diff --git a/ssl/ech/ech_internal.c b/ssl/ech/ech_internal.c index 97d9c0c566..999897e05b 100644 --- a/ssl/ech/ech_internal.c +++ b/ssl/ech/ech_internal.c @@ -1779,13 +1779,10 @@ static unsigned char *hpke_decrypt_encch(SSL_CONNECTION *s, * We may generate externally visible OpenSSL errors * if decryption fails (which is normal) but we'll * ignore those as we might be dealing with a GREASEd - * ECH. To do that we need to now ingore some errors + * ECH. To do that we need to now ignore some errors * so we use ERR_set_mark() then later ERR_pop_to_mark(). */ - if (ERR_set_mark() != 0) { - OPENSSL_free(clear); - return NULL; - } + ERR_set_mark(); /* Use OSSL_HPKE_* APIs */ hctx = OSSL_HPKE_CTX_new(hpke_mode, hpke_suite, OSSL_HPKE_ROLE_RECEIVER, NULL, NULL); @@ -1835,8 +1832,7 @@ end: if (PACKET_buf_init(&innerchpkt, clear, clearlen) != 1) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); - OPENSSL_free(clear); - return NULL; + goto paderr; } /* reset the offsets, as we move from outer to inner CH */ s->ext.ech.ch_offsets_done = 0; @@ -1845,14 +1841,12 @@ end: &innerflag, &outersnioffset); if (rv != 1) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); - OPENSSL_free(clear); - return NULL; + goto paderr; } /* odd form of check below just for emphasis */ if ((extsoffset + 1) > clearlen) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); - OPENSSL_free(clear); - return NULL; + goto paderr; } extslen = (unsigned char)(clear[extsoffset]) * 256 + (unsigned char)(clear[extsoffset + 1]); @@ -1860,8 +1854,7 @@ end: /* the check below protects us from bogus data */ if (ch_len > clearlen) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); - OPENSSL_free(clear); - return NULL; + goto paderr; } /* * The RFC calls for that padding to be all zeros. I'm not so @@ -1873,15 +1866,11 @@ end: { size_t zind = 0; - if (*innerlen < ch_len) { - OPENSSL_free(clear); - return NULL; - } + if (*innerlen < ch_len) + goto paderr; for (zind = ch_len; zind != *innerlen; zind++) { - if (clear[zind] != 0x00) { - OPENSSL_free(clear); - return NULL; - } + if (clear[zind] != 0x00) + goto paderr; } } # endif @@ -1891,6 +1880,7 @@ end: # endif return clear; } +paderr: OPENSSL_free(clear); return NULL; } diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index 0aadcff5f4..2f1fcadb5e 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -2076,30 +2076,24 @@ static int tls_early_post_process_client_hello(SSL_CONNECTION *s) goto err; } -#ifndef OPENSSL_NO_ECH /* * Unless ECH has worked or not been configured we won't call * the session_secret_cb now because we'll need to calculate the * server random later to include the ECH accept value. * We can't do it now as we don't yet have the SH encoding. */ - if (((s->ext.ech.es != NULL && s->ext.ech.success == 1) - || s->ext.ech.es == NULL) - && (!s->hit - && s->version >= TLS1_VERSION - && !SSL_CONNECTION_IS_TLS13(s) - && !SSL_CONNECTION_IS_DTLS(s) - && s->ext.session_secret_cb != NULL)) { - const SSL_CIPHER *pref_cipher = NULL; -#else - - if (!s->hit - && s->version >= TLS1_VERSION - && !SSL_CONNECTION_IS_TLS13(s) - && !SSL_CONNECTION_IS_DTLS(s) - && s->ext.session_secret_cb != NULL) { - const SSL_CIPHER *pref_cipher = NULL; + if ( +#ifndef OPENSSL_NO_ECH + ((s->ext.ech.es != NULL && s->ext.ech.success == 1) + || s->ext.ech.es == NULL) && #endif + !s->hit + && s->version >= TLS1_VERSION + && !SSL_CONNECTION_IS_TLS13(s) + && !SSL_CONNECTION_IS_DTLS(s) + && s->ext.session_secret_cb != NULL) { + const SSL_CIPHER *pref_cipher = NULL; + /* * s->session->master_key_length is a size_t, but this is an int for * backwards compat reasons