adjust type for max tickets variable and number sent with WOLFSSL_TLS13_TICKET_BEFORE_FINISHED macro

2021-08-26 15:45:21 -06:00 · 2021-08-26 15:45:21 -06:00 · a52df87c8a
commit a52df87c8a
parent 1a8109f77d
3 changed files with 12 additions and 14 deletions
--- a/src/ssl.c
+++ b/src/ssl.c
@ -3038,7 +3038,7 @@ int wolfSSL_CTX_set_num_tickets(WOLFSSL_CTX* ctx, size_t mxTickets)
    if (ctx == NULL)
        return WOLFSSL_FAILURE;

-    ctx->maxTicketTls13 = mxTickets;
+    ctx->maxTicketTls13 = (unsigned int)mxTickets;
    return WOLFSSL_SUCCESS;
 }

@ -3050,7 +3050,7 @@ size_t wolfSSL_CTX_get_num_tickets(WOLFSSL_CTX* ctx)
    if (ctx == NULL)
        return 0;

-    return ctx->maxTicketTls13;
+    return (size_t)ctx->maxTicketTls13;
 }
 #endif /* !NO_WOLFSSL_SERVER */

--- a/src/tls13.c
+++ b/src/tls13.c
@ -9168,9 +9168,6 @@ const char* wolfSSL_get_cipher_name_by_hash(WOLFSSL* ssl, const char* hash)
 */
 int wolfSSL_accept_TLSv13(WOLFSSL* ssl)
 {
-#ifdef HAVE_SESSION_TICKET
-    byte ticketsSent; /* count for number of tickets sent */
-#endif
 #if !defined(NO_CERTS) && (defined(HAVE_SESSION_TICKET) || !defined(NO_PSK))
    word16 havePSK = 0;
 #endif
@ -9432,6 +9429,7 @@ int wolfSSL_accept_TLSv13(WOLFSSL* ssl)
                    return WOLFSSL_FATAL_ERROR;
                }
            }
+            ssl->options.ticketsSent = 1;
    #endif
 #endif /* HAVE_SESSION_TICKET */
            ssl->options.acceptState = TLS13_PRE_TICKET_SENT;
@ -9451,13 +9449,7 @@ int wolfSSL_accept_TLSv13(WOLFSSL* ssl)

        case TLS13_ACCEPT_FINISHED_DONE :
 #ifdef HAVE_SESSION_TICKET
-            for (ticketsSent = 0; ticketsSent < ssl->options.maxTicketTls13;
-                    ticketsSent++) {
-        #ifdef WOLFSSL_TLS13_TICKET_BEFORE_FINISHED
-                if (!ssl->options.verifyPeer) {
-                }
-                else
-        #endif
+            while (ssl->options.ticketsSent < ssl->options.maxTicketTls13) {
                if (!ssl->options.noTicketTls13 && ssl->ctx->ticketEncCb
                        != NULL) {
                    if ((ssl->error = SendTls13NewSessionTicket(ssl)) != 0) {
@ -9465,6 +9457,7 @@ int wolfSSL_accept_TLSv13(WOLFSSL* ssl)
                        return WOLFSSL_FATAL_ERROR;
                    }
                }
+                ssl->options.ticketsSent++;

                /* only one session ticket is sent on session resumption */
                if (ssl->options.resuming) {
--- a/wolfssl/internal.h
+++ b/wolfssl/internal.h
@ -2841,7 +2841,9 @@ struct WOLFSSL_CTX {
    byte        noTicketTls12:1;  /* TLS 1.2 server won't send ticket */
 #endif
 #ifdef WOLFSSL_TLS13
-    byte        maxTicketTls13;   /* maximum number of tickets to send */
+    #if defined(HAVE_SESSION_TICKET) && !defined(NO_WOLFSSL_SERVER)
+    unsigned int maxTicketTls13;  /* maximum number of tickets to send */
+    #endif
    byte        noTicketTls13:1;  /* TLS 1.3 Server won't create new Ticket */
    byte        noPskDheKe:1;     /* Don't use (EC)DHE with PSK */
 #endif
@ -3568,6 +3570,10 @@ typedef struct Options {
 #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) || defined(WOLFSSL_WPAS_SMALL)
    unsigned long     mask; /* store SSL_OP_ flags */
 #endif
+#if defined(HAVE_SESSION_TICKET) && defined(WOLFSSL_TLS13)
+    unsigned int      maxTicketTls13;  /* maximum number of tickets to send */
+    unsigned int      ticketsSent;     /* keep track of the total sent */
+#endif

    /* on/off or small bit flags, optimize layout */
 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
@ -3627,7 +3633,6 @@ typedef struct Options {
    word16            rejectTicket:1;     /* Callback rejected ticket */
    word16            noTicketTls12:1;    /* TLS 1.2 server won't send ticket */
 #ifdef WOLFSSL_TLS13
-    byte              maxTicketTls13;     /* maximum number of tickets to send */
    word16            noTicketTls13:1;    /* Server won't create new Ticket */
 #endif
 #endif