Make wolfSSL_CTX_set_timeout call wolfSSL_CTX_set_TicketHint internally to change session-ticket-lifetime-hint.

2021-05-13 04:23:11 +09:00
parent 197b959916
commit aef9e560b1
2 changed files with 85 additions and 6 deletions
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -13663,18 +13663,65 @@ int wolfSSL_set_timeout(WOLFSSL* ssl, unsigned int to)
 }


-/* set ctx session timeout in seconds */
+/**
+ * Sets ctx session timeout in seconds.
+ * The timeout value set here should be reflected in the
+ * "session ticket lifetime hint" if this API works in the openssl compat-layer.
+ * Therefore wolfSSL_CTX_set_TicketHint is called internally.
+ * Arguments:
+ *  - ctx  WOLFSSL_CTX object which the timeout is set to
+ *  - to   timeout value in second
+ * Returns:
+ *  WOLFSSL_SUCCESS on success, BAD_FUNC_ARG on failure.
+ *  When WOLFSSL_ERROR_CODE_OPENSSL is defined, returns previous timeout value
+ *  on success, BAD_FUNC_ARG on failure.
+ */
 WOLFSSL_ABI
 int wolfSSL_CTX_set_timeout(WOLFSSL_CTX* ctx, unsigned int to)
 {
+    #if defined(WOLFSSL_ERROR_CODE_OPENSSL)
+    word32 prev_timeout;
+    #endif
+
+    int ret = WOLFSSL_SUCCESS;
+    (void)ret;
+
    if (ctx == NULL)
-        return BAD_FUNC_ARG;
+        ret = BAD_FUNC_ARG;

-    if (to == 0)
-        to = WOLFSSL_SESSION_TIMEOUT;
-    ctx->timeout = to;
+    if (ret == WOLFSSL_SUCCESS) {
+    #if defined(WOLFSSL_ERROR_CODE_OPENSSL)
+        prev_timeout = ctx->timeout;
+    #endif
+        if (to == 0) {
+            ctx->timeout = WOLFSSL_SESSION_TIMEOUT;
+        }
+        else {
+            ctx->timeout = to;
+        }
+    }
+#if defined(OPENSSL_EXTRA) && defined(HAVE_SESSION_TICKET) && \
+   !defined(NO_WOLFSSL_SERVER)
+    if (ret == WOLFSSL_SUCCESS) {
+        if (to == 0) {
+            ret = wolfSSL_CTX_set_TicketHint(ctx, SESSION_TICKET_HINT_DEFAULT);
+        }
+        else {
+            ret = wolfSSL_CTX_set_TicketHint(ctx, to);
+        }
+    }
+#endif /* OPENSSL_EXTRA && HAVE_SESSION_TICKET && !NO_WOLFSSL_SERVER */

-    return WOLFSSL_SUCCESS;
+#if defined(WOLFSSL_ERROR_CODE_OPENSSL)
+    if (ret == WOLFSSL_SUCCESS) {
+        return prev_timeout;
+    }
+    else {
+        return ret;
+    }
+#else
+    return ret;
+#endif /* WOLFSSL_ERROR_CODE_OPENSSL */
 }


--- a/tests/api.c
+++ b/tests/api.c
@@ -44671,6 +44671,37 @@ static void test_wolfSSL_EC_curve(void)
 #endif
 }

+static void test_wolfSSL_CTX_set_timeout(void)
+{
+    int timeout;
+    (void)timeout;
+    printf(testingFmt, "test_wolfSSL_CTX_set_timeout()");
+
+    WOLFSSL_CTX* ctx = wolfSSL_CTX_new(wolfSSLv23_server_method());
+    AssertNotNull(ctx);
+
+#if defined(WOLFSSL_ERROR_CODE_OPENSSL)
+    /* in WOLFSSL_ERROR_CODE_OPENSSL macro guard,
+     * wolfSSL_CTX_set_timeout returns previous timeout value on success.
+     */
+    AssertIntEQ(wolfSSL_CTX_set_timeout(NULL, 0), BAD_FUNC_ARG);
+    /* giving 0 as timeout value sets default timeout */
+    timeout = wolfSSL_CTX_set_timeout(ctx, 0);
+    AssertIntEQ(wolfSSL_CTX_set_timeout(ctx, 20), timeout);
+    AssertIntEQ(wolfSSL_CTX_set_timeout(ctx, 30), 20);
+
+#else
+
+    AssertIntEQ(wolfSSL_CTX_set_timeout(NULL, 0), BAD_FUNC_ARG);
+    AssertIntEQ(wolfSSL_CTX_set_timeout(ctx, 100), 1);
+    AssertIntEQ(wolfSSL_CTX_set_timeout(ctx, 0), 1);
+
+#endif
+    wolfSSL_CTX_free(ctx);
+
+    printf(resultFmt, passed);
+}
+
 static void test_wolfSSL_OpenSSL_version(void)
 {
 #if defined(OPENSSL_EXTRA)
@@ -45509,6 +45540,7 @@ void ApiTest(void)
    test_wolfSSL_security_level();
    test_wolfSSL_SSL_in_init();
    test_wolfSSL_EC_curve();
+    test_wolfSSL_CTX_set_timeout();
    test_wolfSSL_OpenSSL_version();
    test_wolfSSL_set_psk_use_session_callback();