1 files changed, 3 insertions, 63 deletions
diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c
index 911e8d3f4e..63d401c337 100644
--- a/src/lib/libssl/t1_lib.c
+++ b/src/lib/libssl/t1_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_lib.c,v 1.128 2017/08/12 21:03:08 jsing Exp $ */
+/* $OpenBSD: t1_lib.c,v 1.129 2017/08/12 21:17:03 doug Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -690,39 +690,6 @@ ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit)
                return NULL;
        ret += len;
-        if (!(SSL_get_options(s) & SSL_OP_NO_TICKET)) {
-                int ticklen;
-                if (!s->internal->new_session && s->session && s->session->tlsext_tick)
-                        ticklen = s->session->tlsext_ticklen;
-                else if (s->session && s->internal->tlsext_session_ticket &&
-                    s->internal->tlsext_session_ticket->data) {
-                        ticklen = s->internal->tlsext_session_ticket->length;
-                        s->session->tlsext_tick = malloc(ticklen);
-                        if (!s->session->tlsext_tick)
-                                return NULL;
-                        memcpy(s->session->tlsext_tick,
-                            s->internal->tlsext_session_ticket->data, ticklen);
-                        s->session->tlsext_ticklen = ticklen;
-                } else
-                        ticklen = 0;
-                if (ticklen == 0 && s->internal->tlsext_session_ticket &&
-                    s->internal->tlsext_session_ticket->data == NULL)
-                        goto skip_ext;
-                /* Check for enough room 2 for extension type, 2 for len
-                 * rest for ticket
-                 */
-                if ((size_t)(limit - ret) < 4 + ticklen)
-                        return NULL;
-                s2n(TLSEXT_TYPE_session_ticket, ret);
-                s2n(ticklen, ret);
-                if (ticklen) {
-                        memcpy(ret, s->session->tlsext_tick, ticklen);
-                        ret += ticklen;
-                }
-        }
-skip_ext:
        if (TLS1_get_client_version(s) >= TLS1_2_VERSION) {
                if ((size_t)(limit - ret) < sizeof(tls12_sigalgs) + 6)
                        return NULL;
@@ -884,15 +851,6 @@ ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit)
         * extension.
         */
-        if (s->internal->tlsext_ticket_expected &&
-            !(SSL_get_options(s) & SSL_OP_NO_TICKET)) {
-                if ((size_t)(limit - ret) < 4)
-                        return NULL;
-                s2n(TLSEXT_TYPE_session_ticket, ret);
-                s2n(0, ret);
-        }
        if (s->internal->tlsext_status_expected) {
                if ((size_t)(limit - ret) < 4)
                        return NULL;
@@ -1068,13 +1026,7 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
                if (!tlsext_clienthello_parse_one(s, &cbs, type, al))
                        return 0;
-                if (type == TLSEXT_TYPE_session_ticket) {
+                if (type == TLSEXT_TYPE_signature_algorithms) {
-                        if (s->internal->tls_session_ticket_ext_cb &&
-                            !s->internal->tls_session_ticket_ext_cb(s, data, size, s->internal->tls_session_ticket_ext_cb_arg)) {
-                                *al = TLS1_AD_INTERNAL_ERROR;
-                                return 0;
-                        }
-                } else if (type == TLSEXT_TYPE_signature_algorithms) {
                        int dsize;
                        if (sigalg_seen || size < 2) {
                                *al = SSL_AD_DECODE_ERROR;
@@ -1277,19 +1229,7 @@ ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, size_t n, int *al)
                if (!tlsext_serverhello_parse_one(s, &cbs, type, al))
                        return 0;
-                if (type == TLSEXT_TYPE_session_ticket) {
+                if (type == TLSEXT_TYPE_status_request &&
-                        if (s->internal->tls_session_ticket_ext_cb &&
-                            !s->internal->tls_session_ticket_ext_cb(s, data, size, s->internal->tls_session_ticket_ext_cb_arg)) {
-                                *al = TLS1_AD_INTERNAL_ERROR;
-                                return 0;
-                        }
-                        if ((SSL_get_options(s) & SSL_OP_NO_TICKET) || (size > 0)) {
-                                *al = TLS1_AD_UNSUPPORTED_EXTENSION;
-                                return 0;
-                        }
-                        s->internal->tlsext_ticket_expected = 1;
-                }
-                else if (type == TLSEXT_TYPE_status_request &&
                    s->version != DTLS1_VERSION) {
                        /* MUST be empty and only sent if we've requested
                         * a status request message.

diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c index 911e8d3f4e..63d401c337 100644 --- a/src/lib/libssl/t1_lib.c +++ b/src/lib/libssl/t1_lib.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: t1_lib.c,v 1.128 2017/08/12 21:03:08 jsing Exp $ */	1	/* $OpenBSD: t1_lib.c,v 1.129 2017/08/12 21:17:03 doug Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -690,39 +690,6 @@ ssl_add_clienthello_tlsext(SSL s, unsigned char p, unsigned char *limit)
690	return NULL;	690	return NULL;
691	ret += len;	691	ret += len;
692		692
693	if (!(SSL_get_options(s) & SSL_OP_NO_TICKET)) {
694	int ticklen;
695	if (!s->internal->new_session && s->session && s->session->tlsext_tick)
696	ticklen = s->session->tlsext_ticklen;
697	else if (s->session && s->internal->tlsext_session_ticket &&
698	s->internal->tlsext_session_ticket->data) {
699	ticklen = s->internal->tlsext_session_ticket->length;
700	s->session->tlsext_tick = malloc(ticklen);
701	if (!s->session->tlsext_tick)
702	return NULL;
703	memcpy(s->session->tlsext_tick,
704	s->internal->tlsext_session_ticket->data, ticklen);
705	s->session->tlsext_ticklen = ticklen;
706	} else
707	ticklen = 0;
708	if (ticklen == 0 && s->internal->tlsext_session_ticket &&
709	s->internal->tlsext_session_ticket->data == NULL)
710	goto skip_ext;
711	/* Check for enough room 2 for extension type, 2 for len
712	* rest for ticket
713	*/
714	if ((size_t)(limit - ret) < 4 + ticklen)
715	return NULL;
716	s2n(TLSEXT_TYPE_session_ticket, ret);
717
718	s2n(ticklen, ret);
719	if (ticklen) {
720	memcpy(ret, s->session->tlsext_tick, ticklen);
721	ret += ticklen;
722	}
723	}
724	skip_ext:
725
726	if (TLS1_get_client_version(s) >= TLS1_2_VERSION) {	693	if (TLS1_get_client_version(s) >= TLS1_2_VERSION) {
727	if ((size_t)(limit - ret) < sizeof(tls12_sigalgs) + 6)	694	if ((size_t)(limit - ret) < sizeof(tls12_sigalgs) + 6)
728	return NULL;	695	return NULL;
@@ -884,15 +851,6 @@ ssl_add_serverhello_tlsext(SSL s, unsigned char p, unsigned char *limit)
884	* extension.	851	* extension.
885	*/	852	*/
886		853
887	if (s->internal->tlsext_ticket_expected &&
888	!(SSL_get_options(s) & SSL_OP_NO_TICKET)) {
889	if ((size_t)(limit - ret) < 4)
890	return NULL;
891
892	s2n(TLSEXT_TYPE_session_ticket, ret);
893	s2n(0, ret);
894	}
895
896	if (s->internal->tlsext_status_expected) {	854	if (s->internal->tlsext_status_expected) {
897	if ((size_t)(limit - ret) < 4)	855	if ((size_t)(limit - ret) < 4)
898	return NULL;	856	return NULL;
@@ -1068,13 +1026,7 @@ ssl_parse_clienthello_tlsext(SSL s, unsigned char p, unsigned char d,
1068	if (!tlsext_clienthello_parse_one(s, &cbs, type, al))	1026	if (!tlsext_clienthello_parse_one(s, &cbs, type, al))
1069	return 0;	1027	return 0;
1070		1028
1071	if (type == TLSEXT_TYPE_session_ticket) {	1029	if (type == TLSEXT_TYPE_signature_algorithms) {
1072	if (s->internal->tls_session_ticket_ext_cb &&
1073	!s->internal->tls_session_ticket_ext_cb(s, data, size, s->internal->tls_session_ticket_ext_cb_arg)) {
1074	*al = TLS1_AD_INTERNAL_ERROR;
1075	return 0;
1076	}
1077	} else if (type == TLSEXT_TYPE_signature_algorithms) {
1078	int dsize;	1030	int dsize;
1079	if (sigalg_seen \|\| size < 2) {	1031	if (sigalg_seen \|\| size < 2) {
1080	*al = SSL_AD_DECODE_ERROR;	1032	*al = SSL_AD_DECODE_ERROR;
@@ -1277,19 +1229,7 @@ ssl_parse_serverhello_tlsext(SSL s, unsigned char p, size_t n, int al)
1277	if (!tlsext_serverhello_parse_one(s, &cbs, type, al))	1229	if (!tlsext_serverhello_parse_one(s, &cbs, type, al))
1278	return 0;	1230	return 0;
1279		1231
1280	if (type == TLSEXT_TYPE_session_ticket) {	1232	if (type == TLSEXT_TYPE_status_request &&
1281	if (s->internal->tls_session_ticket_ext_cb &&
1282	!s->internal->tls_session_ticket_ext_cb(s, data, size, s->internal->tls_session_ticket_ext_cb_arg)) {
1283	*al = TLS1_AD_INTERNAL_ERROR;
1284	return 0;
1285	}
1286	if ((SSL_get_options(s) & SSL_OP_NO_TICKET) \|\| (size > 0)) {
1287	*al = TLS1_AD_UNSUPPORTED_EXTENSION;
1288	return 0;
1289	}
1290	s->internal->tlsext_ticket_expected = 1;
1291	}
1292	else if (type == TLSEXT_TYPE_status_request &&
1293	s->version != DTLS1_VERSION) {	1233	s->version != DTLS1_VERSION) {
1294	/* MUST be empty and only sent if we've requested	1234	/* MUST be empty and only sent if we've requested
1295	* a status request message.	1235	* a status request message.