If tlsext ticket decrypt callback returns error, cleanup ctxs
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3273)
int rv = tctx->tlsext_ticket_key_cb(s, nctick, nctick + 16,
&ctx, &hctx, 0);
if (rv < 0)
- return -1;
- if (rv == 0)
+ goto err;
+ if (rv == 0) {
+ HMAC_CTX_cleanup(&hctx);
+ EVP_CIPHER_CTX_cleanup(&ctx);
return 2;
+ }
if (rv == 2)
renew_ticket = 1;
} else {