Fail if we receive a response to an extension that we didn't request

    RAW_EXTENSION *pre_proc_exts;

} CLIENTHELLO_MSG;

/*

 * Extension index values NOTE: Any updates to these defines should be mirrored

 * with equivalent updates to ext_defs in extensions.c

 */

typedef enum tlsext_index_en {

    TLSEXT_IDX_renegotiate,

    TLSEXT_IDX_server_name,

    TLSEXT_IDX_srp,

    TLSEXT_IDX_ec_point_formats,

    TLSEXT_IDX_supported_groups,

    TLSEXT_IDX_session_ticket,

    TLSEXT_IDX_signature_algorithms,

    TLSEXT_IDX_status_request,

    TLSEXT_IDX_next_proto_neg,

    TLSEXT_IDX_application_layer_protocol_negotiation,

    TLSEXT_IDX_use_srtp,

    TLSEXT_IDX_encrypt_then_mac,

    TLSEXT_IDX_signed_certificate_timestamp,

    TLSEXT_IDX_extended_master_secret,

    TLSEXT_IDX_supported_versions,

    TLSEXT_IDX_psk_kex_modes,

    TLSEXT_IDX_key_share,

    TLSEXT_IDX_cookie,

    TLSEXT_IDX_cryptopro_bug,

    TLSEXT_IDX_early_data,

    TLSEXT_IDX_certificate_authorities,

    TLSEXT_IDX_padding,

    TLSEXT_IDX_psk,

    /* Dummy index - must always be the last entry */

    TLSEXT_IDX_num_builtins

} TLSEXT_INDEX;

DEFINE_LHASH_OF(SSL_SESSION);

/* Needed in ssl_cert.c */

DEFINE_LHASH_OF(X509_NAME);

    size_t max_pipelines;

    struct {

        /* Built-in extension flags */

        uint8_t extflags[TLSEXT_IDX_num_builtins];

        /* TLS extension debug callback */

        void (*debug_cb)(SSL *s, int client_server, int type,

                         const unsigned char *data, int len, void *arg);

    DOWNGRADE_TO_1_1

} DOWNGRADE;

/*

 * Extension index values NOTE: Any updates to these defines should be mirrored

 * with equivalent updates to ext_defs in extensions.c

 */

typedef enum tlsext_index_en {

    TLSEXT_IDX_renegotiate,

    TLSEXT_IDX_server_name,

    TLSEXT_IDX_srp,

    TLSEXT_IDX_ec_point_formats,

    TLSEXT_IDX_supported_groups,

    TLSEXT_IDX_session_ticket,

    TLSEXT_IDX_signature_algorithms,

    TLSEXT_IDX_status_request,

    TLSEXT_IDX_next_proto_neg,

    TLSEXT_IDX_application_layer_protocol_negotiation,

    TLSEXT_IDX_use_srtp,

    TLSEXT_IDX_encrypt_then_mac,

    TLSEXT_IDX_signed_certificate_timestamp,

    TLSEXT_IDX_extended_master_secret,

    TLSEXT_IDX_supported_versions,

    TLSEXT_IDX_psk_kex_modes,

    TLSEXT_IDX_key_share,

    TLSEXT_IDX_cookie,

    TLSEXT_IDX_cryptopro_bug,

    TLSEXT_IDX_early_data,

    TLSEXT_IDX_certificate_authorities,

    TLSEXT_IDX_padding,

    TLSEXT_IDX_psk

} TLSEXT_INDEX;

/*

 * Dummy status type for the status_type extension. Indicates no status type

 * set

/*

 * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.

 * Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved.

 *

 * Licensed under the OpenSSL license (the "License").  You may not use

 * this file except in compliance with the License.  You can obtain a copy

static int final_alpn(SSL *s, unsigned int context, int sent, int *al);

static int init_sig_algs(SSL *s, unsigned int context);

static int init_certificate_authorities(SSL *s, unsigned int context);

static int tls_construct_certificate_authorities(SSL *s, WPACKET *pkt,

                                                 unsigned int context, X509 *x,

                                                 size_t chainidx, int *al);

static EXT_RETURN tls_construct_certificate_authorities(SSL *s, WPACKET *pkt,

                                                        unsigned int context,

                                                        X509 *x,

                                                        size_t chainidx,

                                                        int *al);

static int tls_parse_certificate_authorities(SSL *s, PACKET *pkt,

                                             unsigned int context, X509 *x,

                                             size_t chainidx, int *al);

    int (*parse_stoc)(SSL *s, PACKET *pkt, unsigned int context, X509 *x,

                      size_t chainidx, int *al);

    /* Construct extension sent from server to client */

    int (*construct_stoc)(SSL *s, WPACKET *pkt, unsigned int context, X509 *x,

                          size_t chainidx, int *al);

    EXT_RETURN (*construct_stoc)(SSL *s, WPACKET *pkt, unsigned int context,

                                 X509 *x, size_t chainidx, int *al);

    /* Construct extension sent from client to server */

    int (*construct_ctos)(SSL *s, WPACKET *pkt, unsigned int context, X509 *x,

                          size_t chainidx, int *al);

    EXT_RETURN (*construct_ctos)(SSL *s, WPACKET *pkt, unsigned int context,

                                 X509 *x, size_t chainidx, int *al);

    /*

     * Finalise extension after parsing. Always called where an extensions was

     * initialised even if the extension was not present. |sent| is set to 1 if

    }

    while (PACKET_remaining(&extensions) > 0) {

        unsigned int type;

        unsigned int type, idx;

        PACKET extension;

        RAW_EXTENSION *thisex;

            *al = SSL_AD_ILLEGAL_PARAMETER;

            goto err;

        }

        idx = thisex - raw_extensions;

        /*-

         * Check that we requested this extension (if appropriate). Requests can

         * be sent in the ClientHello and CertificateRequest. Unsolicited

         * extensions can be sent in the NewSessionTicket. We only do this for

         * the built-in extensions. Custom extensions have a different but

         * similar check elsewhere.

         * Special cases:

         * - The HRR cookie extension is unsolicited

         * - The renegotiate extension is unsolicited (the client signals

         *   support via an SCSV)

         * - The signed_certificate_timestamp extension can be provided by a

         * custom extension or by the built-in version. We let the extension

         * itself handle unsolicited response checks.

         */

        if (idx < OSSL_NELEM(ext_defs)

                && (context & (SSL_EXT_CLIENT_HELLO

                               | SSL_EXT_TLS1_3_CERTIFICATE_REQUEST

                               | SSL_EXT_TLS1_3_NEW_SESSION_TICKET)) == 0

                && type != TLSEXT_TYPE_cookie

                && type != TLSEXT_TYPE_renegotiate

                && type != TLSEXT_TYPE_signed_certificate_timestamp

                && (s->ext.extflags[idx] & SSL_EXT_FLAG_SENT) == 0) {

            SSLerr(SSL_F_TLS_COLLECT_EXTENSIONS, SSL_R_BAD_EXTENSION);

            *al = SSL_AD_UNSUPPORTED_EXTENSION;

            goto err;

        }

        if (thisex != NULL) {

            thisex->data = extension;

            thisex->present = 1;

    }

    for (i = 0, thisexd = ext_defs; i < OSSL_NELEM(ext_defs); i++, thisexd++) {

        int (*construct)(SSL *s, WPACKET *pkt, unsigned int context, X509 *x,

                         size_t chainidx, int *al);

        EXT_RETURN (*construct)(SSL *s, WPACKET *pkt, unsigned int context,

                                X509 *x, size_t chainidx, int *al);

        EXT_RETURN ret;

        /* Skip if not relevant for our context */

        if (!should_add_extension(s, thisexd->context, context, max_version))

        if (construct == NULL)

            continue;

        if (!construct(s, pkt, context, x, chainidx, &tmpal))

        ret = construct(s, pkt, context, x, chainidx, &tmpal);

        if (ret == EXT_RETURN_FAIL)

            goto err;

        if (ret == EXT_RETURN_SENT

                && (context & (SSL_EXT_CLIENT_HELLO

                               | SSL_EXT_TLS1_3_CERTIFICATE_REQUEST

                               | SSL_EXT_TLS1_3_NEW_SESSION_TICKET)) != 0)

            s->ext.extflags[i] |= SSL_EXT_FLAG_SENT;

    }

    if (!WPACKET_close(pkt)) {

    return 1;

}

static int tls_construct_certificate_authorities(SSL *s, WPACKET *pkt,

                                                 unsigned int context, X509 *x,

                                                 size_t chainidx, int *al)

static EXT_RETURN tls_construct_certificate_authorities(SSL *s, WPACKET *pkt,

                                                        unsigned int context,

                                                        X509 *x,

                                                        size_t chainidx,

                                                        int *al)

{

    const STACK_OF(X509_NAME) *ca_sk = SSL_get0_CA_list(s);

    if (ca_sk == NULL || sk_X509_NAME_num(ca_sk) == 0)

        return 1;

        return EXT_RETURN_NOT_SENT;

    if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_certificate_authorities)

        || !WPACKET_start_sub_packet_u16(pkt)

        || !WPACKET_close(pkt)) {

        SSLerr(SSL_F_TLS_CONSTRUCT_CERTIFICATE_AUTHORITIES,

               ERR_R_INTERNAL_ERROR);

        return 0;

        return EXT_RETURN_FAIL;

    }

    return 1;

    return EXT_RETURN_SENT;

}

static int tls_parse_certificate_authorities(SSL *s, PACKET *pkt,

/*

 * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.

 * Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved.

 *

 * Licensed under the OpenSSL license (the "License").  You may not use

 * this file except in compliance with the License.  You can obtain a copy

/*

 * Add the server's renegotiation binding

 */

int tls_construct_stoc_renegotiate(SSL *s, WPACKET *pkt, unsigned int context,

                                   X509 *x, size_t chainidx, int *al)

EXT_RETURN tls_construct_stoc_renegotiate(SSL *s, WPACKET *pkt,

                                          unsigned int context, X509 *x,

                                          size_t chainidx, int *al)

{

    if (!s->s3->send_connection_binding)

        return 1;

        return EXT_RETURN_NOT_SENT;

    if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_renegotiate)

            || !WPACKET_start_sub_packet_u16(pkt)

            || !WPACKET_close(pkt)

            || !WPACKET_close(pkt)) {

        SSLerr(SSL_F_TLS_CONSTRUCT_STOC_RENEGOTIATE, ERR_R_INTERNAL_ERROR);

        return 0;

        return EXT_RETURN_FAIL;

    }

    return 1;

    return EXT_RETURN_SENT;

}

int tls_construct_stoc_server_name(SSL *s, WPACKET *pkt, unsigned int context,

                                   X509 *x, size_t chainidx, int *al)

EXT_RETURN tls_construct_stoc_server_name(SSL *s, WPACKET *pkt,

                                          unsigned int context, X509 *x,

                                          size_t chainidx, int *al)

{

    if (s->hit || s->servername_done != 1

            || s->session->ext.hostname == NULL)

        return 1;

        return EXT_RETURN_NOT_SENT;

    if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_server_name)

            || !WPACKET_put_bytes_u16(pkt, 0)) {

        SSLerr(SSL_F_TLS_CONSTRUCT_STOC_SERVER_NAME, ERR_R_INTERNAL_ERROR);

        return 0;

        return EXT_RETURN_FAIL;

    }

    return 1;

    return EXT_RETURN_SENT;

}

#ifndef OPENSSL_NO_EC

int tls_construct_stoc_ec_pt_formats(SSL *s, WPACKET *pkt, unsigned int context,

                                     X509 *x, size_t chainidx, int *al)

EXT_RETURN tls_construct_stoc_ec_pt_formats(SSL *s, WPACKET *pkt,

                                            unsigned int context, X509 *x,

                                            size_t chainidx, int *al)

{

    unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey;

    unsigned long alg_a = s->s3->tmp.new_cipher->algorithm_auth;

    size_t plistlen;

    if (!using_ecc)

        return 1;

        return EXT_RETURN_NOT_SENT;

    tls1_get_formatlist(s, &plist, &plistlen);

    if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_ec_point_formats)

            || !WPACKET_sub_memcpy_u8(pkt, plist, plistlen)

            || !WPACKET_close(pkt)) {

        SSLerr(SSL_F_TLS_CONSTRUCT_STOC_EC_PT_FORMATS, ERR_R_INTERNAL_ERROR);

        return 0;

        return EXT_RETURN_FAIL;

    }

    return 1;

    return EXT_RETURN_SENT;

}

#endif

#ifndef OPENSSL_NO_EC

int tls_construct_stoc_supported_groups(SSL *s, WPACKET *pkt,

EXT_RETURN tls_construct_stoc_supported_groups(SSL *s, WPACKET *pkt,

                                               unsigned int context, X509 *x,

                                               size_t chainidx, int *al)

{

    /* s->s3->group_id is non zero if we accepted a key_share */

    if (s->s3->group_id == 0)

        return 1;

        return EXT_RETURN_NOT_SENT;

    /* Get our list of supported groups */

    if (!tls1_get_curvelist(s, 0, &groups, &numgroups) || numgroups == 0) {

        SSLerr(SSL_F_TLS_CONSTRUCT_STOC_SUPPORTED_GROUPS, ERR_R_INTERNAL_ERROR);

        return 0;

        return EXT_RETURN_FAIL;

    }

    /* Copy group ID if supported */

                 * so we don't need to add this extension

                 */

                if (s->s3->group_id == GET_GROUP_ID(groups, 0))

                    return 1;

                    return EXT_RETURN_NOT_SENT;

                /* Add extension header */

                if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_supported_groups)

                        || !WPACKET_start_sub_packet_u16(pkt)) {

                    SSLerr(SSL_F_TLS_CONSTRUCT_STOC_SUPPORTED_GROUPS,

                           ERR_R_INTERNAL_ERROR);

                    return 0;

                    return EXT_RETURN_FAIL;

                }

                first = 0;

            if (!WPACKET_put_bytes_u16(pkt, GET_GROUP_ID(groups, 0))) {

                    SSLerr(SSL_F_TLS_CONSTRUCT_STOC_SUPPORTED_GROUPS,

                           ERR_R_INTERNAL_ERROR);

                    return 0;

                    return EXT_RETURN_FAIL;

                }

        }

    }

    if (!WPACKET_close(pkt) || !WPACKET_close(pkt)) {

        SSLerr(SSL_F_TLS_CONSTRUCT_STOC_SUPPORTED_GROUPS, ERR_R_INTERNAL_ERROR);

        return 0;

        return EXT_RETURN_FAIL;

    }

    return 1;

    return EXT_RETURN_SENT;

}

#endif

int tls_construct_stoc_session_ticket(SSL *s, WPACKET *pkt,

EXT_RETURN tls_construct_stoc_session_ticket(SSL *s, WPACKET *pkt,

                                             unsigned int context, X509 *x,

                                             size_t chainidx, int *al)

{

    if (!s->ext.ticket_expected || !tls_use_ticket(s)) {

        s->ext.ticket_expected = 0;

        return 1;

        return EXT_RETURN_NOT_SENT;

    }

    if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_session_ticket)

            || !WPACKET_put_bytes_u16(pkt, 0)) {

        SSLerr(SSL_F_TLS_CONSTRUCT_STOC_SESSION_TICKET, ERR_R_INTERNAL_ERROR);

        return 0;

        return EXT_RETURN_FAIL;

    }

    return 1;

    return EXT_RETURN_SENT;

}

#ifndef OPENSSL_NO_OCSP

int tls_construct_stoc_status_request(SSL *s, WPACKET *pkt,

EXT_RETURN tls_construct_stoc_status_request(SSL *s, WPACKET *pkt,

                                             unsigned int context, X509 *x,

                                             size_t chainidx, int *al)

{

    if (!s->ext.status_expected)

        return 1;

        return EXT_RETURN_NOT_SENT;

    if (SSL_IS_TLS13(s) && chainidx != 0)

        return 1;

        return EXT_RETURN_NOT_SENT;

    if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_status_request)

            || !WPACKET_start_sub_packet_u16(pkt)) {

        SSLerr(SSL_F_TLS_CONSTRUCT_STOC_STATUS_REQUEST, ERR_R_INTERNAL_ERROR);

        return 0;

        return EXT_RETURN_FAIL;

    }

    /*

    if ((SSL_IS_TLS13(s) && !tls_construct_cert_status_body(s, pkt))

            || !WPACKET_close(pkt)) {

        SSLerr(SSL_F_TLS_CONSTRUCT_STOC_STATUS_REQUEST, ERR_R_INTERNAL_ERROR);

        return 0;

        return EXT_RETURN_FAIL;

    }

    return 1;

    return EXT_RETURN_SENT;

}

#endif

#ifndef OPENSSL_NO_NEXTPROTONEG

int tls_construct_stoc_next_proto_neg(SSL *s, WPACKET *pkt,

EXT_RETURN tls_construct_stoc_next_proto_neg(SSL *s, WPACKET *pkt,

                                             unsigned int context, X509 *x,

                                             size_t chainidx, int *al)

{

    s->s3->npn_seen = 0;

    if (!npn_seen || s->ctx->ext.npn_advertised_cb == NULL)

        return 1;

        return EXT_RETURN_NOT_SENT;

    ret = s->ctx->ext.npn_advertised_cb(s, &npa, &npalen,

                                        s->ctx->ext.npn_advertised_cb_arg);

                || !WPACKET_sub_memcpy_u16(pkt, npa, npalen)) {

            SSLerr(SSL_F_TLS_CONSTRUCT_STOC_NEXT_PROTO_NEG,

                   ERR_R_INTERNAL_ERROR);

            return 0;

            return EXT_RETURN_FAIL;

        }

        s->s3->npn_seen = 1;

    }

    return 1;

    return EXT_RETURN_SENT;

}

#endif

int tls_construct_stoc_alpn(SSL *s, WPACKET *pkt, unsigned int context, X509 *x,

                            size_t chainidx, int *al)

EXT_RETURN tls_construct_stoc_alpn(SSL *s, WPACKET *pkt, unsigned int context,

                                   X509 *x, size_t chainidx, int *al)

{

    if (s->s3->alpn_selected == NULL)

        return 1;

        return EXT_RETURN_NOT_SENT;

    if (!WPACKET_put_bytes_u16(pkt,

                TLSEXT_TYPE_application_layer_protocol_negotiation)

            || !WPACKET_close(pkt)

            || !WPACKET_close(pkt)) {

        SSLerr(SSL_F_TLS_CONSTRUCT_STOC_ALPN, ERR_R_INTERNAL_ERROR);

        return 0;

        return EXT_RETURN_FAIL;

    }

    return 1;

    return EXT_RETURN_SENT;

}

#ifndef OPENSSL_NO_SRTP

int tls_construct_stoc_use_srtp(SSL *s, WPACKET *pkt, unsigned int context,

                                X509 *x, size_t chainidx, int *al)

EXT_RETURN tls_construct_stoc_use_srtp(SSL *s, WPACKET *pkt,

                                       unsigned int context, X509 *x,

                                       size_t chainidx, int *al)

{

    if (s->srtp_profile == NULL)

        return 1;

        return EXT_RETURN_NOT_SENT;

    if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_use_srtp)

            || !WPACKET_start_sub_packet_u16(pkt)

            || !WPACKET_put_bytes_u8(pkt, 0)

            || !WPACKET_close(pkt)) {

        SSLerr(SSL_F_TLS_CONSTRUCT_STOC_USE_SRTP, ERR_R_INTERNAL_ERROR);

        return 0;

        return EXT_RETURN_FAIL;

    }

    return 1;

    return EXT_RETURN_SENT;

}

#endif

int tls_construct_stoc_etm(SSL *s, WPACKET *pkt, unsigned int context, X509 *x,

                           size_t chainidx, int *al)

EXT_RETURN tls_construct_stoc_etm(SSL *s, WPACKET *pkt, unsigned int context,

                                  X509 *x, size_t chainidx, int *al)

{

    if (!s->ext.use_etm)

        return 1;

        return EXT_RETURN_NOT_SENT;

    /*

     * Don't use encrypt_then_mac if AEAD or RC4 might want to disable

        || s->s3->tmp.new_cipher->algorithm_enc == SSL_eGOST2814789CNT

        || s->s3->tmp.new_cipher->algorithm_enc == SSL_eGOST2814789CNT12) {

        s->ext.use_etm = 0;

        return 1;

        return EXT_RETURN_NOT_SENT;

    }

    if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_encrypt_then_mac)

            || !WPACKET_put_bytes_u16(pkt, 0)) {

        SSLerr(SSL_F_TLS_CONSTRUCT_STOC_ETM, ERR_R_INTERNAL_ERROR);

        return 0;

        return EXT_RETURN_FAIL;

    }

    return 1;

    return EXT_RETURN_SENT;

}

int tls_construct_stoc_ems(SSL *s, WPACKET *pkt, unsigned int context, X509 *x,

                           size_t chainidx, int *al)

EXT_RETURN tls_construct_stoc_ems(SSL *s, WPACKET *pkt, unsigned int context,

                                  X509 *x, size_t chainidx, int *al)

{

    if ((s->s3->flags & TLS1_FLAGS_RECEIVED_EXTMS) == 0)

        return 1;

        return EXT_RETURN_NOT_SENT;

    if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_extended_master_secret)

            || !WPACKET_put_bytes_u16(pkt, 0)) {

        SSLerr(SSL_F_TLS_CONSTRUCT_STOC_EMS, ERR_R_INTERNAL_ERROR);

        return 0;

        return EXT_RETURN_FAIL;

    }

    return 1;

    return EXT_RETURN_SENT;

}

int tls_construct_stoc_key_share(SSL *s, WPACKET *pkt, unsigned int context,

                                 X509 *x, size_t chainidx, int *al)

EXT_RETURN tls_construct_stoc_key_share(SSL *s, WPACKET *pkt,

                                        unsigned int context, X509 *x,

                                        size_t chainidx, int *al)

{

#ifndef OPENSSL_NO_TLS1_3

    unsigned char *encodedPoint;

                    || !WPACKET_close(pkt)) {

                SSLerr(SSL_F_TLS_CONSTRUCT_STOC_KEY_SHARE,

                       ERR_R_INTERNAL_ERROR);

                return 0;

                return EXT_RETURN_FAIL;

            }

            return 1;

            return EXT_RETURN_SENT;

        }

        /* Must be resuming. */

        if (!s->hit || !tls13_generate_handshake_secret(s, NULL, 0)) {

            *al = SSL_AD_INTERNAL_ERROR;

            SSLerr(SSL_F_TLS_CONSTRUCT_STOC_KEY_SHARE, ERR_R_INTERNAL_ERROR);

            return 0;

            return EXT_RETURN_FAIL;

        }

        return 1;

        return EXT_RETURN_NOT_SENT;

    }

    if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_key_share)

            || !WPACKET_start_sub_packet_u16(pkt)

            || !WPACKET_put_bytes_u16(pkt, s->s3->group_id)) {

        SSLerr(SSL_F_TLS_CONSTRUCT_STOC_KEY_SHARE, ERR_R_INTERNAL_ERROR);

        return 0;

        return EXT_RETURN_FAIL;

    }

    skey = ssl_generate_pkey(ckey);

    if (skey == NULL) {

        SSLerr(SSL_F_TLS_CONSTRUCT_STOC_KEY_SHARE, ERR_R_MALLOC_FAILURE);

        return 0;

        return EXT_RETURN_FAIL;

    }

    /* Generate encoding of server key */

    if (encoded_pt_len == 0) {

        SSLerr(SSL_F_TLS_CONSTRUCT_STOC_KEY_SHARE, ERR_R_EC_LIB);

        EVP_PKEY_free(skey);

        return 0;

        return EXT_RETURN_FAIL;

    }

    if (!WPACKET_sub_memcpy_u16(pkt, encodedPoint, encoded_pt_len)

        SSLerr(SSL_F_TLS_CONSTRUCT_STOC_KEY_SHARE, ERR_R_INTERNAL_ERROR);

        EVP_PKEY_free(skey);

        OPENSSL_free(encodedPoint);

        return 0;

        return EXT_RETURN_FAIL;

    }

    OPENSSL_free(encodedPoint);