Make the "ticket" function return codes clearer

void ssl_set_default_md(SSL *s);

__owur int tls1_set_server_sigalgs(SSL *s);

__owur int tls_get_ticket_from_client(SSL *s, CLIENTHELLO_MSG *hello,

                                      SSL_SESSION **ret);

/* Return codes for tls_decrypt_ticket */

#define TICKET_FATAL_ERR_MALLOC     -2

#define TICKET_FATAL_ERR_OTHER      -1

#define TICKET_NO_DECRYPT            2

#define TICKET_SUCCESS               3

#define TICKET_SUCCESS_RENEW         4

__owur int tls_decrypt_ticket(SSL *s, const unsigned char *etick,

                              size_t eticklen, const unsigned char *sess_id,

/* Return codes for tls_get_ticket_from_client() and tls_decrypt_ticket() */

typedef enum ticket_en {

    TICKET_FATAL_ERR_MALLOC,

    TICKET_FATAL_ERR_OTHER,

    TICKET_NONE,

    TICKET_EMPTY,

    TICKET_NO_DECRYPT,

    TICKET_SUCCESS,

    TICKET_SUCCESS_RENEW

} TICKET_RETURN;

__owur TICKET_RETURN tls_get_ticket_from_client(SSL *s, CLIENTHELLO_MSG *hello,

                                                SSL_SESSION **ret);

__owur TICKET_RETURN tls_decrypt_ticket(SSL *s, const unsigned char *etick,

                                        size_t eticklen,

                                        const unsigned char *sess_id,

                                        size_t sesslen, SSL_SESSION **psess);

__owur int tls_use_ticket(SSL *s);

    SSL_SESSION *ret = NULL;

    int fatal = 0;

    int try_session_cache = 0;

    int r;

    TICKET_RETURN r;

    if (SSL_IS_TLS13(s)) {

        int al;

        /* sets s->ext.ticket_expected */

        r = tls_get_ticket_from_client(s, hello, &ret);

        switch (r) {

        case -1:                   /* Error during processing */

        case TICKET_FATAL_ERR_MALLOC:

        case TICKET_FATAL_ERR_OTHER: /* Error during processing */

            fatal = 1;

            goto err;

        case 0:                    /* No ticket found */

        case 1:                    /* Zero length ticket found */

        case TICKET_NONE:            /* No ticket found */

        case TICKET_EMPTY:           /* Zero length ticket found */

            try_session_cache = 1;

            break;                   /* Ok to carry on processing session id. */

        case 2:                    /* Ticket found but not decrypted. */

        case 3:                    /* Ticket decrypted, *ret has been set. */

        case TICKET_NO_DECRYPT:      /* Ticket found but not decrypted. */

        case TICKET_SUCCESS:         /* Ticket decrypted, *ret has been set. */

        case TICKET_SUCCESS_RENEW:

            break;

        default:

            abort();

        }

    }

 *   s->ctx->ext.ticket_key_cb asked to renew the client's ticket.

 *   Otherwise, s->ext.ticket_expected is set to 0.

 */

int tls_get_ticket_from_client(SSL *s, CLIENTHELLO_MSG *hello,

TICKET_RETURN tls_get_ticket_from_client(SSL *s, CLIENTHELLO_MSG *hello,

                                         SSL_SESSION **ret)

{

    int retv;

     * resumption.

     */

    if (s->version <= SSL3_VERSION || !tls_use_ticket(s))

        return 0;

        return TICKET_NONE;

    ticketext = &hello->pre_proc_exts[TLSEXT_IDX_session_ticket];

    if (!ticketext->present)

        return 0;

        return TICKET_NONE;

    size = PACKET_remaining(&ticketext->data);

    if (size == 0) {

         * one.

         */

        s->ext.ticket_expected = 1;

        return 1;

        return TICKET_EMPTY;

    }

    if (s->ext.session_secret_cb) {

        /*

         * abbreviated handshake based on external mechanism to

         * calculate the master secret later.

         */

        return 2;

        return TICKET_NO_DECRYPT;

    }

    retv = tls_decrypt_ticket(s, PACKET_data(&ticketext->data), size,

    switch (retv) {

    case TICKET_NO_DECRYPT: /* ticket couldn't be decrypted */

        s->ext.ticket_expected = 1;

        return 2;

        return TICKET_NO_DECRYPT;

    case TICKET_SUCCESS: /* ticket was decrypted */

        return 3;

        return TICKET_SUCCESS;

    case TICKET_SUCCESS_RENEW: /* ticket decrypted but need to renew */

        s->ext.ticket_expected = 1;

        return 3;

        return TICKET_SUCCESS;

    default:           /* fatal error */

        return -1;

        return TICKET_FATAL_ERR_OTHER;

    }

}

 *                            set.

 *   TICKET_SUCCESS_RENEW:    same as 3, but the ticket needs to be renewed

 */

#define TICKET_FATAL_ERR_MALLOC     -2

#define TICKET_FATAL_ERR_OTHER      -1

#define TICKET_NO_DECRYPT            2

#define TICKET_SUCCESS               3

#define TICKET_SUCCESS_RENEW         4

int tls_decrypt_ticket(SSL *s, const unsigned char *etick, size_t eticklen,

                       const unsigned char *sess_id, size_t sesslen,

                       SSL_SESSION **psess)

TICKET_RETURN tls_decrypt_ticket(SSL *s, const unsigned char *etick,

                                 size_t eticklen, const unsigned char *sess_id,

                                 size_t sesslen, SSL_SESSION **psess)

{

    SSL_SESSION *sess;

    unsigned char *sdec;

    const unsigned char *p;

    int slen, renew_ticket = 0, ret = TICKET_FATAL_ERR_OTHER, declen;

    int slen, renew_ticket = 0, declen;

    TICKET_RETURN ret = TICKET_FATAL_ERR_OTHER;

    size_t mlen;

    unsigned char tick_hmac[EVP_MAX_MD_SIZE];

    HMAC_CTX *hctx = NULL;