2 files changed, 7 insertions, 19 deletions
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index 18ff5b0c30..2f8ba1fc09 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.286 2020/08/31 14:34:01 tb Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.287 2020/09/01 05:32:11 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1402,7 +1402,6 @@ int ssl_check_serverhello_tlsext(SSL *s);
 #define TLS1_TICKET_EMPTY                1
 #define TLS1_TICKET_NOT_DECRYPTED        2
 #define TLS1_TICKET_DECRYPTED            3
-#define TLS1_TICKET_DECRYPTED_RENEW      4
 int tls1_process_ticket(SSL *s, CBS *session_id, CBS *ext_block,
    int *alert, SSL_SESSION **ret);
diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c
index b0fc630236..64e64bf902 100644
--- a/src/lib/libssl/t1_lib.c
+++ b/src/lib/libssl/t1_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_lib.c,v 1.171 2020/08/31 14:34:01 tb Exp $ */
+/* $OpenBSD: t1_lib.c,v 1.172 2020/09/01 05:32:11 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -844,18 +844,7 @@ tls1_process_ticket(SSL *s, CBS *session_id, CBS *ext_block, int *alert,
                return TLS1_TICKET_NOT_DECRYPTED;
        }
-        switch (tls_decrypt_ticket(s, session_id, &ext_data, alert, ret)) {
+        return tls_decrypt_ticket(s, session_id, &ext_data, alert, ret);
-        case TLS1_TICKET_NOT_DECRYPTED:
-                s->internal->tlsext_ticket_expected = 1;
-                return TLS1_TICKET_NOT_DECRYPTED;
-        case TLS1_TICKET_DECRYPTED:
-                return TLS1_TICKET_DECRYPTED;
-        case TLS1_TICKET_DECRYPTED_RENEW:
-                s->internal->tlsext_ticket_expected = 1;
-                return TLS1_TICKET_DECRYPTED;
-        default:
-                return TLS1_TICKET_FATAL_ERROR;
-        }
 }
 /* tls_decrypt_ticket attempts to decrypt a session ticket.
@@ -869,7 +858,6 @@ tls1_process_ticket(SSL *s, CBS *session_id, CBS *ext_block, int *alert,
 *    TLS1_TICKET_FATAL_ERROR: error from parsing or decrypting the ticket.
 *    TLS1_TICKET_NOT_DECRYPTED: the ticket couldn't be decrypted.
 *    TLS1_TICKET_DECRYPTED: a ticket was decrypted and *psess was set.
- *    TLS1_TICKET_DECRYPTED_RENEW: same as 3, but the ticket needs to be renewed.
 */
 static int
 tls_decrypt_ticket(SSL *s, CBS *session_id, CBS *ticket, int *alert,
@@ -1017,13 +1005,14 @@ tls_decrypt_ticket(SSL *s, CBS *session_id, CBS *ticket, int *alert,
        sess = NULL;
        if (renew_ticket)
-                ret = TLS1_TICKET_DECRYPTED_RENEW;
+                s->internal->tlsext_ticket_expected = 1;
-        else
-                ret = TLS1_TICKET_DECRYPTED;
+        ret = TLS1_TICKET_DECRYPTED;
        goto done;
 derr:
+        s->internal->tlsext_ticket_expected = 1;
        ret = TLS1_TICKET_NOT_DECRYPTED;
        goto done;

diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h index 18ff5b0c30..2f8ba1fc09 100644 --- a/src/lib/libssl/ssl_locl.h +++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_locl.h,v 1.286 2020/08/31 14:34:01 tb Exp $ */	1	/* $OpenBSD: ssl_locl.h,v 1.287 2020/09/01 05:32:11 tb Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -1402,7 +1402,6 @@ int ssl_check_serverhello_tlsext(SSL *s);
1402	#define TLS1_TICKET_EMPTY 1	1402	#define TLS1_TICKET_EMPTY 1
1403	#define TLS1_TICKET_NOT_DECRYPTED 2	1403	#define TLS1_TICKET_NOT_DECRYPTED 2
1404	#define TLS1_TICKET_DECRYPTED 3	1404	#define TLS1_TICKET_DECRYPTED 3
1405	#define TLS1_TICKET_DECRYPTED_RENEW 4
1406		1405
1407	int tls1_process_ticket(SSL s, CBS session_id, CBS *ext_block,	1406	int tls1_process_ticket(SSL s, CBS session_id, CBS *ext_block,
1408	int alert, SSL_SESSION *ret);	1407	int alert, SSL_SESSION *ret);


diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c index b0fc630236..64e64bf902 100644 --- a/src/lib/libssl/t1_lib.c +++ b/src/lib/libssl/t1_lib.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: t1_lib.c,v 1.171 2020/08/31 14:34:01 tb Exp $ */	1	/* $OpenBSD: t1_lib.c,v 1.172 2020/09/01 05:32:11 tb Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -844,18 +844,7 @@ tls1_process_ticket(SSL s, CBS session_id, CBS ext_block, int alert,
844	return TLS1_TICKET_NOT_DECRYPTED;	844	return TLS1_TICKET_NOT_DECRYPTED;
845	}	845	}
846		846
847	switch (tls_decrypt_ticket(s, session_id, &ext_data, alert, ret)) {	847	return tls_decrypt_ticket(s, session_id, &ext_data, alert, ret);
848	case TLS1_TICKET_NOT_DECRYPTED:
849	s->internal->tlsext_ticket_expected = 1;
850	return TLS1_TICKET_NOT_DECRYPTED;
851	case TLS1_TICKET_DECRYPTED:
852	return TLS1_TICKET_DECRYPTED;
853	case TLS1_TICKET_DECRYPTED_RENEW:
854	s->internal->tlsext_ticket_expected = 1;
855	return TLS1_TICKET_DECRYPTED;
856	default:
857	return TLS1_TICKET_FATAL_ERROR;
858	}
859	}	848	}
860		849
861	/* tls_decrypt_ticket attempts to decrypt a session ticket.	850	/* tls_decrypt_ticket attempts to decrypt a session ticket.
@@ -869,7 +858,6 @@ tls1_process_ticket(SSL s, CBS session_id, CBS ext_block, int alert,
869	* TLS1_TICKET_FATAL_ERROR: error from parsing or decrypting the ticket.	858	* TLS1_TICKET_FATAL_ERROR: error from parsing or decrypting the ticket.
870	* TLS1_TICKET_NOT_DECRYPTED: the ticket couldn't be decrypted.	859	* TLS1_TICKET_NOT_DECRYPTED: the ticket couldn't be decrypted.
871	* TLS1_TICKET_DECRYPTED: a ticket was decrypted and *psess was set.	860	* TLS1_TICKET_DECRYPTED: a ticket was decrypted and *psess was set.
872	* TLS1_TICKET_DECRYPTED_RENEW: same as 3, but the ticket needs to be renewed.
873	*/	861	*/
874	static int	862	static int
875	tls_decrypt_ticket(SSL s, CBS session_id, CBS ticket, int alert,	863	tls_decrypt_ticket(SSL s, CBS session_id, CBS ticket, int alert,
@@ -1017,13 +1005,14 @@ tls_decrypt_ticket(SSL s, CBS session_id, CBS ticket, int alert,
1017	sess = NULL;	1005	sess = NULL;
1018		1006
1019	if (renew_ticket)	1007	if (renew_ticket)
1020	ret = TLS1_TICKET_DECRYPTED_RENEW;	1008	s->internal->tlsext_ticket_expected = 1;
1021	else	1009
1022	ret = TLS1_TICKET_DECRYPTED;	1010	ret = TLS1_TICKET_DECRYPTED;
1023		1011
1024	goto done;	1012	goto done;
1025		1013
1026	derr:	1014	derr:
		1015	s->internal->tlsext_ticket_expected = 1;
1027	ret = TLS1_TICKET_NOT_DECRYPTED;	1016	ret = TLS1_TICKET_NOT_DECRYPTED;
1028	goto done;	1017	goto done;
1029		1018