Convert tls1_process_ticket to CBS.

ok miod@ jsing@
author: doug <> 2015-07-24 07:57:48 +0000
committer: doug <> 2015-07-24 07:57:48 +0000
commit: 7947eb00ec87714f4767a7da1487491559eb9f11 (patch)
tree: 4c37df21595a6a457d58d344bc65089bf8a0e864 /src
parent: f81ac49bb30eb3dff10b31b642500814f0c6a464 (diff)
download: openbsd-7947eb00ec87714f4767a7da1487491559eb9f11.tar.gz
openbsd-7947eb00ec87714f4767a7da1487491559eb9f11.tar.bz2
openbsd-7947eb00ec87714f4767a7da1487491559eb9f11.zip
4 files changed, 76 insertions, 62 deletions
diff --git a/src/lib/libssl/src/ssl/ssl_locl.h b/src/lib/libssl/src/ssl/ssl_locl.h
index d05ef600e5..74b699a48c 100644
--- a/src/lib/libssl/src/ssl/ssl_locl.h
+++ b/src/lib/libssl/src/ssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.99 2015/07/19 07:30:06 doug Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.100 2015/07/24 07:57:48 doug Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -825,9 +825,8 @@ int ssl_check_clienthello_tlsext_late(SSL *s);
 int ssl_check_serverhello_tlsext(SSL *s);
 #define tlsext_tick_md  EVP_sha256
-int tls1_process_ticket(SSL *s, unsigned char *session_id, int len,
+int tls1_process_ticket(SSL *s, const unsigned char *session_id, int len,
    const unsigned char *limit, SSL_SESSION **ret);
 int tls12_get_sigandhash(unsigned char *p, const EVP_PKEY *pk,
    const EVP_MD *md);
 int tls12_get_sigid(const EVP_PKEY *pk);
diff --git a/src/lib/libssl/src/ssl/t1_lib.c b/src/lib/libssl/src/ssl/t1_lib.c
index 2481a71f84..9ee495c790 100644
--- a/src/lib/libssl/src/ssl/t1_lib.c
+++ b/src/lib/libssl/src/ssl/t1_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_lib.c,v 1.81 2015/07/24 03:50:12 doug Exp $ */
+/* $OpenBSD: t1_lib.c,v 1.82 2015/07/24 07:57:48 doug Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -2046,12 +2046,11 @@ ssl_check_serverhello_tlsext(SSL *s)
 *   Otherwise, s->tlsext_ticket_expected is set to 0.
 */
 int
-tls1_process_ticket(SSL *s, unsigned char *session_id, int len,
+tls1_process_ticket(SSL *s, const unsigned char *session, int session_len,
    const unsigned char *limit, SSL_SESSION **ret)
 {
        /* Point after session ID in client hello */
-        const unsigned char *p = session_id + len;
+        CBS session_id, cookie, cipher_list, compress_algo, extensions;
-        unsigned short i;
        *ret = NULL;
        s->tlsext_ticket_expected = 0;
@@ -2061,40 +2060,47 @@ tls1_process_ticket(SSL *s, unsigned char *session_id, int len,
         */
        if (SSL_get_options(s) & SSL_OP_NO_TICKET)
                return 0;
-        if ((s->version <= SSL3_VERSION) || !limit)
+        if (s->version <= SSL3_VERSION || !limit)
                return 0;
-        if (p >= limit)
+        if (limit < session)
                return -1;
+        CBS_init(&session_id, session, limit - session);
+        /* Skip past the session id */
+        if (!CBS_skip(&session_id, session_len))
+                return -1;
        /* Skip past DTLS cookie */
        if (SSL_IS_DTLS(s)) {
-                i = *(p++);
+                if (!CBS_get_u8_length_prefixed(&session_id, &cookie))
-                p += i;
-                if (p >= limit)
                        return -1;
        }
        /* Skip past cipher list */
-        n2s(p, i);
+        if (!CBS_get_u16_length_prefixed(&session_id, &cipher_list))
-        p += i;
-        if (p >= limit)
                return -1;
        /* Skip past compression algorithm list */
-        i = *(p++);
+        if (!CBS_get_u8_length_prefixed(&session_id, &compress_algo))
-        p += i;
-        if (p > limit)
                return -1;
        /* Now at start of extensions */
-        if ((p + 2) >= limit)
+        if (!CBS_get_u16_length_prefixed(&session_id, &extensions))
-                return 0;
+                return -1;
-        n2s(p, i);
-        while ((p + 4) <= limit) {
+        while (CBS_len(&extensions) > 0) {
-                unsigned short type, size;
+                CBS ext_data;
-                n2s(p, type);
+                uint16_t ext_type;
-                n2s(p, size);
-                if (p + size > limit)
+                if (!CBS_get_u16(&extensions, &ext_type) ||
-                        return 0;
+                    !CBS_get_u16_length_prefixed(&extensions, &ext_data))
-                if (type == TLSEXT_TYPE_session_ticket) {
+                        return -1;
+                if (ext_type == TLSEXT_TYPE_session_ticket) {
                        int r;
-                        if (size == 0) {
+                        if (CBS_len(&ext_data) == 0) {
                                /* The client will accept a ticket but doesn't
                                 * currently have one. */
                                s->tlsext_ticket_expected = 1;
@@ -2108,7 +2114,10 @@ tls1_process_ticket(SSL *s, unsigned char *session_id, int len,
                                 * calculate the master secret later. */
                                return 2;
                        }
-                        r = tls_decrypt_ticket(s, p, size, session_id, len, ret);
+                        r = tls_decrypt_ticket(s, CBS_data(&ext_data),
+                            CBS_len(&ext_data), session, session_len, ret);
                        switch (r) {
                        case 2: /* ticket couldn't be decrypted */
                                s->tlsext_ticket_expected = 1;
@@ -2122,7 +2131,6 @@ tls1_process_ticket(SSL *s, unsigned char *session_id, int len,
                                return -1;
                        }
                }
-                p += size;
        }
        return 0;
 }
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index d05ef600e5..74b699a48c 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.99 2015/07/19 07:30:06 doug Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.100 2015/07/24 07:57:48 doug Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -825,9 +825,8 @@ int ssl_check_clienthello_tlsext_late(SSL *s);
 int ssl_check_serverhello_tlsext(SSL *s);
 #define tlsext_tick_md  EVP_sha256
-int tls1_process_ticket(SSL *s, unsigned char *session_id, int len,
+int tls1_process_ticket(SSL *s, const unsigned char *session_id, int len,
    const unsigned char *limit, SSL_SESSION **ret);
 int tls12_get_sigandhash(unsigned char *p, const EVP_PKEY *pk,
    const EVP_MD *md);
 int tls12_get_sigid(const EVP_PKEY *pk);
diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c
index 2481a71f84..9ee495c790 100644
--- a/src/lib/libssl/t1_lib.c
+++ b/src/lib/libssl/t1_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_lib.c,v 1.81 2015/07/24 03:50:12 doug Exp $ */
+/* $OpenBSD: t1_lib.c,v 1.82 2015/07/24 07:57:48 doug Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -2046,12 +2046,11 @@ ssl_check_serverhello_tlsext(SSL *s)
 *   Otherwise, s->tlsext_ticket_expected is set to 0.
 */
 int
-tls1_process_ticket(SSL *s, unsigned char *session_id, int len,
+tls1_process_ticket(SSL *s, const unsigned char *session, int session_len,
    const unsigned char *limit, SSL_SESSION **ret)
 {
        /* Point after session ID in client hello */
-        const unsigned char *p = session_id + len;
+        CBS session_id, cookie, cipher_list, compress_algo, extensions;
-        unsigned short i;
        *ret = NULL;
        s->tlsext_ticket_expected = 0;
@@ -2061,40 +2060,47 @@ tls1_process_ticket(SSL *s, unsigned char *session_id, int len,
         */
        if (SSL_get_options(s) & SSL_OP_NO_TICKET)
                return 0;
-        if ((s->version <= SSL3_VERSION) || !limit)
+        if (s->version <= SSL3_VERSION || !limit)
                return 0;
-        if (p >= limit)
+        if (limit < session)
                return -1;
+        CBS_init(&session_id, session, limit - session);
+        /* Skip past the session id */
+        if (!CBS_skip(&session_id, session_len))
+                return -1;
        /* Skip past DTLS cookie */
        if (SSL_IS_DTLS(s)) {
-                i = *(p++);
+                if (!CBS_get_u8_length_prefixed(&session_id, &cookie))
-                p += i;
-                if (p >= limit)
                        return -1;
        }
        /* Skip past cipher list */
-        n2s(p, i);
+        if (!CBS_get_u16_length_prefixed(&session_id, &cipher_list))
-        p += i;
-        if (p >= limit)
                return -1;
        /* Skip past compression algorithm list */
-        i = *(p++);
+        if (!CBS_get_u8_length_prefixed(&session_id, &compress_algo))
-        p += i;
-        if (p > limit)
                return -1;
        /* Now at start of extensions */
-        if ((p + 2) >= limit)
+        if (!CBS_get_u16_length_prefixed(&session_id, &extensions))
-                return 0;
+                return -1;
-        n2s(p, i);
-        while ((p + 4) <= limit) {
+        while (CBS_len(&extensions) > 0) {
-                unsigned short type, size;
+                CBS ext_data;
-                n2s(p, type);
+                uint16_t ext_type;
-                n2s(p, size);
-                if (p + size > limit)
+                if (!CBS_get_u16(&extensions, &ext_type) ||
-                        return 0;
+                    !CBS_get_u16_length_prefixed(&extensions, &ext_data))
-                if (type == TLSEXT_TYPE_session_ticket) {
+                        return -1;
+                if (ext_type == TLSEXT_TYPE_session_ticket) {
                        int r;
-                        if (size == 0) {
+                        if (CBS_len(&ext_data) == 0) {
                                /* The client will accept a ticket but doesn't
                                 * currently have one. */
                                s->tlsext_ticket_expected = 1;
@@ -2108,7 +2114,10 @@ tls1_process_ticket(SSL *s, unsigned char *session_id, int len,
                                 * calculate the master secret later. */
                                return 2;
                        }
-                        r = tls_decrypt_ticket(s, p, size, session_id, len, ret);
+                        r = tls_decrypt_ticket(s, CBS_data(&ext_data),
+                            CBS_len(&ext_data), session, session_len, ret);
                        switch (r) {
                        case 2: /* ticket couldn't be decrypted */
                                s->tlsext_ticket_expected = 1;
@@ -2122,7 +2131,6 @@ tls1_process_ticket(SSL *s, unsigned char *session_id, int len,
                                return -1;
                        }
                }
-                p += size;
        }
        return 0;
 }
author	doug <>	2015-07-24 07:57:48 +0000
committer	doug <>	2015-07-24 07:57:48 +0000
commit	7947eb00ec87714f4767a7da1487491559eb9f11 (patch)
tree	4c37df21595a6a457d58d344bc65089bf8a0e864 /src
parent	f81ac49bb30eb3dff10b31b642500814f0c6a464 (diff)
download	openbsd-7947eb00ec87714f4767a7da1487491559eb9f11.tar.gz openbsd-7947eb00ec87714f4767a7da1487491559eb9f11.tar.bz2 openbsd-7947eb00ec87714f4767a7da1487491559eb9f11.zip

diff --git a/src/lib/libssl/src/ssl/ssl_locl.h b/src/lib/libssl/src/ssl/ssl_locl.h index d05ef600e5..74b699a48c 100644 --- a/src/lib/libssl/src/ssl/ssl_locl.h +++ b/src/lib/libssl/src/ssl/ssl_locl.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_locl.h,v 1.99 2015/07/19 07:30:06 doug Exp $ */	1	/* $OpenBSD: ssl_locl.h,v 1.100 2015/07/24 07:57:48 doug Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -825,9 +825,8 @@ int ssl_check_clienthello_tlsext_late(SSL *s);
825	int ssl_check_serverhello_tlsext(SSL *s);	825	int ssl_check_serverhello_tlsext(SSL *s);
826		826
827	#define tlsext_tick_md EVP_sha256	827	#define tlsext_tick_md EVP_sha256
828	int tls1_process_ticket(SSL s, unsigned char session_id, int len,	828	int tls1_process_ticket(SSL s, const unsigned char session_id, int len,
829	const unsigned char limit, SSL_SESSION *ret);	829	const unsigned char limit, SSL_SESSION *ret);
830
831	int tls12_get_sigandhash(unsigned char p, const EVP_PKEY pk,	830	int tls12_get_sigandhash(unsigned char p, const EVP_PKEY pk,
832	const EVP_MD *md);	831	const EVP_MD *md);
833	int tls12_get_sigid(const EVP_PKEY *pk);	832	int tls12_get_sigid(const EVP_PKEY *pk);


diff --git a/src/lib/libssl/src/ssl/t1_lib.c b/src/lib/libssl/src/ssl/t1_lib.c index 2481a71f84..9ee495c790 100644 --- a/src/lib/libssl/src/ssl/t1_lib.c +++ b/src/lib/libssl/src/ssl/t1_lib.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: t1_lib.c,v 1.81 2015/07/24 03:50:12 doug Exp $ */	1	/* $OpenBSD: t1_lib.c,v 1.82 2015/07/24 07:57:48 doug Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -2046,12 +2046,11 @@ ssl_check_serverhello_tlsext(SSL *s)
2046	* Otherwise, s->tlsext_ticket_expected is set to 0.	2046	* Otherwise, s->tlsext_ticket_expected is set to 0.
2047	*/	2047	*/
2048	int	2048	int
2049	tls1_process_ticket(SSL s, unsigned char session_id, int len,	2049	tls1_process_ticket(SSL s, const unsigned char session, int session_len,
2050	const unsigned char limit, SSL_SESSION *ret)	2050	const unsigned char limit, SSL_SESSION *ret)
2051	{	2051	{
2052	/* Point after session ID in client hello */	2052	/* Point after session ID in client hello */
2053	const unsigned char *p = session_id + len;	2053	CBS session_id, cookie, cipher_list, compress_algo, extensions;
2054	unsigned short i;
2055		2054
2056	*ret = NULL;	2055	*ret = NULL;
2057	s->tlsext_ticket_expected = 0;	2056	s->tlsext_ticket_expected = 0;
@@ -2061,40 +2060,47 @@ tls1_process_ticket(SSL s, unsigned char session_id, int len,
2061	*/	2060	*/
2062	if (SSL_get_options(s) & SSL_OP_NO_TICKET)	2061	if (SSL_get_options(s) & SSL_OP_NO_TICKET)
2063	return 0;	2062	return 0;
2064	if ((s->version <= SSL3_VERSION) \|\| !limit)	2063	if (s->version <= SSL3_VERSION \|\| !limit)
2065	return 0;	2064	return 0;
2066	if (p >= limit)	2065
		2066	if (limit < session)
2067	return -1;	2067	return -1;
		2068
		2069	CBS_init(&session_id, session, limit - session);
		2070
		2071	/* Skip past the session id */
		2072	if (!CBS_skip(&session_id, session_len))
		2073	return -1;
		2074
2068	/* Skip past DTLS cookie */	2075	/* Skip past DTLS cookie */
2069	if (SSL_IS_DTLS(s)) {	2076	if (SSL_IS_DTLS(s)) {
2070	i = *(p++);	2077	if (!CBS_get_u8_length_prefixed(&session_id, &cookie))
2071	p += i;
2072	if (p >= limit)
2073	return -1;	2078	return -1;
2074	}	2079	}
		2080
2075	/* Skip past cipher list */	2081	/* Skip past cipher list */
2076	n2s(p, i);	2082	if (!CBS_get_u16_length_prefixed(&session_id, &cipher_list))
2077	p += i;
2078	if (p >= limit)
2079	return -1;	2083	return -1;
		2084
2080	/* Skip past compression algorithm list */	2085	/* Skip past compression algorithm list */
2081	i = *(p++);	2086	if (!CBS_get_u8_length_prefixed(&session_id, &compress_algo))
2082	p += i;
2083	if (p > limit)
2084	return -1;	2087	return -1;
		2088
2085	/* Now at start of extensions */	2089	/* Now at start of extensions */
2086	if ((p + 2) >= limit)	2090	if (!CBS_get_u16_length_prefixed(&session_id, &extensions))
2087	return 0;	2091	return -1;
2088	n2s(p, i);	2092
2089	while ((p + 4) <= limit) {	2093	while (CBS_len(&extensions) > 0) {
2090	unsigned short type, size;	2094	CBS ext_data;
2091	n2s(p, type);	2095	uint16_t ext_type;
2092	n2s(p, size);	2096
2093	if (p + size > limit)	2097	if (!CBS_get_u16(&extensions, &ext_type) \|\|
2094	return 0;	2098	!CBS_get_u16_length_prefixed(&extensions, &ext_data))
2095	if (type == TLSEXT_TYPE_session_ticket) {	2099	return -1;
		2100
		2101	if (ext_type == TLSEXT_TYPE_session_ticket) {
2096	int r;	2102	int r;
2097	if (size == 0) {	2103	if (CBS_len(&ext_data) == 0) {
2098	/* The client will accept a ticket but doesn't	2104	/* The client will accept a ticket but doesn't
2099	* currently have one. */	2105	* currently have one. */
2100	s->tlsext_ticket_expected = 1;	2106	s->tlsext_ticket_expected = 1;
@@ -2108,7 +2114,10 @@ tls1_process_ticket(SSL s, unsigned char session_id, int len,
2108	* calculate the master secret later. */	2114	* calculate the master secret later. */
2109	return 2;	2115	return 2;
2110	}	2116	}
2111	r = tls_decrypt_ticket(s, p, size, session_id, len, ret);	2117
		2118	r = tls_decrypt_ticket(s, CBS_data(&ext_data),
		2119	CBS_len(&ext_data), session, session_len, ret);
		2120
2112	switch (r) {	2121	switch (r) {
2113	case 2: /* ticket couldn't be decrypted */	2122	case 2: /* ticket couldn't be decrypted */
2114	s->tlsext_ticket_expected = 1;	2123	s->tlsext_ticket_expected = 1;
@@ -2122,7 +2131,6 @@ tls1_process_ticket(SSL s, unsigned char session_id, int len,
2122	return -1;	2131	return -1;
2123	}	2132	}
2124	}	2133	}
2125	p += size;
2126	}	2134	}
2127	return 0;	2135	return 0;
2128	}	2136	}


diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h index d05ef600e5..74b699a48c 100644 --- a/src/lib/libssl/ssl_locl.h +++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_locl.h,v 1.99 2015/07/19 07:30:06 doug Exp $ */	1	/* $OpenBSD: ssl_locl.h,v 1.100 2015/07/24 07:57:48 doug Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -825,9 +825,8 @@ int ssl_check_clienthello_tlsext_late(SSL *s);
825	int ssl_check_serverhello_tlsext(SSL *s);	825	int ssl_check_serverhello_tlsext(SSL *s);
826		826
827	#define tlsext_tick_md EVP_sha256	827	#define tlsext_tick_md EVP_sha256
828	int tls1_process_ticket(SSL s, unsigned char session_id, int len,	828	int tls1_process_ticket(SSL s, const unsigned char session_id, int len,
829	const unsigned char limit, SSL_SESSION *ret);	829	const unsigned char limit, SSL_SESSION *ret);
830
831	int tls12_get_sigandhash(unsigned char p, const EVP_PKEY pk,	830	int tls12_get_sigandhash(unsigned char p, const EVP_PKEY pk,
832	const EVP_MD *md);	831	const EVP_MD *md);
833	int tls12_get_sigid(const EVP_PKEY *pk);	832	int tls12_get_sigid(const EVP_PKEY *pk);


diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c index 2481a71f84..9ee495c790 100644 --- a/src/lib/libssl/t1_lib.c +++ b/src/lib/libssl/t1_lib.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: t1_lib.c,v 1.81 2015/07/24 03:50:12 doug Exp $ */	1	/* $OpenBSD: t1_lib.c,v 1.82 2015/07/24 07:57:48 doug Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -2046,12 +2046,11 @@ ssl_check_serverhello_tlsext(SSL *s)
2046	* Otherwise, s->tlsext_ticket_expected is set to 0.	2046	* Otherwise, s->tlsext_ticket_expected is set to 0.
2047	*/	2047	*/
2048	int	2048	int
2049	tls1_process_ticket(SSL s, unsigned char session_id, int len,	2049	tls1_process_ticket(SSL s, const unsigned char session, int session_len,
2050	const unsigned char limit, SSL_SESSION *ret)	2050	const unsigned char limit, SSL_SESSION *ret)
2051	{	2051	{
2052	/* Point after session ID in client hello */	2052	/* Point after session ID in client hello */
2053	const unsigned char *p = session_id + len;	2053	CBS session_id, cookie, cipher_list, compress_algo, extensions;
2054	unsigned short i;
2055		2054
2056	*ret = NULL;	2055	*ret = NULL;
2057	s->tlsext_ticket_expected = 0;	2056	s->tlsext_ticket_expected = 0;
@@ -2061,40 +2060,47 @@ tls1_process_ticket(SSL s, unsigned char session_id, int len,
2061	*/	2060	*/
2062	if (SSL_get_options(s) & SSL_OP_NO_TICKET)	2061	if (SSL_get_options(s) & SSL_OP_NO_TICKET)
2063	return 0;	2062	return 0;
2064	if ((s->version <= SSL3_VERSION) \|\| !limit)	2063	if (s->version <= SSL3_VERSION \|\| !limit)
2065	return 0;	2064	return 0;
2066	if (p >= limit)	2065
		2066	if (limit < session)
2067	return -1;	2067	return -1;
		2068
		2069	CBS_init(&session_id, session, limit - session);
		2070
		2071	/* Skip past the session id */
		2072	if (!CBS_skip(&session_id, session_len))
		2073	return -1;
		2074
2068	/* Skip past DTLS cookie */	2075	/* Skip past DTLS cookie */
2069	if (SSL_IS_DTLS(s)) {	2076	if (SSL_IS_DTLS(s)) {
2070	i = *(p++);	2077	if (!CBS_get_u8_length_prefixed(&session_id, &cookie))
2071	p += i;
2072	if (p >= limit)
2073	return -1;	2078	return -1;
2074	}	2079	}
		2080
2075	/* Skip past cipher list */	2081	/* Skip past cipher list */
2076	n2s(p, i);	2082	if (!CBS_get_u16_length_prefixed(&session_id, &cipher_list))
2077	p += i;
2078	if (p >= limit)
2079	return -1;	2083	return -1;
		2084
2080	/* Skip past compression algorithm list */	2085	/* Skip past compression algorithm list */
2081	i = *(p++);	2086	if (!CBS_get_u8_length_prefixed(&session_id, &compress_algo))
2082	p += i;
2083	if (p > limit)
2084	return -1;	2087	return -1;
		2088
2085	/* Now at start of extensions */	2089	/* Now at start of extensions */
2086	if ((p + 2) >= limit)	2090	if (!CBS_get_u16_length_prefixed(&session_id, &extensions))
2087	return 0;	2091	return -1;
2088	n2s(p, i);	2092
2089	while ((p + 4) <= limit) {	2093	while (CBS_len(&extensions) > 0) {
2090	unsigned short type, size;	2094	CBS ext_data;
2091	n2s(p, type);	2095	uint16_t ext_type;
2092	n2s(p, size);	2096
2093	if (p + size > limit)	2097	if (!CBS_get_u16(&extensions, &ext_type) \|\|
2094	return 0;	2098	!CBS_get_u16_length_prefixed(&extensions, &ext_data))
2095	if (type == TLSEXT_TYPE_session_ticket) {	2099	return -1;
		2100
		2101	if (ext_type == TLSEXT_TYPE_session_ticket) {
2096	int r;	2102	int r;
2097	if (size == 0) {	2103	if (CBS_len(&ext_data) == 0) {
2098	/* The client will accept a ticket but doesn't	2104	/* The client will accept a ticket but doesn't
2099	* currently have one. */	2105	* currently have one. */
2100	s->tlsext_ticket_expected = 1;	2106	s->tlsext_ticket_expected = 1;
@@ -2108,7 +2114,10 @@ tls1_process_ticket(SSL s, unsigned char session_id, int len,
2108	* calculate the master secret later. */	2114	* calculate the master secret later. */
2109	return 2;	2115	return 2;
2110	}	2116	}
2111	r = tls_decrypt_ticket(s, p, size, session_id, len, ret);	2117
		2118	r = tls_decrypt_ticket(s, CBS_data(&ext_data),
		2119	CBS_len(&ext_data), session, session_len, ret);
		2120
2112	switch (r) {	2121	switch (r) {
2113	case 2: /* ticket couldn't be decrypted */	2122	case 2: /* ticket couldn't be decrypted */
2114	s->tlsext_ticket_expected = 1;	2123	s->tlsext_ticket_expected = 1;
@@ -2122,7 +2131,6 @@ tls1_process_ticket(SSL s, unsigned char session_id, int len,
2122	return -1;	2131	return -1;
2123	}	2132	}
2124	}	2133	}
2125	p += size;
2126	}	2134	}
2127	return 0;	2135	return 0;
2128	}	2136	}