+++ b/lib/dns/openssldh_link.c
@@ -94,7 +94,8 @@ openssldh_computesecret(const dst_key_t *pub, const dst_key_t *priv,
 		return (ISC_R_NOSPACE);
 	ret = DH_compute_key(r.base, dhpub->pub_key, dhpriv);
 	if (ret == 0)
-		return (dst__openssl_toresult(DST_R_COMPUTESECRETFAILURE));
+		return (dst__openssl_toresult2("DH_compute_key",
+					       DST_R_COMPUTESECRETFAILURE));
 	isc_buffer_add(secret, len);
 	return (ISC_R_SUCCESS);
 }
@@ -179,14 +180,16 @@ openssldh_generate(dst_key_t *key, int generator) {
 #if OPENSSL_VERSION_NUMBER > 0x00908000L
 		dh = DH_new();
 		if (dh == NULL)
-			return (dst__openssl_toresult(DST_R_OPENSSLFAILURE));
+			return (dst__openssl_toresult(ISC_R_NOMEMORY));
 
 		BN_GENCB_set_old(&cb, NULL, NULL);
 
 		if (!DH_generate_parameters_ex(dh, key->key_size, generator,
 					       &cb)) {
 			DH_free(dh);
-			return (dst__openssl_toresult(DST_R_OPENSSLFAILURE));
+			return (dst__openssl_toresult2(
+					"DH_generate_parameters_ex",
+					DST_R_OPENSSLFAILURE));
 		}
 #else
 		dh = DH_generate_parameters(key->key_size, generator,
@@ -195,11 +198,13 @@ openssldh_generate(dst_key_t *key, int generator) {
 	}
 
 	if (dh == NULL)
-		return (dst__openssl_toresult(DST_R_OPENSSLFAILURE));
+		return (dst__openssl_toresult2("DH_generate_parameters",
+					       DST_R_OPENSSLFAILURE));
 
 	if (DH_generate_key(dh) == 0) {
 		DH_free(dh);
-		return (dst__openssl_toresult(DST_R_OPENSSLFAILURE));
+		return (dst__openssl_toresult2("DH_generate_key",
+					       DST_R_OPENSSLFAILURE));
 	}
 	dh->flags &= ~DH_FLAG_CACHE_MONT_P;
 
@@ -430,6 +435,7 @@ openssldh_tofile(const dst_key_t *key, const char *directory) {
 
 	dh = key->keydata.dh;
 
+	memset(bufs, 0, sizeof(bufs));
 	for (i = 0; i < 4; i++) {
 		bufs[i] = isc_mem_get(key->mctx, BN_num_bytes(dh->p));
 		if (bufs[i] == NULL) {