Merge pull request #4275 from JacobBarthelmeh/Compatibility-Layer

add set num tickets compat function
2025-07-30 18:57:27 +02:00 · 2021-08-30 09:26:49 -07:00
parent 0488caed4c 40a4015491
commit 2a6b8f4912
6 changed files with 56 additions and 10 deletions
--- a/src/internal.c
+++ b/src/internal.c
@ -2092,6 +2092,10 @@ int InitSSL_Ctx(WOLFSSL_CTX* ctx, WOLFSSL_METHOD* method, void* heap)
    ctx->ticketEncCtx = (void*)&ctx->ticketKeyCtx;
 #endif
    ctx->ticketHint = SESSION_TICKET_HINT_DEFAULT;
+#if defined(WOLFSSL_TLS13)
+    ctx->maxTicketTls13 = 1; /* default to sending a session ticket if compiled
+                                in */
+#endif
 #endif

 #ifdef WOLFSSL_EARLY_DATA
@ -6212,6 +6216,9 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
 #endif

 #ifdef WOLFSSL_TLS13
+    #if defined(HAVE_SESSION_TICKET) && !defined(NO_WOLFSSL_SERVER)
+        ssl->options.maxTicketTls13 = ctx->maxTicketTls13;
+    #endif
    #ifdef HAVE_SESSION_TICKET
        ssl->options.noTicketTls13  = ctx->noTicketTls13;
    #endif
--- a/src/ssl.c
+++ b/src/ssl.c
@ -3048,6 +3048,29 @@ void* wolfSSL_CTX_get_TicketEncCtx(WOLFSSL_CTX* ctx)

    return ctx->ticketEncCtx;
 }
+
+/* set the maximum number of tickets to send
+ * return WOLFSSL_SUCCESS on success and WOLFSSL_FAILURE on fail
+ */
+int wolfSSL_CTX_set_num_tickets(WOLFSSL_CTX* ctx, size_t mxTickets)
+{
+    if (ctx == NULL)
+        return WOLFSSL_FAILURE;
+
+    ctx->maxTicketTls13 = (unsigned int)mxTickets;
+    return WOLFSSL_SUCCESS;
+}
+
+/* get the maximum number of tickets to send
+ * return number of tickets set to be sent
+ */
+size_t wolfSSL_CTX_get_num_tickets(WOLFSSL_CTX* ctx)
+{
+    if (ctx == NULL)
+        return 0;
+
+    return (size_t)ctx->maxTicketTls13;
+}
 #endif /* !NO_WOLFSSL_SERVER */

 #if !defined(NO_WOLFSSL_CLIENT)
--- a/src/tls13.c
+++ b/src/tls13.c
@ -9483,6 +9483,7 @@ int wolfSSL_accept_TLSv13(WOLFSSL* ssl)
                    WOLFSSL_ERROR(ssl->error);
                    return WOLFSSL_FATAL_ERROR;
                }
+                ssl->options.ticketsSent = 1;
            }
    #endif
 #endif /* HAVE_SESSION_TICKET */
@ -9503,17 +9504,21 @@ int wolfSSL_accept_TLSv13(WOLFSSL* ssl)

        case TLS13_ACCEPT_FINISHED_DONE :
 #ifdef HAVE_SESSION_TICKET
-    #ifdef WOLFSSL_TLS13_TICKET_BEFORE_FINISHED
-            if (!ssl->options.verifyPeer) {
-            }
-            else
-    #endif
-            if (!ssl->options.noTicketTls13 && ssl->ctx->ticketEncCb != NULL) {
+            while (ssl->options.ticketsSent < ssl->options.maxTicketTls13) {
+                if (!ssl->options.noTicketTls13 && ssl->ctx->ticketEncCb
+                        != NULL) {
                    if ((ssl->error = SendTls13NewSessionTicket(ssl)) != 0) {
                        WOLFSSL_ERROR(ssl->error);
                        return WOLFSSL_FATAL_ERROR;
                    }
                }
+                ssl->options.ticketsSent++;
+
+                /* only one session ticket is sent on session resumption */
+                if (ssl->options.resuming) {
+                    break;
+                }
+            }
 #endif /* HAVE_SESSION_TICKET */
            ssl->options.acceptState = TLS13_TICKET_SENT;
            WOLFSSL_MSG("accept state TICKET_SENT");
--- a/wolfssl/internal.h
+++ b/wolfssl/internal.h
@ -2847,6 +2847,9 @@ struct WOLFSSL_CTX {
    byte        noTicketTls12:1;  /* TLS 1.2 server won't send ticket */
 #endif
 #ifdef WOLFSSL_TLS13
+    #if defined(HAVE_SESSION_TICKET) && !defined(NO_WOLFSSL_SERVER)
+    unsigned int maxTicketTls13;  /* maximum number of tickets to send */
+    #endif
    byte        noTicketTls13:1;  /* TLS 1.3 Server won't create new Ticket */
    byte        noPskDheKe:1;     /* Don't use (EC)DHE with PSK */
 #endif
@ -3584,6 +3587,10 @@ typedef struct Options {
 #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) || defined(WOLFSSL_WPAS_SMALL)
    unsigned long     mask; /* store SSL_OP_ flags */
 #endif
+#if defined(HAVE_SESSION_TICKET) && defined(WOLFSSL_TLS13)
+    unsigned int      maxTicketTls13;  /* maximum number of tickets to send */
+    unsigned int      ticketsSent;     /* keep track of the total sent */
+#endif

    /* on/off or small bit flags, optimize layout */
 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
--- a/wolfssl/openssl/ssl.h
+++ b/wolfssl/openssl/ssl.h
@ -1152,6 +1152,8 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
 #define SSL_CTX_set_tlsext_ticket_keys  wolfSSL_CTX_set_tlsext_ticket_keys
 #define SSL_CTX_get_tlsext_status_cb    wolfSSL_CTX_get_tlsext_status_cb
 #define SSL_CTX_set_tlsext_status_cb    wolfSSL_CTX_set_tlsext_status_cb
+#define SSL_CTX_set_num_tickets         wolfSSL_CTX_set_num_tickets
+#define SSL_CTX_get_num_tickets         wolfSSL_CTX_get_num_tickets

 #define SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS         11
 #define SSL_CTRL_GET_TOTAL_RENEGOTIATIONS         12
--- a/wolfssl/ssl.h
+++ b/wolfssl/ssl.h
@ -3624,6 +3624,8 @@ WOLFSSL_API int wolfSSL_CTX_set_TicketEncCb(WOLFSSL_CTX* ctx,
 WOLFSSL_API int wolfSSL_CTX_set_TicketHint(WOLFSSL_CTX* ctx, int);
 WOLFSSL_API int wolfSSL_CTX_set_TicketEncCtx(WOLFSSL_CTX* ctx, void*);
 WOLFSSL_API void* wolfSSL_CTX_get_TicketEncCtx(WOLFSSL_CTX* ctx);
+WOLFSSL_API size_t wolfSSL_CTX_get_num_tickets(WOLFSSL_CTX* ctx);
+WOLFSSL_API int wolfSSL_CTX_set_num_tickets(WOLFSSL_CTX* ctx, size_t mxTickets);

 #endif /* NO_WOLFSSL_SERVER */