Rewrite session ticket TLS extension handling using CBB/CBS and the new

extension framework. ok jsing@ beck@
author: doug <> 2017-08-12 21:17:03 +0000
committer: doug <> 2017-08-12 21:17:03 +0000
commit: 7b1e2bed428777bb9ee601d6775aa91efdc80340 (patch)
tree: a6945bbfcf083598e38feabf2ece8ed3cbfaed2b /src/lib
parent: 8bf5f970305d128e9bff3306420305d1a510a83f (diff)
download: openbsd-7b1e2bed428777bb9ee601d6775aa91efdc80340.tar.gz
openbsd-7b1e2bed428777bb9ee601d6775aa91efdc80340.tar.bz2
openbsd-7b1e2bed428777bb9ee601d6775aa91efdc80340.zip
3 files changed, 145 insertions, 65 deletions
diff --git a/src/lib/libssl/ssl_tlsext.c b/src/lib/libssl/ssl_tlsext.c
index c050224c70..1813d46f41 100644
--- a/src/lib/libssl/ssl_tlsext.c
+++ b/src/lib/libssl/ssl_tlsext.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_tlsext.c,v 1.6 2017/08/11 20:14:13 doug Exp $ */
+/* $OpenBSD: ssl_tlsext.c,v 1.7 2017/08/12 21:17:03 doug Exp $ */
 /*
 * Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org>
 * Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -492,6 +492,131 @@ tlsext_sni_serverhello_parse(SSL *s, CBS *cbs, int *alert)
        return 1;
 }
+/*
+ * SessionTicket extension - RFC 5077 section 3.2
+ */
+int
+tlsext_sessionticket_clienthello_needs(SSL *s)
+{
+        /*
+         * Send session ticket extension when enabled and not overridden.
+         *
+         * When renegotiating, send an empty session ticket to indicate support.
+         */
+        if ((SSL_get_options(s) & SSL_OP_NO_TICKET) != 0)
+                return 0;
+        if (s->internal->new_session)
+                return 1;
+        if (s->internal->tlsext_session_ticket != NULL &&
+            s->internal->tlsext_session_ticket->data == NULL)
+                return 0;
+        return 1;
+}
+int
+tlsext_sessionticket_clienthello_build(SSL *s, CBB *cbb)
+{
+        /*
+         * Signal that we support session tickets by sending an empty
+         * extension when renegotiating or no session found.
+         */
+        if (s->internal->new_session || s->session == NULL)
+                return 1;
+        if (s->session->tlsext_tick != NULL) {
+                /* Attempt to resume with an existing session ticket */
+                if (!CBB_add_bytes(cbb, s->session->tlsext_tick,
+                    s->session->tlsext_ticklen))
+                        return 0;
+        } else if (s->internal->tlsext_session_ticket != NULL) {
+                /*
+                 * Attempt to resume with a custom provided session ticket set
+                 * by SSL_set_session_ticket_ext().
+                 */
+                if (s->internal->tlsext_session_ticket->length > 0) {
+                        size_t ticklen = s->internal->tlsext_session_ticket->length;
+                        if ((s->session->tlsext_tick = malloc(ticklen)) == NULL)
+                                return 0;
+                        memcpy(s->session->tlsext_tick,
+                            s->internal->tlsext_session_ticket->data,
+                            ticklen);
+                        s->session->tlsext_ticklen = ticklen;
+                        if (!CBB_add_bytes(cbb, s->session->tlsext_tick,
+                            s->session->tlsext_ticklen))
+                                return 0;
+                }
+        }
+        if (!CBB_flush(cbb))
+                return 0;
+        return 1;
+}
+int
+tlsext_sessionticket_clienthello_parse(SSL *s, CBS *cbs, int *alert)
+{
+        if (s->internal->tls_session_ticket_ext_cb) {
+                if (!s->internal->tls_session_ticket_ext_cb(s, CBS_data(cbs),
+                    (int)CBS_len(cbs),
+                    s->internal->tls_session_ticket_ext_cb_arg)) {
+                        *alert = TLS1_AD_INTERNAL_ERROR;
+                        return 0;
+                }
+        }
+        /* We need to signal that this was processed fully */
+        if (!CBS_skip(cbs, CBS_len(cbs))) {
+                *alert = TLS1_AD_INTERNAL_ERROR;
+                return 0;
+        }
+        return 1;
+}
+int
+tlsext_sessionticket_serverhello_needs(SSL *s)
+{
+        return (s->internal->tlsext_ticket_expected &&
+            !(SSL_get_options(s) & SSL_OP_NO_TICKET));
+}
+int
+tlsext_sessionticket_serverhello_build(SSL *s, CBB *cbb)
+{
+        /* Empty ticket */
+        return 1;
+}
+int
+tlsext_sessionticket_serverhello_parse(SSL *s, CBS *cbs, int *alert)
+{
+        if (s->internal->tls_session_ticket_ext_cb) {
+                if (!s->internal->tls_session_ticket_ext_cb(s, CBS_data(cbs),
+                    (int)CBS_len(cbs),
+                    s->internal->tls_session_ticket_ext_cb_arg)) {
+                        *alert = TLS1_AD_INTERNAL_ERROR;
+                        return 0;
+                }
+        }
+        if ((SSL_get_options(s) & SSL_OP_NO_TICKET) != 0 || CBS_len(cbs) > 0) {
+                *alert = TLS1_AD_UNSUPPORTED_EXTENSION;
+                return 0;
+        }
+        s->internal->tlsext_ticket_expected = 1;
+        return 1;
+}
 struct tls_extension {
        uint16_t type;
        int (*clienthello_needs)(SSL *s);
@@ -539,6 +664,15 @@ static struct tls_extension tls_extensions[] = {
                .serverhello_build = tlsext_ec_serverhello_build,
                .serverhello_parse = tlsext_ec_serverhello_parse,
        },
+        {
+                .type = TLSEXT_TYPE_session_ticket,
+                .clienthello_needs = tlsext_sessionticket_clienthello_needs,
+                .clienthello_build = tlsext_sessionticket_clienthello_build,
+                .clienthello_parse = tlsext_sessionticket_clienthello_parse,
+                .serverhello_needs = tlsext_sessionticket_serverhello_needs,
+                .serverhello_build = tlsext_sessionticket_serverhello_build,
+                .serverhello_parse = tlsext_sessionticket_serverhello_parse,
+        },
 };
 #define N_TLS_EXTENSIONS (sizeof(tls_extensions) / sizeof(*tls_extensions))
diff --git a/src/lib/libssl/ssl_tlsext.h b/src/lib/libssl/ssl_tlsext.h
index 38f8ffaa65..1e701e941a 100644
--- a/src/lib/libssl/ssl_tlsext.h
+++ b/src/lib/libssl/ssl_tlsext.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_tlsext.h,v 1.5 2017/08/11 20:14:13 doug Exp $ */
+/* $OpenBSD: ssl_tlsext.h,v 1.6 2017/08/12 21:17:03 doug Exp $ */
 /*
 * Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org>
 * Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -44,6 +44,12 @@ int tlsext_ecpf_serverhello_needs(SSL *s);
 int tlsext_ecpf_serverhello_build(SSL *s, CBB *cbb);
 int tlsext_ecpf_serverhello_parse(SSL *s, CBS *cbs, int *alert);
+int tlsext_sessionticket_clienthello_needs(SSL *s);
+int tlsext_sessionticket_clienthello_build(SSL *s, CBB *cbb);
+int tlsext_sessionticket_clienthello_parse(SSL *s, CBS *cbs, int *alert);
+int tlsext_sessionticket_serverhello_needs(SSL *s);
+int tlsext_sessionticket_serverhello_build(SSL *s, CBB *cbb);
+int tlsext_sessionticket_serverhello_parse(SSL *s, CBS *cbs, int *alert);
 int tlsext_clienthello_build(SSL *s, CBB *cbb);
 int tlsext_clienthello_parse_one(SSL *s, CBS *cbs, uint16_t tlsext_type,
diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c
index 911e8d3f4e..63d401c337 100644
--- a/src/lib/libssl/t1_lib.c
+++ b/src/lib/libssl/t1_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_lib.c,v 1.128 2017/08/12 21:03:08 jsing Exp $ */
+/* $OpenBSD: t1_lib.c,v 1.129 2017/08/12 21:17:03 doug Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -690,39 +690,6 @@ ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit)
                return NULL;
        ret += len;
-        if (!(SSL_get_options(s) & SSL_OP_NO_TICKET)) {
-                int ticklen;
-                if (!s->internal->new_session && s->session && s->session->tlsext_tick)
-                        ticklen = s->session->tlsext_ticklen;
-                else if (s->session && s->internal->tlsext_session_ticket &&
-                    s->internal->tlsext_session_ticket->data) {
-                        ticklen = s->internal->tlsext_session_ticket->length;
-                        s->session->tlsext_tick = malloc(ticklen);
-                        if (!s->session->tlsext_tick)
-                                return NULL;
-                        memcpy(s->session->tlsext_tick,
-                            s->internal->tlsext_session_ticket->data, ticklen);
-                        s->session->tlsext_ticklen = ticklen;
-                } else
-                        ticklen = 0;
-                if (ticklen == 0 && s->internal->tlsext_session_ticket &&
-                    s->internal->tlsext_session_ticket->data == NULL)
-                        goto skip_ext;
-                /* Check for enough room 2 for extension type, 2 for len
-                 * rest for ticket
-                 */
-                if ((size_t)(limit - ret) < 4 + ticklen)
-                        return NULL;
-                s2n(TLSEXT_TYPE_session_ticket, ret);
-                s2n(ticklen, ret);
-                if (ticklen) {
-                        memcpy(ret, s->session->tlsext_tick, ticklen);
-                        ret += ticklen;
-                }
-        }
-skip_ext:
        if (TLS1_get_client_version(s) >= TLS1_2_VERSION) {
                if ((size_t)(limit - ret) < sizeof(tls12_sigalgs) + 6)
                        return NULL;
@@ -884,15 +851,6 @@ ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit)
         * extension.
         */
-        if (s->internal->tlsext_ticket_expected &&
-            !(SSL_get_options(s) & SSL_OP_NO_TICKET)) {
-                if ((size_t)(limit - ret) < 4)
-                        return NULL;
-                s2n(TLSEXT_TYPE_session_ticket, ret);
-                s2n(0, ret);
-        }
        if (s->internal->tlsext_status_expected) {
                if ((size_t)(limit - ret) < 4)
                        return NULL;
@@ -1068,13 +1026,7 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
                if (!tlsext_clienthello_parse_one(s, &cbs, type, al))
                        return 0;
-                if (type == TLSEXT_TYPE_session_ticket) {
+                if (type == TLSEXT_TYPE_signature_algorithms) {
-                        if (s->internal->tls_session_ticket_ext_cb &&
-                            !s->internal->tls_session_ticket_ext_cb(s, data, size, s->internal->tls_session_ticket_ext_cb_arg)) {
-                                *al = TLS1_AD_INTERNAL_ERROR;
-                                return 0;
-                        }
-                } else if (type == TLSEXT_TYPE_signature_algorithms) {
                        int dsize;
                        if (sigalg_seen || size < 2) {
                                *al = SSL_AD_DECODE_ERROR;
@@ -1277,19 +1229,7 @@ ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, size_t n, int *al)
                if (!tlsext_serverhello_parse_one(s, &cbs, type, al))
                        return 0;
-                if (type == TLSEXT_TYPE_session_ticket) {
+                if (type == TLSEXT_TYPE_status_request &&
-                        if (s->internal->tls_session_ticket_ext_cb &&
-                            !s->internal->tls_session_ticket_ext_cb(s, data, size, s->internal->tls_session_ticket_ext_cb_arg)) {
-                                *al = TLS1_AD_INTERNAL_ERROR;
-                                return 0;
-                        }
-                        if ((SSL_get_options(s) & SSL_OP_NO_TICKET) || (size > 0)) {
-                                *al = TLS1_AD_UNSUPPORTED_EXTENSION;
-                                return 0;
-                        }
-                        s->internal->tlsext_ticket_expected = 1;
-                }
-                else if (type == TLSEXT_TYPE_status_request &&
                    s->version != DTLS1_VERSION) {
                        /* MUST be empty and only sent if we've requested
                         * a status request message.
author	doug <>	2017-08-12 21:17:03 +0000
committer	doug <>	2017-08-12 21:17:03 +0000
commit	7b1e2bed428777bb9ee601d6775aa91efdc80340 (patch)
tree	a6945bbfcf083598e38feabf2ece8ed3cbfaed2b /src/lib
parent	8bf5f970305d128e9bff3306420305d1a510a83f (diff)
download	openbsd-7b1e2bed428777bb9ee601d6775aa91efdc80340.tar.gz openbsd-7b1e2bed428777bb9ee601d6775aa91efdc80340.tar.bz2 openbsd-7b1e2bed428777bb9ee601d6775aa91efdc80340.zip

diff --git a/src/lib/libssl/ssl_tlsext.c b/src/lib/libssl/ssl_tlsext.c index c050224c70..1813d46f41 100644 --- a/src/lib/libssl/ssl_tlsext.c +++ b/src/lib/libssl/ssl_tlsext.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_tlsext.c,v 1.6 2017/08/11 20:14:13 doug Exp $ */	1	/* $OpenBSD: ssl_tlsext.c,v 1.7 2017/08/12 21:17:03 doug Exp $ */
2	/*	2	/*
3	* Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org>
4	* Copyright (c) 2017 Doug Hogan <doug@openbsd.org>	4	* Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -492,6 +492,131 @@ tlsext_sni_serverhello_parse(SSL s, CBS cbs, int *alert)
492	return 1;	492	return 1;
493	}	493	}
494		494
		495	/*
		496	* SessionTicket extension - RFC 5077 section 3.2
		497	*/
		498	int
		499	tlsext_sessionticket_clienthello_needs(SSL *s)
		500	{
		501	/*
		502	* Send session ticket extension when enabled and not overridden.
		503	*
		504	* When renegotiating, send an empty session ticket to indicate support.
		505	*/
		506	if ((SSL_get_options(s) & SSL_OP_NO_TICKET) != 0)
		507	return 0;
		508
		509	if (s->internal->new_session)
		510	return 1;
		511
		512	if (s->internal->tlsext_session_ticket != NULL &&
		513	s->internal->tlsext_session_ticket->data == NULL)
		514	return 0;
		515
		516	return 1;
		517	}
		518
		519	int
		520	tlsext_sessionticket_clienthello_build(SSL s, CBB cbb)
		521	{
		522	/*
		523	* Signal that we support session tickets by sending an empty
		524	* extension when renegotiating or no session found.
		525	*/
		526	if (s->internal->new_session \|\| s->session == NULL)
		527	return 1;
		528
		529	if (s->session->tlsext_tick != NULL) {
		530	/* Attempt to resume with an existing session ticket */
		531	if (!CBB_add_bytes(cbb, s->session->tlsext_tick,
		532	s->session->tlsext_ticklen))
		533	return 0;
		534
		535	} else if (s->internal->tlsext_session_ticket != NULL) {
		536	/*
		537	* Attempt to resume with a custom provided session ticket set
		538	* by SSL_set_session_ticket_ext().
		539	*/
		540	if (s->internal->tlsext_session_ticket->length > 0) {
		541	size_t ticklen = s->internal->tlsext_session_ticket->length;
		542
		543	if ((s->session->tlsext_tick = malloc(ticklen)) == NULL)
		544	return 0;
		545	memcpy(s->session->tlsext_tick,
		546	s->internal->tlsext_session_ticket->data,
		547	ticklen);
		548	s->session->tlsext_ticklen = ticklen;
		549
		550	if (!CBB_add_bytes(cbb, s->session->tlsext_tick,
		551	s->session->tlsext_ticklen))
		552	return 0;
		553	}
		554	}
		555
		556	if (!CBB_flush(cbb))
		557	return 0;
		558
		559	return 1;
		560	}
		561
		562	int
		563	tlsext_sessionticket_clienthello_parse(SSL s, CBS cbs, int *alert)
		564	{
		565	if (s->internal->tls_session_ticket_ext_cb) {
		566	if (!s->internal->tls_session_ticket_ext_cb(s, CBS_data(cbs),
		567	(int)CBS_len(cbs),
		568	s->internal->tls_session_ticket_ext_cb_arg)) {
		569	*alert = TLS1_AD_INTERNAL_ERROR;
		570	return 0;
		571	}
		572	}
		573
		574	/* We need to signal that this was processed fully */
		575	if (!CBS_skip(cbs, CBS_len(cbs))) {
		576	*alert = TLS1_AD_INTERNAL_ERROR;
		577	return 0;
		578	}
		579
		580	return 1;
		581	}
		582
		583	int
		584	tlsext_sessionticket_serverhello_needs(SSL *s)
		585	{
		586	return (s->internal->tlsext_ticket_expected &&
		587	!(SSL_get_options(s) & SSL_OP_NO_TICKET));
		588	}
		589
		590	int
		591	tlsext_sessionticket_serverhello_build(SSL s, CBB cbb)
		592	{
		593	/* Empty ticket */
		594
		595	return 1;
		596	}
		597
		598	int
		599	tlsext_sessionticket_serverhello_parse(SSL s, CBS cbs, int *alert)
		600	{
		601	if (s->internal->tls_session_ticket_ext_cb) {
		602	if (!s->internal->tls_session_ticket_ext_cb(s, CBS_data(cbs),
		603	(int)CBS_len(cbs),
		604	s->internal->tls_session_ticket_ext_cb_arg)) {
		605	*alert = TLS1_AD_INTERNAL_ERROR;
		606	return 0;
		607	}
		608	}
		609
		610	if ((SSL_get_options(s) & SSL_OP_NO_TICKET) != 0 \|\| CBS_len(cbs) > 0) {
		611	*alert = TLS1_AD_UNSUPPORTED_EXTENSION;
		612	return 0;
		613	}
		614
		615	s->internal->tlsext_ticket_expected = 1;
		616
		617	return 1;
		618	}
		619
495	struct tls_extension {	620	struct tls_extension {
496	uint16_t type;	621	uint16_t type;
497	int (clienthello_needs)(SSL s);	622	int (clienthello_needs)(SSL s);
@@ -539,6 +664,15 @@ static struct tls_extension tls_extensions[] = {
539	.serverhello_build = tlsext_ec_serverhello_build,	664	.serverhello_build = tlsext_ec_serverhello_build,
540	.serverhello_parse = tlsext_ec_serverhello_parse,	665	.serverhello_parse = tlsext_ec_serverhello_parse,
541	},	666	},
		667	{
		668	.type = TLSEXT_TYPE_session_ticket,
		669	.clienthello_needs = tlsext_sessionticket_clienthello_needs,
		670	.clienthello_build = tlsext_sessionticket_clienthello_build,
		671	.clienthello_parse = tlsext_sessionticket_clienthello_parse,
		672	.serverhello_needs = tlsext_sessionticket_serverhello_needs,
		673	.serverhello_build = tlsext_sessionticket_serverhello_build,
		674	.serverhello_parse = tlsext_sessionticket_serverhello_parse,
		675	},
542	};	676	};
543		677
544	#define N_TLS_EXTENSIONS (sizeof(tls_extensions) / sizeof(*tls_extensions))	678	#define N_TLS_EXTENSIONS (sizeof(tls_extensions) / sizeof(*tls_extensions))


diff --git a/src/lib/libssl/ssl_tlsext.h b/src/lib/libssl/ssl_tlsext.h index 38f8ffaa65..1e701e941a 100644 --- a/src/lib/libssl/ssl_tlsext.h +++ b/src/lib/libssl/ssl_tlsext.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_tlsext.h,v 1.5 2017/08/11 20:14:13 doug Exp $ */	1	/* $OpenBSD: ssl_tlsext.h,v 1.6 2017/08/12 21:17:03 doug Exp $ */
2	/*	2	/*
3	* Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org>
4	* Copyright (c) 2017 Doug Hogan <doug@openbsd.org>	4	* Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -44,6 +44,12 @@ int tlsext_ecpf_serverhello_needs(SSL *s);
44	int tlsext_ecpf_serverhello_build(SSL s, CBB cbb);	44	int tlsext_ecpf_serverhello_build(SSL s, CBB cbb);
45	int tlsext_ecpf_serverhello_parse(SSL s, CBS cbs, int *alert);	45	int tlsext_ecpf_serverhello_parse(SSL s, CBS cbs, int *alert);
46		46
		47	int tlsext_sessionticket_clienthello_needs(SSL *s);
		48	int tlsext_sessionticket_clienthello_build(SSL s, CBB cbb);
		49	int tlsext_sessionticket_clienthello_parse(SSL s, CBS cbs, int *alert);
		50	int tlsext_sessionticket_serverhello_needs(SSL *s);
		51	int tlsext_sessionticket_serverhello_build(SSL s, CBB cbb);
		52	int tlsext_sessionticket_serverhello_parse(SSL s, CBS cbs, int *alert);
47		53
48	int tlsext_clienthello_build(SSL s, CBB cbb);	54	int tlsext_clienthello_build(SSL s, CBB cbb);
49	int tlsext_clienthello_parse_one(SSL s, CBS cbs, uint16_t tlsext_type,	55	int tlsext_clienthello_parse_one(SSL s, CBS cbs, uint16_t tlsext_type,


diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c index 911e8d3f4e..63d401c337 100644 --- a/src/lib/libssl/t1_lib.c +++ b/src/lib/libssl/t1_lib.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: t1_lib.c,v 1.128 2017/08/12 21:03:08 jsing Exp $ */	1	/* $OpenBSD: t1_lib.c,v 1.129 2017/08/12 21:17:03 doug Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -690,39 +690,6 @@ ssl_add_clienthello_tlsext(SSL s, unsigned char p, unsigned char *limit)
690	return NULL;	690	return NULL;
691	ret += len;	691	ret += len;
692		692
693	if (!(SSL_get_options(s) & SSL_OP_NO_TICKET)) {
694	int ticklen;
695	if (!s->internal->new_session && s->session && s->session->tlsext_tick)
696	ticklen = s->session->tlsext_ticklen;
697	else if (s->session && s->internal->tlsext_session_ticket &&
698	s->internal->tlsext_session_ticket->data) {
699	ticklen = s->internal->tlsext_session_ticket->length;
700	s->session->tlsext_tick = malloc(ticklen);
701	if (!s->session->tlsext_tick)
702	return NULL;
703	memcpy(s->session->tlsext_tick,
704	s->internal->tlsext_session_ticket->data, ticklen);
705	s->session->tlsext_ticklen = ticklen;
706	} else
707	ticklen = 0;
708	if (ticklen == 0 && s->internal->tlsext_session_ticket &&
709	s->internal->tlsext_session_ticket->data == NULL)
710	goto skip_ext;
711	/* Check for enough room 2 for extension type, 2 for len
712	* rest for ticket
713	*/
714	if ((size_t)(limit - ret) < 4 + ticklen)
715	return NULL;
716	s2n(TLSEXT_TYPE_session_ticket, ret);
717
718	s2n(ticklen, ret);
719	if (ticklen) {
720	memcpy(ret, s->session->tlsext_tick, ticklen);
721	ret += ticklen;
722	}
723	}
724	skip_ext:
725
726	if (TLS1_get_client_version(s) >= TLS1_2_VERSION) {	693	if (TLS1_get_client_version(s) >= TLS1_2_VERSION) {
727	if ((size_t)(limit - ret) < sizeof(tls12_sigalgs) + 6)	694	if ((size_t)(limit - ret) < sizeof(tls12_sigalgs) + 6)
728	return NULL;	695	return NULL;
@@ -884,15 +851,6 @@ ssl_add_serverhello_tlsext(SSL s, unsigned char p, unsigned char *limit)
884	* extension.	851	* extension.
885	*/	852	*/
886		853
887	if (s->internal->tlsext_ticket_expected &&
888	!(SSL_get_options(s) & SSL_OP_NO_TICKET)) {
889	if ((size_t)(limit - ret) < 4)
890	return NULL;
891
892	s2n(TLSEXT_TYPE_session_ticket, ret);
893	s2n(0, ret);
894	}
895
896	if (s->internal->tlsext_status_expected) {	854	if (s->internal->tlsext_status_expected) {
897	if ((size_t)(limit - ret) < 4)	855	if ((size_t)(limit - ret) < 4)
898	return NULL;	856	return NULL;
@@ -1068,13 +1026,7 @@ ssl_parse_clienthello_tlsext(SSL s, unsigned char p, unsigned char d,
1068	if (!tlsext_clienthello_parse_one(s, &cbs, type, al))	1026	if (!tlsext_clienthello_parse_one(s, &cbs, type, al))
1069	return 0;	1027	return 0;
1070		1028
1071	if (type == TLSEXT_TYPE_session_ticket) {	1029	if (type == TLSEXT_TYPE_signature_algorithms) {
1072	if (s->internal->tls_session_ticket_ext_cb &&
1073	!s->internal->tls_session_ticket_ext_cb(s, data, size, s->internal->tls_session_ticket_ext_cb_arg)) {
1074	*al = TLS1_AD_INTERNAL_ERROR;
1075	return 0;
1076	}
1077	} else if (type == TLSEXT_TYPE_signature_algorithms) {
1078	int dsize;	1030	int dsize;
1079	if (sigalg_seen \|\| size < 2) {	1031	if (sigalg_seen \|\| size < 2) {
1080	*al = SSL_AD_DECODE_ERROR;	1032	*al = SSL_AD_DECODE_ERROR;
@@ -1277,19 +1229,7 @@ ssl_parse_serverhello_tlsext(SSL s, unsigned char p, size_t n, int al)
1277	if (!tlsext_serverhello_parse_one(s, &cbs, type, al))	1229	if (!tlsext_serverhello_parse_one(s, &cbs, type, al))
1278	return 0;	1230	return 0;
1279		1231
1280	if (type == TLSEXT_TYPE_session_ticket) {	1232	if (type == TLSEXT_TYPE_status_request &&
1281	if (s->internal->tls_session_ticket_ext_cb &&
1282	!s->internal->tls_session_ticket_ext_cb(s, data, size, s->internal->tls_session_ticket_ext_cb_arg)) {
1283	*al = TLS1_AD_INTERNAL_ERROR;
1284	return 0;
1285	}
1286	if ((SSL_get_options(s) & SSL_OP_NO_TICKET) \|\| (size > 0)) {
1287	*al = TLS1_AD_UNSUPPORTED_EXTENSION;
1288	return 0;
1289	}
1290	s->internal->tlsext_ticket_expected = 1;
1291	}
1292	else if (type == TLSEXT_TYPE_status_request &&
1293	s->version != DTLS1_VERSION) {	1233	s->version != DTLS1_VERSION) {
1294	/* MUST be empty and only sent if we've requested	1234	/* MUST be empty and only sent if we've requested
1295	* a status request message.	1235	* a status request message.