From a52df87c8ad6a8b6dbbf96a1327bc8ba0c7d752d Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Thu, 26 Aug 2021 15:45:21 -0600 Subject: [PATCH] adjust type for max tickets variable and number sent with WOLFSSL_TLS13_TICKET_BEFORE_FINISHED macro --- src/ssl.c | 4 ++-- src/tls13.c | 13 +++---------- wolfssl/internal.h | 9 +++++++-- 3 files changed, 12 insertions(+), 14 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 9efbe1e9c..22baea8a4 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -3038,7 +3038,7 @@ int wolfSSL_CTX_set_num_tickets(WOLFSSL_CTX* ctx, size_t mxTickets) if (ctx == NULL) return WOLFSSL_FAILURE; - ctx->maxTicketTls13 = mxTickets; + ctx->maxTicketTls13 = (unsigned int)mxTickets; return WOLFSSL_SUCCESS; } @@ -3050,7 +3050,7 @@ size_t wolfSSL_CTX_get_num_tickets(WOLFSSL_CTX* ctx) if (ctx == NULL) return 0; - return ctx->maxTicketTls13; + return (size_t)ctx->maxTicketTls13; } #endif /* !NO_WOLFSSL_SERVER */ diff --git a/src/tls13.c b/src/tls13.c index 574e2c6a6..6af1656f8 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -9168,9 +9168,6 @@ const char* wolfSSL_get_cipher_name_by_hash(WOLFSSL* ssl, const char* hash) */ int wolfSSL_accept_TLSv13(WOLFSSL* ssl) { -#ifdef HAVE_SESSION_TICKET - byte ticketsSent; /* count for number of tickets sent */ -#endif #if !defined(NO_CERTS) && (defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)) word16 havePSK = 0; #endif @@ -9432,6 +9429,7 @@ int wolfSSL_accept_TLSv13(WOLFSSL* ssl) return WOLFSSL_FATAL_ERROR; } } + ssl->options.ticketsSent = 1; #endif #endif /* HAVE_SESSION_TICKET */ ssl->options.acceptState = TLS13_PRE_TICKET_SENT; @@ -9451,13 +9449,7 @@ int wolfSSL_accept_TLSv13(WOLFSSL* ssl) case TLS13_ACCEPT_FINISHED_DONE : #ifdef HAVE_SESSION_TICKET - for (ticketsSent = 0; ticketsSent < ssl->options.maxTicketTls13; - ticketsSent++) { - #ifdef WOLFSSL_TLS13_TICKET_BEFORE_FINISHED - if (!ssl->options.verifyPeer) { - } - else - #endif + while (ssl->options.ticketsSent < ssl->options.maxTicketTls13) { if (!ssl->options.noTicketTls13 && ssl->ctx->ticketEncCb != NULL) { if ((ssl->error = SendTls13NewSessionTicket(ssl)) != 0) { @@ -9465,6 +9457,7 @@ int wolfSSL_accept_TLSv13(WOLFSSL* ssl) return WOLFSSL_FATAL_ERROR; } } + ssl->options.ticketsSent++; /* only one session ticket is sent on session resumption */ if (ssl->options.resuming) { diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 69c1aee40..9e90ff8a3 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -2841,7 +2841,9 @@ struct WOLFSSL_CTX { byte noTicketTls12:1; /* TLS 1.2 server won't send ticket */ #endif #ifdef WOLFSSL_TLS13 - byte maxTicketTls13; /* maximum number of tickets to send */ + #if defined(HAVE_SESSION_TICKET) && !defined(NO_WOLFSSL_SERVER) + unsigned int maxTicketTls13; /* maximum number of tickets to send */ + #endif byte noTicketTls13:1; /* TLS 1.3 Server won't create new Ticket */ byte noPskDheKe:1; /* Don't use (EC)DHE with PSK */ #endif @@ -3568,6 +3570,10 @@ typedef struct Options { #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) || defined(WOLFSSL_WPAS_SMALL) unsigned long mask; /* store SSL_OP_ flags */ #endif +#if defined(HAVE_SESSION_TICKET) && defined(WOLFSSL_TLS13) + unsigned int maxTicketTls13; /* maximum number of tickets to send */ + unsigned int ticketsSent; /* keep track of the total sent */ +#endif /* on/off or small bit flags, optimize layout */ #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) @@ -3627,7 +3633,6 @@ typedef struct Options { word16 rejectTicket:1; /* Callback rejected ticket */ word16 noTicketTls12:1; /* TLS 1.2 server won't send ticket */ #ifdef WOLFSSL_TLS13 - byte maxTicketTls13; /* maximum number of tickets to send */ word16 noTicketTls13:1; /* Server won't create new Ticket */ #endif #endif