Compat layer session tickets

- OpenSSL uses an internal mechanism by default for session tickets. This is now implemented for OPENSSL_EXTRA in wolfSSL. - Add testing of wolfSSL_CTX_set_tlsext_ticket_key_cb
2026-02-01 14:59:21 +01:00 · 2021-01-11 16:06:43 +01:00
parent 9a1e54cfd5
commit 26df833074
8 changed files with 201 additions and 25 deletions
--- a/src/internal.c
+++ b/src/internal.c
@@ -1673,6 +1673,78 @@ int InitSSL_Side(WOLFSSL* ssl, word16 side)
 }
 #endif /* OPENSSL_EXTRA || WOLFSSL_EITHER_SIDE */

+#if defined(HAVE_SESSION_TICKET) && !defined(NO_WOLFSSL_SERVER) && \
+    defined(OPENSSL_EXTRA)
+static int ctxInitTicket(WOLFSSL_CTX* ctx)
+{
+    WC_RNG rng;
+    int ret = 0;
+
+    ret = wc_InitRng(&rng);
+    if (ret != 0)
+        return ret;
+
+    ret = wc_RNG_GenerateBlock(&rng,
+            ctx->ticketCompatName, sizeof(ctx->ticketCompatName));
+    if (ret == 0)
+        ret = wc_RNG_GenerateBlock(&rng,
+                ctx->ticketCompatKey, sizeof(ctx->ticketCompatKey));
+    if (ret == 0)
+        ret = wc_RNG_GenerateBlock(&rng,
+                ctx->ticketCompatHmacKey, sizeof(ctx->ticketCompatHmacKey));
+    if (ret == 0)
+        ret = wc_RNG_GenerateBlock(&rng,
+                ctx->ticketCompatIV, sizeof(ctx->ticketCompatIV));
+
+    wc_FreeRng(&rng);
+    return ret;
+}
+
+static WC_INLINE int myTicketEncCbCompat(WOLFSSL* ssl,
+                         byte name[WOLFSSL_TICKET_NAME_SZ],
+                         byte iv[WOLFSSL_TICKET_IV_SZ],
+                         WOLFSSL_EVP_CIPHER_CTX *ectx,
+                         WOLFSSL_HMAC_CTX *hctx, int enc) {
+    WOLFSSL_ENTER("myTicketEncCbCompat");
+
+    if (ssl == NULL || name == NULL || iv == NULL || ectx == NULL
+            || hctx == NULL)
+        return TICKET_KEY_CB_RET_FAILURE;
+
+    if (enc) {
+        XMEMCPY(name, ssl->ctx->ticketCompatName, sizeof(ssl->ctx->ticketCompatName));
+        XMEMCPY(iv, ssl->ctx->ticketCompatIV, sizeof(ssl->ctx->ticketCompatIV));
+    }
+    else if (XMEMCMP(name, ssl->ctx->ticketCompatName,
+                sizeof(ssl->ctx->ticketCompatName)) != 0 ||
+             XMEMCMP(iv, ssl->ctx->ticketCompatIV,
+                sizeof(ssl->ctx->ticketCompatIV)) != 0) {
+        WOLFSSL_MSG("myTicketEncCbCompat: name or iv mismatch");
+        return TICKET_KEY_CB_RET_NOT_FOUND;
+    }
+    if (wolfSSL_HMAC_Init(hctx, ssl->ctx->ticketCompatHmacKey,
+            WOLFSSL_TICKET_NAME_SZ, wolfSSL_EVP_sha256()) != WOLFSSL_SUCCESS) {
+        WOLFSSL_MSG("wolfSSL_HMAC_Init error");
+        return TICKET_KEY_CB_RET_FAILURE;
+    }
+    if (enc) {
+        if (wolfSSL_EVP_EncryptInit(ectx, wolfSSL_EVP_aes_256_cbc(),
+                ssl->ctx->ticketCompatKey, iv) != WOLFSSL_SUCCESS) {
+            WOLFSSL_MSG("wolfSSL_EVP_EncryptInit error");
+            return TICKET_KEY_CB_RET_FAILURE;
+        }
+    }
+    else {
+        if (wolfSSL_EVP_DecryptInit(ectx, wolfSSL_EVP_aes_256_cbc(),
+                ssl->ctx->ticketCompatKey, iv) != WOLFSSL_SUCCESS) {
+            WOLFSSL_MSG("wolfSSL_EVP_DecryptInit error");
+            return TICKET_KEY_CB_RET_FAILURE;
+        }
+    }
+    return TICKET_KEY_CB_RET_OK;
+}
+#endif /* HAVE_SESSION_TICKET && !NO_WOLFSSL_SERVER && OPENSSL_EXTRA */
+
 /* Initialize SSL context, return 0 on success */
 int InitSSL_Ctx(WOLFSSL_CTX* ctx, WOLFSSL_METHOD* method, void* heap)
 {
@@ -1825,10 +1897,21 @@ int InitSSL_Ctx(WOLFSSL_CTX* ctx, WOLFSSL_METHOD* method, void* heap)
    ctx->ticketEncCtx = (void*)&ctx->ticketKeyCtx;
 #endif
    ctx->ticketHint = SESSION_TICKET_HINT_DEFAULT;
+#ifdef OPENSSL_EXTRA
+    if (ret == 0)
+        ret = ctxInitTicket(ctx);
+    /* No need for compat ticket init flag since below callback setter is
+     * only called when the above parameter generation has succeeded */
+    if (ret == 0 &&
+            wolfSSL_CTX_set_tlsext_ticket_key_cb(ctx, myTicketEncCbCompat)
+                != WOLFSSL_SUCCESS)
+        ret = SESSION_SECRET_CB_E;
+#endif
 #endif

 #ifdef HAVE_WOLF_EVENT
-    ret = wolfEventQueue_Init(&ctx->event_queue);
+    if (ret == 0)
+        ret = wolfEventQueue_Init(&ctx->event_queue);
 #endif /* HAVE_WOLF_EVENT */

 #ifdef WOLFSSL_EARLY_DATA
@@ -1970,6 +2053,12 @@ void SSL_CtxResourceFree(WOLFSSL_CTX* ctx)
        }
    }
 #endif /* WOLFSSL_STATIC_MEMORY */
+#if defined(HAVE_SESSION_TICKET) && !defined(NO_WOLFSSL_SERVER) && \
+    defined(OPENSSL_EXTRA)
+    ForceZero(ctx->ticketCompatKey, sizeof(ctx->ticketCompatKey));
+    ForceZero(ctx->ticketCompatHmacKey, sizeof(ctx->ticketCompatHmacKey));
+    ForceZero(ctx->ticketCompatIV, sizeof(ctx->ticketCompatIV));
+#endif
 }


--- a/src/ssl.c
+++ b/src/ssl.c
@@ -15704,6 +15704,14 @@ int wolfSSL_set_compression(WOLFSSL* ssl)

        ctx->mask = wolf_set_options(ctx->mask, opt);

+#if defined(HAVE_SESSION_TICKET) && !defined(NO_WOLFSSL_SERVER)
+        if (ctx->mask & SSL_OP_NO_TICKET) {
+            ctx->ticketEncCb = NULL;
+            ctx->ticketCompatCb = NULL;
+            WOLFSSL_MSG("\tSSL_OP_NO_TICKET");
+        }
+#endif
+
        return ctx->mask;
    }

@@ -47561,16 +47569,7 @@ int wolfSSL_i2a_ASN1_INTEGER(BIO *bp, const WOLFSSL_ASN1_INTEGER *a)


 #if defined(HAVE_SESSION_TICKET) && !defined(NO_WOLFSSL_SERVER)
-/* Expected return values from implementations of OpenSSL ticket key callback.
- */
-#define TICKET_KEY_CB_RET_FAILURE    -1
-#define TICKET_KEY_CB_RET_NOT_FOUND   0
-#define TICKET_KEY_CB_RET_OK          1
-#define TICKET_KEY_CB_RET_RENEW       2

-/* The ticket key callback as used in OpenSSL is stored here. */
-static int (*ticketKeyCb)(WOLFSSL *ssl, unsigned char *name, unsigned char *iv,
-    WOLFSSL_EVP_CIPHER_CTX *ectx, WOLFSSL_HMAC_CTX *hctx, int enc) = NULL;

 /* Implementation of session ticket encryption/decryption using OpenSSL
 * callback to initialize the cipher and HMAC.
@@ -47605,14 +47604,24 @@ static int wolfSSL_TicketKeyCb(WOLFSSL* ssl,

    (void)ctx;

-    if (ticketKeyCb == NULL)
+    WOLFSSL_ENTER("wolfSSL_TicketKeyCb");
+
+    if (ssl == NULL || ssl->ctx == NULL || ssl->ctx->ticketCompatCb == NULL) {
+        WOLFSSL_MSG("Bad parameter");
        return WOLFSSL_TICKET_RET_FATAL;
+    }

    wolfSSL_EVP_CIPHER_CTX_init(&evpCtx);
-    /* Initialize the cipher and HMAC. */
-    res = ticketKeyCb(ssl, keyName, iv, &evpCtx, &hmacCtx, enc);
-    if (res != TICKET_KEY_CB_RET_OK && res != TICKET_KEY_CB_RET_RENEW)
+    if (wolfSSL_HMAC_CTX_Init(&hmacCtx) != WOLFSSL_SUCCESS) {
+        WOLFSSL_MSG("wolfSSL_HMAC_CTX_Init error");
        return WOLFSSL_TICKET_RET_FATAL;
+    }
+    /* Initialize the cipher and HMAC. */
+    res = ssl->ctx->ticketCompatCb(ssl, keyName, iv, &evpCtx, &hmacCtx, enc);
+    if (res != TICKET_KEY_CB_RET_OK && res != TICKET_KEY_CB_RET_RENEW) {
+        WOLFSSL_MSG("Ticket callback error");
+        return WOLFSSL_TICKET_RET_FATAL;
+    }

    if (enc)
    {
@@ -47676,7 +47685,7 @@ int wolfSSL_CTX_set_tlsext_ticket_key_cb(WOLFSSL_CTX *ctx, int (*cb)(
    WOLFSSL_EVP_CIPHER_CTX *ectx, WOLFSSL_HMAC_CTX *hctx, int enc))
 {
    /* Store callback in a global. */
-    ticketKeyCb = cb;
+    ctx->ticketCompatCb = cb;
    /* Set the ticket encryption callback to be a wrapper around OpenSSL
     * callback.
     */