1 files changed, 53 insertions, 53 deletions
diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c
index 355c9827ef..c326575231 100644
--- a/src/lib/libssl/t1_lib.c
+++ b/src/lib/libssl/t1_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_lib.c,v 1.195 2022/08/17 18:45:25 tb Exp $ */
+/* $OpenBSD: t1_lib.c,v 1.196 2022/10/02 16:36:42 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -139,7 +139,7 @@ tls1_free(SSL *s)
        if (s == NULL)
                return;
-        free(s->internal->tlsext_session_ticket);
+        free(s->tlsext_session_ticket);
        ssl3_free(s);
 }
@@ -404,8 +404,8 @@ tls1_get_formatlist(const SSL *s, int client_formats, const uint8_t **pformats,
                return;
        }
-        *pformats = s->internal->tlsext_ecpointformatlist;
+        *pformats = s->tlsext_ecpointformatlist;
-        *pformatslen = s->internal->tlsext_ecpointformatlist_length;
+        *pformatslen = s->tlsext_ecpointformatlist_length;
        if (*pformats == NULL) {
                *pformats = ecformats_default;
                *pformatslen = sizeof(ecformats_default);
@@ -427,8 +427,8 @@ tls1_get_group_list(const SSL *s, int client_groups, const uint16_t **pgroups,
                return;
        }
-        *pgroups = s->internal->tlsext_supportedgroups;
+        *pgroups = s->tlsext_supportedgroups;
-        *pgroupslen = s->internal->tlsext_supportedgroups_length;
+        *pgroupslen = s->tlsext_supportedgroups_length;
        if (*pgroups != NULL)
                return;
@@ -451,7 +451,7 @@ tls1_get_group_lists(const SSL *ssl, const uint16_t **pref, size_t *preflen,
        if (!ssl->server)
                return 0;
-        server_pref = (ssl->internal->options & SSL_OP_CIPHER_SERVER_PREFERENCE);
+        server_pref = (ssl->options & SSL_OP_CIPHER_SERVER_PREFERENCE);
        tls1_get_group_list(ssl, (server_pref == 0), pref, preflen);
        tls1_get_group_list(ssl, (server_pref != 0), supp, supplen);
@@ -738,12 +738,12 @@ ssl_check_clienthello_tlsext_early(SSL *s)
         * ssl3_choose_cipher in s3_lib.c.
         */
-        if (s->ctx != NULL && s->ctx->internal->tlsext_servername_callback != 0)
+        if (s->ctx != NULL && s->ctx->tlsext_servername_callback != 0)
-                ret = s->ctx->internal->tlsext_servername_callback(s, &al,
+                ret = s->ctx->tlsext_servername_callback(s, &al,
-                    s->ctx->internal->tlsext_servername_arg);
+                    s->ctx->tlsext_servername_arg);
-        else if (s->initial_ctx != NULL && s->initial_ctx->internal->tlsext_servername_callback != 0)
+        else if (s->initial_ctx != NULL && s->initial_ctx->tlsext_servername_callback != 0)
-                ret = s->initial_ctx->internal->tlsext_servername_callback(s, &al,
+                ret = s->initial_ctx->tlsext_servername_callback(s, &al,
-                    s->initial_ctx->internal->tlsext_servername_arg);
+                    s->initial_ctx->tlsext_servername_arg);
        switch (ret) {
        case SSL_TLSEXT_ERR_ALERT_FATAL:
@@ -770,32 +770,32 @@ ssl_check_clienthello_tlsext_late(SSL *s)
         * has been chosen because this may influence which certificate is sent
         */
        if ((s->tlsext_status_type != -1) &&
-            s->ctx && s->ctx->internal->tlsext_status_cb) {
+            s->ctx && s->ctx->tlsext_status_cb) {
                int r;
                SSL_CERT_PKEY *certpkey;
                certpkey = ssl_get_server_send_pkey(s);
                /* If no certificate can't return certificate status */
                if (certpkey == NULL) {
-                        s->internal->tlsext_status_expected = 0;
+                        s->tlsext_status_expected = 0;
                        return 1;
                }
                /* Set current certificate to one we will use so
                 * SSL_get_certificate et al can pick it up.
                 */
                s->cert->key = certpkey;
-                r = s->ctx->internal->tlsext_status_cb(s,
+                r = s->ctx->tlsext_status_cb(s,
-                    s->ctx->internal->tlsext_status_arg);
+                    s->ctx->tlsext_status_arg);
                switch (r) {
                        /* We don't want to send a status request response */
                case SSL_TLSEXT_ERR_NOACK:
-                        s->internal->tlsext_status_expected = 0;
+                        s->tlsext_status_expected = 0;
                        break;
                        /* status request response should be sent */
                case SSL_TLSEXT_ERR_OK:
-                        if (s->internal->tlsext_ocsp_resp)
+                        if (s->tlsext_ocsp_resp)
-                                s->internal->tlsext_status_expected = 1;
+                                s->tlsext_status_expected = 1;
                        else
-                                s->internal->tlsext_status_expected = 0;
+                                s->tlsext_status_expected = 0;
                        break;
                        /* something bad happened */
                case SSL_TLSEXT_ERR_ALERT_FATAL:
@@ -804,7 +804,7 @@ ssl_check_clienthello_tlsext_late(SSL *s)
                        goto err;
                }
        } else
-                s->internal->tlsext_status_expected = 0;
+                s->tlsext_status_expected = 0;
 err:
        switch (ret) {
@@ -827,26 +827,26 @@ ssl_check_serverhello_tlsext(SSL *s)
        ret = SSL_TLSEXT_ERR_OK;
-        if (s->ctx != NULL && s->ctx->internal->tlsext_servername_callback != 0)
+        if (s->ctx != NULL && s->ctx->tlsext_servername_callback != 0)
-                ret = s->ctx->internal->tlsext_servername_callback(s, &al,
+                ret = s->ctx->tlsext_servername_callback(s, &al,
-                    s->ctx->internal->tlsext_servername_arg);
+                    s->ctx->tlsext_servername_arg);
-        else if (s->initial_ctx != NULL && s->initial_ctx->internal->tlsext_servername_callback != 0)
+        else if (s->initial_ctx != NULL && s->initial_ctx->tlsext_servername_callback != 0)
-                ret = s->initial_ctx->internal->tlsext_servername_callback(s, &al,
+                ret = s->initial_ctx->tlsext_servername_callback(s, &al,
-                    s->initial_ctx->internal->tlsext_servername_arg);
+                    s->initial_ctx->tlsext_servername_arg);
        /* If we've requested certificate status and we wont get one
         * tell the callback
         */
-        if ((s->tlsext_status_type != -1) && !(s->internal->tlsext_status_expected) &&
+        if ((s->tlsext_status_type != -1) && !(s->tlsext_status_expected) &&
-            s->ctx && s->ctx->internal->tlsext_status_cb) {
+            s->ctx && s->ctx->tlsext_status_cb) {
                int r;
-                free(s->internal->tlsext_ocsp_resp);
+                free(s->tlsext_ocsp_resp);
-                s->internal->tlsext_ocsp_resp = NULL;
+                s->tlsext_ocsp_resp = NULL;
-                s->internal->tlsext_ocsp_resp_len = 0;
+                s->tlsext_ocsp_resp_len = 0;
-                r = s->ctx->internal->tlsext_status_cb(s,
+                r = s->ctx->tlsext_status_cb(s,
-                    s->ctx->internal->tlsext_status_arg);
+                    s->ctx->tlsext_status_arg);
                if (r == 0) {
                        al = SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE;
                        ret = SSL_TLSEXT_ERR_ALERT_FATAL;
@@ -878,27 +878,27 @@ ssl_check_serverhello_tlsext(SSL *s)
 *   ret: (output) on return, if a ticket was decrypted, then this is set to
 *       point to the resulting session.
 *
- * If s->internal->tls_session_secret_cb is set then we are expecting a pre-shared key
+ * If s->tls_session_secret_cb is set then we are expecting a pre-shared key
 * ciphersuite, in which case we have no use for session tickets and one will
- * never be decrypted, nor will s->internal->tlsext_ticket_expected be set to 1.
+ * never be decrypted, nor will s->tlsext_ticket_expected be set to 1.
 *
 * Returns:
 *    TLS1_TICKET_FATAL_ERROR: error from parsing or decrypting the ticket.
 *    TLS1_TICKET_NONE: no ticket was found (or was ignored, based on settings).
 *    TLS1_TICKET_EMPTY: a zero length extension was found, indicating that the
 *       client supports session tickets but doesn't currently have one to offer.
- *    TLS1_TICKET_NOT_DECRYPTED: either s->internal->tls_session_secret_cb was
+ *    TLS1_TICKET_NOT_DECRYPTED: either s->tls_session_secret_cb was
 *       set, or a ticket was offered but couldn't be decrypted because of a
 *       non-fatal error.
 *    TLS1_TICKET_DECRYPTED: a ticket was successfully decrypted and *ret was set.
 *
 * Side effects:
- *   Sets s->internal->tlsext_ticket_expected to 1 if the server will have to issue
+ *   Sets s->tlsext_ticket_expected to 1 if the server will have to issue
 *   a new session ticket to the client because the client indicated support
- *   (and s->internal->tls_session_secret_cb is NULL) but the client either doesn't have
+ *   (and s->tls_session_secret_cb is NULL) but the client either doesn't have
 *   a session ticket or we couldn't use the one it gave us, or if
 *   s->ctx->tlsext_ticket_key_cb asked to renew the client's ticket.
- *   Otherwise, s->internal->tlsext_ticket_expected is set to 0.
+ *   Otherwise, s->tlsext_ticket_expected is set to 0.
 */
 int
 tls1_process_ticket(SSL *s, CBS *ext_block, int *alert, SSL_SESSION **ret)
@@ -906,7 +906,7 @@ tls1_process_ticket(SSL *s, CBS *ext_block, int *alert, SSL_SESSION **ret)
        CBS extensions, ext_data;
        uint16_t ext_type = 0;
-        s->internal->tlsext_ticket_expected = 0;
+        s->tlsext_ticket_expected = 0;
        *ret = NULL;
        /*
@@ -947,11 +947,11 @@ tls1_process_ticket(SSL *s, CBS *ext_block, int *alert, SSL_SESSION **ret)
                 * The client will accept a ticket but does not currently
                 * have one.
                 */
-                s->internal->tlsext_ticket_expected = 1;
+                s->tlsext_ticket_expected = 1;
                return TLS1_TICKET_EMPTY;
        }
-        if (s->internal->tls_session_secret_cb != NULL) {
+        if (s->tls_session_secret_cb != NULL) {
                /*
                 * Indicate that the ticket could not be decrypted rather than
                 * generating the session from ticket now, trigger abbreviated
@@ -1004,7 +1004,7 @@ tls_decrypt_ticket(SSL *s, CBS *ticket, int *alert, SSL_SESSION **psess)
        if ((hctx = HMAC_CTX_new()) == NULL)
                goto err;
-        if (tctx->internal->tlsext_ticket_key_cb != NULL) {
+        if (tctx->tlsext_ticket_key_cb != NULL) {
                int rv;
                /*
@@ -1016,7 +1016,7 @@ tls_decrypt_ticket(SSL *s, CBS *ticket, int *alert, SSL_SESSION **psess)
                if (CBS_len(ticket) < EVP_MAX_IV_LENGTH)
                        goto derr;
-                if ((rv = tctx->internal->tlsext_ticket_key_cb(s,
+                if ((rv = tctx->tlsext_ticket_key_cb(s,
                    (unsigned char *)CBS_data(&ticket_name),
                    (unsigned char *)CBS_data(ticket), cctx, hctx, 0)) < 0)
                        goto err;
@@ -1024,7 +1024,7 @@ tls_decrypt_ticket(SSL *s, CBS *ticket, int *alert, SSL_SESSION **psess)
                        goto derr;
                if (rv == 2) {
                        /* Renew ticket. */
-                        s->internal->tlsext_ticket_expected = 1;
+                        s->tlsext_ticket_expected = 1;
                }
                /*
@@ -1037,17 +1037,17 @@ tls_decrypt_ticket(SSL *s, CBS *ticket, int *alert, SSL_SESSION **psess)
        } else {
                /* Check that the key name matches. */
                if (!CBS_mem_equal(&ticket_name,
-                    tctx->internal->tlsext_tick_key_name,
+                    tctx->tlsext_tick_key_name,
-                    sizeof(tctx->internal->tlsext_tick_key_name)))
+                    sizeof(tctx->tlsext_tick_key_name)))
                        goto derr;
                if (!CBS_get_bytes(ticket, &ticket_iv,
                    EVP_CIPHER_iv_length(EVP_aes_128_cbc())))
                        goto derr;
                if (!EVP_DecryptInit_ex(cctx, EVP_aes_128_cbc(), NULL,
-                    tctx->internal->tlsext_tick_aes_key, CBS_data(&ticket_iv)))
+                    tctx->tlsext_tick_aes_key, CBS_data(&ticket_iv)))
                        goto err;
-                if (!HMAC_Init_ex(hctx, tctx->internal->tlsext_tick_hmac_key,
+                if (!HMAC_Init_ex(hctx, tctx->tlsext_tick_hmac_key,
-                    sizeof(tctx->internal->tlsext_tick_hmac_key), EVP_sha256(),
+                    sizeof(tctx->tlsext_tick_hmac_key), EVP_sha256(),
                    NULL))
                        goto err;
        }
@@ -1113,7 +1113,7 @@ tls_decrypt_ticket(SSL *s, CBS *ticket, int *alert, SSL_SESSION **psess)
 derr:
        ERR_clear_error();
-        s->internal->tlsext_ticket_expected = 1;
+        s->tlsext_ticket_expected = 1;
        ret = TLS1_TICKET_NOT_DECRYPTED;
        goto done;

diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c index 355c9827ef..c326575231 100644 --- a/src/lib/libssl/t1_lib.c +++ b/src/lib/libssl/t1_lib.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: t1_lib.c,v 1.195 2022/08/17 18:45:25 tb Exp $ */	1	/* $OpenBSD: t1_lib.c,v 1.196 2022/10/02 16:36:42 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -139,7 +139,7 @@ tls1_free(SSL *s)
139	if (s == NULL)	139	if (s == NULL)
140	return;	140	return;
141		141
142	free(s->internal->tlsext_session_ticket);	142	free(s->tlsext_session_ticket);
143	ssl3_free(s);	143	ssl3_free(s);
144	}	144	}
145		145
@@ -404,8 +404,8 @@ tls1_get_formatlist(const SSL s, int client_formats, const uint8_t *pformats,
404	return;	404	return;
405	}	405	}
406		406
407	*pformats = s->internal->tlsext_ecpointformatlist;	407	*pformats = s->tlsext_ecpointformatlist;
408	*pformatslen = s->internal->tlsext_ecpointformatlist_length;	408	*pformatslen = s->tlsext_ecpointformatlist_length;
409	if (*pformats == NULL) {	409	if (*pformats == NULL) {
410	*pformats = ecformats_default;	410	*pformats = ecformats_default;
411	*pformatslen = sizeof(ecformats_default);	411	*pformatslen = sizeof(ecformats_default);
@@ -427,8 +427,8 @@ tls1_get_group_list(const SSL s, int client_groups, const uint16_t *pgroups,
427	return;	427	return;
428	}	428	}
429		429
430	*pgroups = s->internal->tlsext_supportedgroups;	430	*pgroups = s->tlsext_supportedgroups;
431	*pgroupslen = s->internal->tlsext_supportedgroups_length;	431	*pgroupslen = s->tlsext_supportedgroups_length;
432	if (*pgroups != NULL)	432	if (*pgroups != NULL)
433	return;	433	return;
434		434
@@ -451,7 +451,7 @@ tls1_get_group_lists(const SSL ssl, const uint16_t pref, size_t preflen,
451	if (!ssl->server)	451	if (!ssl->server)
452	return 0;	452	return 0;
453		453
454	server_pref = (ssl->internal->options & SSL_OP_CIPHER_SERVER_PREFERENCE);	454	server_pref = (ssl->options & SSL_OP_CIPHER_SERVER_PREFERENCE);
455	tls1_get_group_list(ssl, (server_pref == 0), pref, preflen);	455	tls1_get_group_list(ssl, (server_pref == 0), pref, preflen);
456	tls1_get_group_list(ssl, (server_pref != 0), supp, supplen);	456	tls1_get_group_list(ssl, (server_pref != 0), supp, supplen);
457		457
@@ -738,12 +738,12 @@ ssl_check_clienthello_tlsext_early(SSL *s)
738	* ssl3_choose_cipher in s3_lib.c.	738	* ssl3_choose_cipher in s3_lib.c.
739	*/	739	*/
740		740
741	if (s->ctx != NULL && s->ctx->internal->tlsext_servername_callback != 0)	741	if (s->ctx != NULL && s->ctx->tlsext_servername_callback != 0)
742	ret = s->ctx->internal->tlsext_servername_callback(s, &al,	742	ret = s->ctx->tlsext_servername_callback(s, &al,
743	s->ctx->internal->tlsext_servername_arg);	743	s->ctx->tlsext_servername_arg);
744	else if (s->initial_ctx != NULL && s->initial_ctx->internal->tlsext_servername_callback != 0)	744	else if (s->initial_ctx != NULL && s->initial_ctx->tlsext_servername_callback != 0)
745	ret = s->initial_ctx->internal->tlsext_servername_callback(s, &al,	745	ret = s->initial_ctx->tlsext_servername_callback(s, &al,
746	s->initial_ctx->internal->tlsext_servername_arg);	746	s->initial_ctx->tlsext_servername_arg);
747		747
748	switch (ret) {	748	switch (ret) {
749	case SSL_TLSEXT_ERR_ALERT_FATAL:	749	case SSL_TLSEXT_ERR_ALERT_FATAL:
@@ -770,32 +770,32 @@ ssl_check_clienthello_tlsext_late(SSL *s)
770	* has been chosen because this may influence which certificate is sent	770	* has been chosen because this may influence which certificate is sent
771	*/	771	*/
772	if ((s->tlsext_status_type != -1) &&	772	if ((s->tlsext_status_type != -1) &&
773	s->ctx && s->ctx->internal->tlsext_status_cb) {	773	s->ctx && s->ctx->tlsext_status_cb) {
774	int r;	774	int r;
775	SSL_CERT_PKEY *certpkey;	775	SSL_CERT_PKEY *certpkey;
776	certpkey = ssl_get_server_send_pkey(s);	776	certpkey = ssl_get_server_send_pkey(s);
777	/* If no certificate can't return certificate status */	777	/* If no certificate can't return certificate status */
778	if (certpkey == NULL) {	778	if (certpkey == NULL) {
779	s->internal->tlsext_status_expected = 0;	779	s->tlsext_status_expected = 0;
780	return 1;	780	return 1;
781	}	781	}
782	/* Set current certificate to one we will use so	782	/* Set current certificate to one we will use so
783	* SSL_get_certificate et al can pick it up.	783	* SSL_get_certificate et al can pick it up.
784	*/	784	*/
785	s->cert->key = certpkey;	785	s->cert->key = certpkey;
786	r = s->ctx->internal->tlsext_status_cb(s,	786	r = s->ctx->tlsext_status_cb(s,
787	s->ctx->internal->tlsext_status_arg);	787	s->ctx->tlsext_status_arg);
788	switch (r) {	788	switch (r) {
789	/* We don't want to send a status request response */	789	/* We don't want to send a status request response */
790	case SSL_TLSEXT_ERR_NOACK:	790	case SSL_TLSEXT_ERR_NOACK:
791	s->internal->tlsext_status_expected = 0;	791	s->tlsext_status_expected = 0;
792	break;	792	break;
793	/* status request response should be sent */	793	/* status request response should be sent */
794	case SSL_TLSEXT_ERR_OK:	794	case SSL_TLSEXT_ERR_OK:
795	if (s->internal->tlsext_ocsp_resp)	795	if (s->tlsext_ocsp_resp)
796	s->internal->tlsext_status_expected = 1;	796	s->tlsext_status_expected = 1;
797	else	797	else
798	s->internal->tlsext_status_expected = 0;	798	s->tlsext_status_expected = 0;
799	break;	799	break;
800	/* something bad happened */	800	/* something bad happened */
801	case SSL_TLSEXT_ERR_ALERT_FATAL:	801	case SSL_TLSEXT_ERR_ALERT_FATAL:
@@ -804,7 +804,7 @@ ssl_check_clienthello_tlsext_late(SSL *s)
804	goto err;	804	goto err;
805	}	805	}
806	} else	806	} else
807	s->internal->tlsext_status_expected = 0;	807	s->tlsext_status_expected = 0;
808		808
809	err:	809	err:
810	switch (ret) {	810	switch (ret) {
@@ -827,26 +827,26 @@ ssl_check_serverhello_tlsext(SSL *s)
827		827
828	ret = SSL_TLSEXT_ERR_OK;	828	ret = SSL_TLSEXT_ERR_OK;
829		829
830	if (s->ctx != NULL && s->ctx->internal->tlsext_servername_callback != 0)	830	if (s->ctx != NULL && s->ctx->tlsext_servername_callback != 0)
831	ret = s->ctx->internal->tlsext_servername_callback(s, &al,	831	ret = s->ctx->tlsext_servername_callback(s, &al,
832	s->ctx->internal->tlsext_servername_arg);	832	s->ctx->tlsext_servername_arg);
833	else if (s->initial_ctx != NULL && s->initial_ctx->internal->tlsext_servername_callback != 0)	833	else if (s->initial_ctx != NULL && s->initial_ctx->tlsext_servername_callback != 0)
834	ret = s->initial_ctx->internal->tlsext_servername_callback(s, &al,	834	ret = s->initial_ctx->tlsext_servername_callback(s, &al,
835	s->initial_ctx->internal->tlsext_servername_arg);	835	s->initial_ctx->tlsext_servername_arg);
836		836
837	/* If we've requested certificate status and we wont get one	837	/* If we've requested certificate status and we wont get one
838	* tell the callback	838	* tell the callback
839	*/	839	*/
840	if ((s->tlsext_status_type != -1) && !(s->internal->tlsext_status_expected) &&	840	if ((s->tlsext_status_type != -1) && !(s->tlsext_status_expected) &&
841	s->ctx && s->ctx->internal->tlsext_status_cb) {	841	s->ctx && s->ctx->tlsext_status_cb) {
842	int r;	842	int r;
843		843
844	free(s->internal->tlsext_ocsp_resp);	844	free(s->tlsext_ocsp_resp);
845	s->internal->tlsext_ocsp_resp = NULL;	845	s->tlsext_ocsp_resp = NULL;
846	s->internal->tlsext_ocsp_resp_len = 0;	846	s->tlsext_ocsp_resp_len = 0;
847		847
848	r = s->ctx->internal->tlsext_status_cb(s,	848	r = s->ctx->tlsext_status_cb(s,
849	s->ctx->internal->tlsext_status_arg);	849	s->ctx->tlsext_status_arg);
850	if (r == 0) {	850	if (r == 0) {
851	al = SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE;	851	al = SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE;
852	ret = SSL_TLSEXT_ERR_ALERT_FATAL;	852	ret = SSL_TLSEXT_ERR_ALERT_FATAL;
@@ -878,27 +878,27 @@ ssl_check_serverhello_tlsext(SSL *s)
878	* ret: (output) on return, if a ticket was decrypted, then this is set to	878	* ret: (output) on return, if a ticket was decrypted, then this is set to
879	* point to the resulting session.	879	* point to the resulting session.
880	*	880	*
881	* If s->internal->tls_session_secret_cb is set then we are expecting a pre-shared key	881	* If s->tls_session_secret_cb is set then we are expecting a pre-shared key
882	* ciphersuite, in which case we have no use for session tickets and one will	882	* ciphersuite, in which case we have no use for session tickets and one will
883	* never be decrypted, nor will s->internal->tlsext_ticket_expected be set to 1.	883	* never be decrypted, nor will s->tlsext_ticket_expected be set to 1.
884	*	884	*
885	* Returns:	885	* Returns:
886	* TLS1_TICKET_FATAL_ERROR: error from parsing or decrypting the ticket.	886	* TLS1_TICKET_FATAL_ERROR: error from parsing or decrypting the ticket.
887	* TLS1_TICKET_NONE: no ticket was found (or was ignored, based on settings).	887	* TLS1_TICKET_NONE: no ticket was found (or was ignored, based on settings).
888	* TLS1_TICKET_EMPTY: a zero length extension was found, indicating that the	888	* TLS1_TICKET_EMPTY: a zero length extension was found, indicating that the
889	* client supports session tickets but doesn't currently have one to offer.	889	* client supports session tickets but doesn't currently have one to offer.
890	* TLS1_TICKET_NOT_DECRYPTED: either s->internal->tls_session_secret_cb was	890	* TLS1_TICKET_NOT_DECRYPTED: either s->tls_session_secret_cb was
891	* set, or a ticket was offered but couldn't be decrypted because of a	891	* set, or a ticket was offered but couldn't be decrypted because of a
892	* non-fatal error.	892	* non-fatal error.
893	* TLS1_TICKET_DECRYPTED: a ticket was successfully decrypted and *ret was set.	893	* TLS1_TICKET_DECRYPTED: a ticket was successfully decrypted and *ret was set.
894	*	894	*
895	* Side effects:	895	* Side effects:
896	* Sets s->internal->tlsext_ticket_expected to 1 if the server will have to issue	896	* Sets s->tlsext_ticket_expected to 1 if the server will have to issue
897	* a new session ticket to the client because the client indicated support	897	* a new session ticket to the client because the client indicated support
898	* (and s->internal->tls_session_secret_cb is NULL) but the client either doesn't have	898	* (and s->tls_session_secret_cb is NULL) but the client either doesn't have
899	* a session ticket or we couldn't use the one it gave us, or if	899	* a session ticket or we couldn't use the one it gave us, or if
900	* s->ctx->tlsext_ticket_key_cb asked to renew the client's ticket.	900	* s->ctx->tlsext_ticket_key_cb asked to renew the client's ticket.
901	* Otherwise, s->internal->tlsext_ticket_expected is set to 0.	901	* Otherwise, s->tlsext_ticket_expected is set to 0.
902	*/	902	*/
903	int	903	int
904	tls1_process_ticket(SSL s, CBS ext_block, int alert, SSL_SESSION *ret)	904	tls1_process_ticket(SSL s, CBS ext_block, int alert, SSL_SESSION *ret)
@@ -906,7 +906,7 @@ tls1_process_ticket(SSL s, CBS ext_block, int alert, SSL_SESSION *ret)
906	CBS extensions, ext_data;	906	CBS extensions, ext_data;
907	uint16_t ext_type = 0;	907	uint16_t ext_type = 0;
908		908
909	s->internal->tlsext_ticket_expected = 0;	909	s->tlsext_ticket_expected = 0;
910	*ret = NULL;	910	*ret = NULL;
911		911
912	/*	912	/*
@@ -947,11 +947,11 @@ tls1_process_ticket(SSL s, CBS ext_block, int alert, SSL_SESSION *ret)
947	* The client will accept a ticket but does not currently	947	* The client will accept a ticket but does not currently
948	* have one.	948	* have one.
949	*/	949	*/
950	s->internal->tlsext_ticket_expected = 1;	950	s->tlsext_ticket_expected = 1;
951	return TLS1_TICKET_EMPTY;	951	return TLS1_TICKET_EMPTY;
952	}	952	}
953		953
954	if (s->internal->tls_session_secret_cb != NULL) {	954	if (s->tls_session_secret_cb != NULL) {
955	/*	955	/*
956	* Indicate that the ticket could not be decrypted rather than	956	* Indicate that the ticket could not be decrypted rather than
957	* generating the session from ticket now, trigger abbreviated	957	* generating the session from ticket now, trigger abbreviated
@@ -1004,7 +1004,7 @@ tls_decrypt_ticket(SSL s, CBS ticket, int alert, SSL_SESSION *psess)
1004	if ((hctx = HMAC_CTX_new()) == NULL)	1004	if ((hctx = HMAC_CTX_new()) == NULL)
1005	goto err;	1005	goto err;
1006		1006
1007	if (tctx->internal->tlsext_ticket_key_cb != NULL) {	1007	if (tctx->tlsext_ticket_key_cb != NULL) {
1008	int rv;	1008	int rv;
1009		1009
1010	/*	1010	/*
@@ -1016,7 +1016,7 @@ tls_decrypt_ticket(SSL s, CBS ticket, int alert, SSL_SESSION *psess)
1016	if (CBS_len(ticket) < EVP_MAX_IV_LENGTH)	1016	if (CBS_len(ticket) < EVP_MAX_IV_LENGTH)
1017	goto derr;	1017	goto derr;
1018		1018
1019	if ((rv = tctx->internal->tlsext_ticket_key_cb(s,	1019	if ((rv = tctx->tlsext_ticket_key_cb(s,
1020	(unsigned char *)CBS_data(&ticket_name),	1020	(unsigned char *)CBS_data(&ticket_name),
1021	(unsigned char *)CBS_data(ticket), cctx, hctx, 0)) < 0)	1021	(unsigned char *)CBS_data(ticket), cctx, hctx, 0)) < 0)
1022	goto err;	1022	goto err;
@@ -1024,7 +1024,7 @@ tls_decrypt_ticket(SSL s, CBS ticket, int alert, SSL_SESSION *psess)
1024	goto derr;	1024	goto derr;
1025	if (rv == 2) {	1025	if (rv == 2) {
1026	/* Renew ticket. */	1026	/* Renew ticket. */
1027	s->internal->tlsext_ticket_expected = 1;	1027	s->tlsext_ticket_expected = 1;
1028	}	1028	}
1029		1029
1030	/*	1030	/*
@@ -1037,17 +1037,17 @@ tls_decrypt_ticket(SSL s, CBS ticket, int alert, SSL_SESSION *psess)
1037	} else {	1037	} else {
1038	/* Check that the key name matches. */	1038	/* Check that the key name matches. */
1039	if (!CBS_mem_equal(&ticket_name,	1039	if (!CBS_mem_equal(&ticket_name,
1040	tctx->internal->tlsext_tick_key_name,	1040	tctx->tlsext_tick_key_name,
1041	sizeof(tctx->internal->tlsext_tick_key_name)))	1041	sizeof(tctx->tlsext_tick_key_name)))
1042	goto derr;	1042	goto derr;
1043	if (!CBS_get_bytes(ticket, &ticket_iv,	1043	if (!CBS_get_bytes(ticket, &ticket_iv,
1044	EVP_CIPHER_iv_length(EVP_aes_128_cbc())))	1044	EVP_CIPHER_iv_length(EVP_aes_128_cbc())))
1045	goto derr;	1045	goto derr;
1046	if (!EVP_DecryptInit_ex(cctx, EVP_aes_128_cbc(), NULL,	1046	if (!EVP_DecryptInit_ex(cctx, EVP_aes_128_cbc(), NULL,
1047	tctx->internal->tlsext_tick_aes_key, CBS_data(&ticket_iv)))	1047	tctx->tlsext_tick_aes_key, CBS_data(&ticket_iv)))
1048	goto err;	1048	goto err;
1049	if (!HMAC_Init_ex(hctx, tctx->internal->tlsext_tick_hmac_key,	1049	if (!HMAC_Init_ex(hctx, tctx->tlsext_tick_hmac_key,
1050	sizeof(tctx->internal->tlsext_tick_hmac_key), EVP_sha256(),	1050	sizeof(tctx->tlsext_tick_hmac_key), EVP_sha256(),
1051	NULL))	1051	NULL))
1052	goto err;	1052	goto err;
1053	}	1053	}
@@ -1113,7 +1113,7 @@ tls_decrypt_ticket(SSL s, CBS ticket, int alert, SSL_SESSION *psess)
1113		1113
1114	derr:	1114	derr:
1115	ERR_clear_error();	1115	ERR_clear_error();
1116	s->internal->tlsext_ticket_expected = 1;	1116	s->tlsext_ticket_expected = 1;
1117	ret = TLS1_TICKET_NOT_DECRYPTED;	1117	ret = TLS1_TICKET_NOT_DECRYPTED;
1118	goto done;	1118	goto done;
1119		1119