From aef9e560b1e14b977c2b213a9e0999a86cf0f139 Mon Sep 17 00:00:00 2001 From: TakayukiMatsuo Date: Thu, 13 May 2021 04:23:11 +0900 Subject: [PATCH] Make wolfSSL_CTX_set_timeout call wolfSSL_CTX_set_TicketHint internally to change session-ticket-lifetime-hint. --- src/ssl.c | 59 +++++++++++++++++++++++++++++++++++++++++++++++------ tests/api.c | 32 +++++++++++++++++++++++++++++ 2 files changed, 85 insertions(+), 6 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index de5fc28ab..aa2dcfc3f 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -13663,18 +13663,65 @@ int wolfSSL_set_timeout(WOLFSSL* ssl, unsigned int to) } -/* set ctx session timeout in seconds */ +/** + * Sets ctx session timeout in seconds. + * The timeout value set here should be reflected in the + * "session ticket lifetime hint" if this API works in the openssl compat-layer. + * Therefore wolfSSL_CTX_set_TicketHint is called internally. + * Arguments: + * - ctx WOLFSSL_CTX object which the timeout is set to + * - to timeout value in second + * Returns: + * WOLFSSL_SUCCESS on success, BAD_FUNC_ARG on failure. + * When WOLFSSL_ERROR_CODE_OPENSSL is defined, returns previous timeout value + * on success, BAD_FUNC_ARG on failure. + */ WOLFSSL_ABI int wolfSSL_CTX_set_timeout(WOLFSSL_CTX* ctx, unsigned int to) { + #if defined(WOLFSSL_ERROR_CODE_OPENSSL) + word32 prev_timeout; + #endif + + int ret = WOLFSSL_SUCCESS; + (void)ret; + if (ctx == NULL) - return BAD_FUNC_ARG; + ret = BAD_FUNC_ARG; - if (to == 0) - to = WOLFSSL_SESSION_TIMEOUT; - ctx->timeout = to; + if (ret == WOLFSSL_SUCCESS) { + #if defined(WOLFSSL_ERROR_CODE_OPENSSL) + prev_timeout = ctx->timeout; + #endif + if (to == 0) { + ctx->timeout = WOLFSSL_SESSION_TIMEOUT; + } + else { + ctx->timeout = to; + } + } +#if defined(OPENSSL_EXTRA) && defined(HAVE_SESSION_TICKET) && \ + !defined(NO_WOLFSSL_SERVER) + if (ret == WOLFSSL_SUCCESS) { + if (to == 0) { + ret = wolfSSL_CTX_set_TicketHint(ctx, SESSION_TICKET_HINT_DEFAULT); + } + else { + ret = wolfSSL_CTX_set_TicketHint(ctx, to); + } + } +#endif /* OPENSSL_EXTRA && HAVE_SESSION_TICKET && !NO_WOLFSSL_SERVER */ - return WOLFSSL_SUCCESS; +#if defined(WOLFSSL_ERROR_CODE_OPENSSL) + if (ret == WOLFSSL_SUCCESS) { + return prev_timeout; + } + else { + return ret; + } +#else + return ret; +#endif /* WOLFSSL_ERROR_CODE_OPENSSL */ } diff --git a/tests/api.c b/tests/api.c index ad2c4849c..1a446f031 100644 --- a/tests/api.c +++ b/tests/api.c @@ -44671,6 +44671,37 @@ static void test_wolfSSL_EC_curve(void) #endif } +static void test_wolfSSL_CTX_set_timeout(void) +{ + int timeout; + (void)timeout; + printf(testingFmt, "test_wolfSSL_CTX_set_timeout()"); + + WOLFSSL_CTX* ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()); + AssertNotNull(ctx); + +#if defined(WOLFSSL_ERROR_CODE_OPENSSL) + /* in WOLFSSL_ERROR_CODE_OPENSSL macro guard, + * wolfSSL_CTX_set_timeout returns previous timeout value on success. + */ + AssertIntEQ(wolfSSL_CTX_set_timeout(NULL, 0), BAD_FUNC_ARG); + /* giving 0 as timeout value sets default timeout */ + timeout = wolfSSL_CTX_set_timeout(ctx, 0); + AssertIntEQ(wolfSSL_CTX_set_timeout(ctx, 20), timeout); + AssertIntEQ(wolfSSL_CTX_set_timeout(ctx, 30), 20); + +#else + + AssertIntEQ(wolfSSL_CTX_set_timeout(NULL, 0), BAD_FUNC_ARG); + AssertIntEQ(wolfSSL_CTX_set_timeout(ctx, 100), 1); + AssertIntEQ(wolfSSL_CTX_set_timeout(ctx, 0), 1); + +#endif + wolfSSL_CTX_free(ctx); + + printf(resultFmt, passed); +} + static void test_wolfSSL_OpenSSL_version(void) { #if defined(OPENSSL_EXTRA) @@ -45509,6 +45540,7 @@ void ApiTest(void) test_wolfSSL_security_level(); test_wolfSSL_SSL_in_init(); test_wolfSSL_EC_curve(); + test_wolfSSL_CTX_set_timeout(); test_wolfSSL_OpenSSL_version(); test_wolfSSL_set_psk_use_session_callback();