-/* $OpenBSD: ssl_ciph.c,v 1.131 2022/09/01 15:19:16 tb Exp $ */
+/* $OpenBSD: ssl_ciph.c,v 1.132 2022/09/04 07:55:32 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
{
int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases;
unsigned long disabled_mkey, disabled_auth, disabled_enc, disabled_mac, disabled_ssl;
- STACK_OF(SSL_CIPHER) *cipherstack;
+ STACK_OF(SSL_CIPHER) *cipherstack = NULL, *ret = NULL;
const char *rule_p;
CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr;
const SSL_CIPHER **ca_list = NULL;
* Return with error if nothing to do.
*/
if (rule_str == NULL || cipher_list == NULL)
- return NULL;
+ goto err;
/*
* To reduce the work to do we only want to process the compiled
co_list = reallocarray(NULL, num_of_ciphers, sizeof(CIPHER_ORDER));
if (co_list == NULL) {
SSLerrorx(ERR_R_MALLOC_FAILURE);
- return(NULL); /* Failure */
+ goto err;
}
ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers,
/* Now sort by symmetric encryption strength. The above ordering remains
* in force within each class */
- if (!ssl_cipher_strength_sort(&head, &tail)) {
- free(co_list);
- return NULL;
- }
+ if (!ssl_cipher_strength_sort(&head, &tail))
+ goto err;
/* Now disable everything (maintaining the ordering!) */
ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail);
num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1;
ca_list = reallocarray(NULL, num_of_alias_max, sizeof(SSL_CIPHER *));
if (ca_list == NULL) {
- free(co_list);
SSLerrorx(ERR_R_MALLOC_FAILURE);
- return(NULL); /* Failure */
+ goto err;
}
ssl_cipher_collect_aliases(ca_list, num_of_group_aliases, disabled_mkey,
disabled_auth, disabled_enc, disabled_mac, disabled_ssl, head);
ok = ssl_cipher_process_rulestr(rule_p, &head, &tail, ca_list,
cert, &tls13_seen);
- free((void *)ca_list); /* Not needed anymore */
-
if (!ok) {
/* Rule processing failure */
- free(co_list);
- return (NULL);
+ goto err;
}
/*
* if we cannot get one.
*/
if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL) {
- free(co_list);
- return (NULL);
+ SSLerrorx(ERR_R_MALLOC_FAILURE);
+ goto err;
}
/* Prefer TLSv1.3 cipher suites. */
for (i = 0; i < sk_SSL_CIPHER_num(cipher_list_tls13); i++) {
cipher = sk_SSL_CIPHER_value(cipher_list_tls13, i);
if (!sk_SSL_CIPHER_push(cipherstack, cipher)) {
- free(co_list);
- return (NULL);
+ SSLerrorx(ERR_R_MALLOC_FAILURE);
+ goto err;
}
}
tls13_seen = 1;
if (curr->active ||
(!tls13_seen && curr->cipher->algorithm_ssl == SSL_TLSV1_3)) {
if (!sk_SSL_CIPHER_push(cipherstack, curr->cipher)) {
- free(co_list);
- return (NULL);
+ SSLerrorx(ERR_R_MALLOC_FAILURE);
+ goto err;
}
}
any_active |= curr->active;
if (!any_active)
sk_SSL_CIPHER_zero(cipherstack);
- free(co_list); /* Not needed any longer */
-
sk_SSL_CIPHER_free(*cipher_list);
*cipher_list = cipherstack;
+ cipherstack = NULL;
+
+ ret = *cipher_list;
+
+ err:
+ sk_SSL_CIPHER_free(cipherstack);
+ free((void *)ca_list);
+ free(co_list);
- return (cipherstack);
+ return ret;
}
const SSL_CIPHER *
projects / openbsd / commitdiff