Updates following review feedback of TLSv1.3 draft-21 code

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3852)

2 files changed, 3 insertions, 6 deletions

diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
index 8740e15daa..a1d2013187 100644
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -128,9 +128,8 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket)
 #endif
     dest->peer_chain = NULL;
     dest->peer = NULL;
-    memset(&dest->ex_data, 0, sizeof(dest->ex_data));
-
     dest->ext.tick_nonce = NULL;
+    memset(&dest->ex_data, 0, sizeof(dest->ex_data));
 
     /* We deliberately don't copy the prev and next pointers */
     dest->prev = NULL;
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index cfe6f513ff..f3f54d429b 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -3511,10 +3511,8 @@ int tls_construct_new_session_ticket(SSL *s, WPACKET *pkt)
                                ? 0 : s->session->timeout)
             || (SSL_IS_TLS13(s)
                 && (!WPACKET_put_bytes_u32(pkt, age_add_u.age_add)
-                       /* ticket_nonce */
-                    || !WPACKET_start_sub_packet_u8(pkt)
-                    || !WPACKET_put_bytes_u8(pkt, 0)
-                    || !WPACKET_close(pkt)))
+                    || !WPACKET_sub_memcpy_u8(pkt, s->session->ext.tick_nonce,
+                                              s->session->ext.tick_nonce_len)))
                /* Now the actual ticket data */
             || !WPACKET_start_sub_packet_u16(pkt)
             || !WPACKET_get_total_written(pkt, &macoffset)