4 files changed, 94 insertions, 3 deletions
diff --git a/src/lib/libssl/man/SSL_CTX_set_num_tickets.3 b/src/lib/libssl/man/SSL_CTX_set_num_tickets.3
new file mode 100644
index 0000000000..8dacecf65b
--- /dev/null
+++ b/src/lib/libssl/man/SSL_CTX_set_num_tickets.3
@@ -0,0 +1,55 @@
+.\" $OpenBSD: SSL_CTX_set_num_tickets.3,v 1.1 2021/10/23 16:29:15 beck Exp $
+.\"
+.\" Copyright (c) 2021 Bob Beck <beck@openbsd.org>
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\"
+.Dd $Mdocdate: October 23 2021 $
+.Dt SSL_CTX_SET_NUM_TICKETS 3
+.Os
+.Sh NAME
+.Nm SSL_CTX_set_num_tickets ,
+.Nm SSL_CTX_get_num_tickets ,
+.Nm SSL_set_num_tickets ,
+.Nm SSL_get_num_tickets
+.Nd Set and get the number of TLS 1.3 session tickets to be sent
+.Sh SYNOPSIS
+.In openssl/ssl.h
+.Ft void
+.Fn SSL_CTX_set_num_tickets "SSL_CTX *ctx" "size_t num_tickets"
+.Ft SSL_CTX_get_num_tickets "const SSL_CTX *ctx"
+.Fn SSL_set_num_tickets "SSL *ssl" "size_t num_tickets"
+.Ft SSL_get_num_tickets "const SSL *ssl"
+.Sh DESCRIPTION
+These functions set, and retrieve, the configured number of session
+tickets from the respective objects.
+.Pp
+These functions are provided only for compatibility with OpenSSL.
+They have no effect in LibreSSL.
+.Sh RETURN VALUES
+.Fn SSL_CTX_set_num_tickets
+and
+.Fn SSL_set_num_tickets
+always return 1.
+.Pp
+.Fn SSL_CTX_get_num_tickets
+and
+.Fn SSL_get_num_tickets
+return the previously set number of tickets, or 0 if they have not been set.
+.Sh SEE ALSO
+.Xr ssl 3 ,
+.Xr SSL_CTX_new 3
+.Sh HISTORY
+These function first appeared in OpenSSL 1.1.1
+and have been available since
+.Ox 7.1 .
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h
index 1a0403c72b..a6ab4fc2f6 100644
--- a/src/lib/libssl/ssl.h
+++ b/src/lib/libssl/ssl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl.h,v 1.212 2021/10/23 15:30:44 beck Exp $ */
+/* $OpenBSD: ssl.h,v 1.213 2021/10/23 16:29:15 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -509,6 +509,10 @@ typedef void (*SSL_CTX_keylog_cb_func)(const SSL *ssl, const char *line);
 #if defined(LIBRESSL_NEW_API)
 void SSL_CTX_set_keylog_callback(SSL_CTX *ctx, SSL_CTX_keylog_cb_func cb);
 SSL_CTX_keylog_cb_func SSL_CTX_get_keylog_callback(const SSL_CTX *ctx);
+int SSL_set_num_tickets(SSL *s, size_t num_tickets);
+size_t SSL_get_num_tickets(const SSL *s);
+int SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets);
+size_t SSL_CTX_get_num_tickets(const SSL_CTX *ctx);
 #endif
 #ifndef LIBRESSL_INTERNAL
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index c48cee33b2..3c7bdfd265 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_lib.c,v 1.273 2021/10/23 16:11:30 tb Exp $ */
+/* $OpenBSD: ssl_lib.c,v 1.274 2021/10/23 16:29:15 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -265,6 +265,7 @@ SSL_new(SSL_CTX *ctx)
        s->internal->options = ctx->internal->options;
        s->internal->mode = ctx->internal->mode;
        s->internal->max_cert_list = ctx->internal->max_cert_list;
+        s->internal->num_tickets = ctx->internal->num_tickets;
        if ((s->cert = ssl_cert_dup(ctx->internal->cert)) == NULL)
                goto err;
@@ -784,6 +785,34 @@ SSL_CTX_get_keylog_callback(const SSL_CTX *ctx)
 }
 int
+SSL_set_num_tickets(SSL *s, size_t num_tickets)
+{
+        s->internal->num_tickets = num_tickets;
+        return 1;
+}
+size_t
+SSL_get_num_tickets(const SSL *s)
+{
+        return s->internal->num_tickets;
+}
+int
+SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets)
+{
+        ctx->internal->num_tickets = num_tickets;
+        return 1;
+}
+size_t
+SSL_CTX_get_num_tickets(const SSL_CTX *ctx)
+{
+        return ctx->internal->num_tickets;
+}
+int
 SSL_CTX_get_verify_mode(const SSL_CTX *ctx)
 {
        return (ctx->verify_mode);
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index ea1ee084a0..579899f464 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.364 2021/10/23 15:02:27 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.365 2021/10/23 16:29:15 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -849,6 +849,7 @@ typedef struct ssl_ctx_internal_st {
        size_t tlsext_supportedgroups_length;
        uint16_t *tlsext_supportedgroups; /* our list */
        SSL_CTX_keylog_cb_func keylog_callback; /* Unused. For OpenSSL compatibility. */
+        size_t num_tickets; /* Unused, for OpenSSL compatibility */
 } SSL_CTX_INTERNAL;
 struct ssl_ctx_st {
@@ -1028,6 +1029,8 @@ typedef struct ssl_internal_st {
        int mac_packet;
        int empty_record_count;
+        size_t num_tickets; /* Unused, for OpenSSL compatibility */
 } SSL_INTERNAL;
 struct ssl_st {

diff --git a/src/lib/libssl/man/SSL_CTX_set_num_tickets.3 b/src/lib/libssl/man/SSL_CTX_set_num_tickets.3 new file mode 100644 index 0000000000..8dacecf65b --- /dev/null +++ b/src/lib/libssl/man/SSL_CTX_set_num_tickets.3
@@ -0,0 +1,55 @@
		1	.\" $OpenBSD: SSL_CTX_set_num_tickets.3,v 1.1 2021/10/23 16:29:15 beck Exp $
		2	.\"
		3	.\" Copyright (c) 2021 Bob Beck <beck@openbsd.org>
		4	.\"
		5	.\" Permission to use, copy, modify, and distribute this software for any
		6	.\" purpose with or without fee is hereby granted, provided that the above
		7	.\" copyright notice and this permission notice appear in all copies.
		8	.\"
		9	.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
		10	.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
		11	.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
		12	.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
		13	.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
		14	.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
		15	.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
		16	.\"
		17	.Dd $Mdocdate: October 23 2021 $
		18	.Dt SSL_CTX_SET_NUM_TICKETS 3
		19	.Os
		20	.Sh NAME
		21	.Nm SSL_CTX_set_num_tickets ,
		22	.Nm SSL_CTX_get_num_tickets ,
		23	.Nm SSL_set_num_tickets ,
		24	.Nm SSL_get_num_tickets
		25	.Nd Set and get the number of TLS 1.3 session tickets to be sent
		26	.Sh SYNOPSIS
		27	.In openssl/ssl.h
		28	.Ft void
		29	.Fn SSL_CTX_set_num_tickets "SSL_CTX *ctx" "size_t num_tickets"
		30	.Ft SSL_CTX_get_num_tickets "const SSL_CTX *ctx"
		31	.Fn SSL_set_num_tickets "SSL *ssl" "size_t num_tickets"
		32	.Ft SSL_get_num_tickets "const SSL *ssl"
		33	.Sh DESCRIPTION
		34	These functions set, and retrieve, the configured number of session
		35	tickets from the respective objects.
		36	.Pp
		37	These functions are provided only for compatibility with OpenSSL.
		38	They have no effect in LibreSSL.
		39	.Sh RETURN VALUES
		40	.Fn SSL_CTX_set_num_tickets
		41	and
		42	.Fn SSL_set_num_tickets
		43	always return 1.
		44	.Pp
		45	.Fn SSL_CTX_get_num_tickets
		46	and
		47	.Fn SSL_get_num_tickets
		48	return the previously set number of tickets, or 0 if they have not been set.
		49	.Sh SEE ALSO
		50	.Xr ssl 3 ,
		51	.Xr SSL_CTX_new 3
		52	.Sh HISTORY
		53	These function first appeared in OpenSSL 1.1.1
		54	and have been available since
		55	.Ox 7.1 .


diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h index 1a0403c72b..a6ab4fc2f6 100644 --- a/src/lib/libssl/ssl.h +++ b/src/lib/libssl/ssl.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl.h,v 1.212 2021/10/23 15:30:44 beck Exp $ */	1	/* $OpenBSD: ssl.h,v 1.213 2021/10/23 16:29:15 beck Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -509,6 +509,10 @@ typedef void (SSL_CTX_keylog_cb_func)(const SSL ssl, const char *line);
509	#if defined(LIBRESSL_NEW_API)	509	#if defined(LIBRESSL_NEW_API)
510	void SSL_CTX_set_keylog_callback(SSL_CTX *ctx, SSL_CTX_keylog_cb_func cb);	510	void SSL_CTX_set_keylog_callback(SSL_CTX *ctx, SSL_CTX_keylog_cb_func cb);
511	SSL_CTX_keylog_cb_func SSL_CTX_get_keylog_callback(const SSL_CTX *ctx);	511	SSL_CTX_keylog_cb_func SSL_CTX_get_keylog_callback(const SSL_CTX *ctx);
		512	int SSL_set_num_tickets(SSL *s, size_t num_tickets);
		513	size_t SSL_get_num_tickets(const SSL *s);
		514	int SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets);
		515	size_t SSL_CTX_get_num_tickets(const SSL_CTX *ctx);
512	#endif	516	#endif
513		517
514	#ifndef LIBRESSL_INTERNAL	518	#ifndef LIBRESSL_INTERNAL


diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c index c48cee33b2..3c7bdfd265 100644 --- a/src/lib/libssl/ssl_lib.c +++ b/src/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_lib.c,v 1.273 2021/10/23 16:11:30 tb Exp $ */	1	/* $OpenBSD: ssl_lib.c,v 1.274 2021/10/23 16:29:15 beck Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -265,6 +265,7 @@ SSL_new(SSL_CTX *ctx)
265	s->internal->options = ctx->internal->options;	265	s->internal->options = ctx->internal->options;
266	s->internal->mode = ctx->internal->mode;	266	s->internal->mode = ctx->internal->mode;
267	s->internal->max_cert_list = ctx->internal->max_cert_list;	267	s->internal->max_cert_list = ctx->internal->max_cert_list;
		268	s->internal->num_tickets = ctx->internal->num_tickets;
268		269
269	if ((s->cert = ssl_cert_dup(ctx->internal->cert)) == NULL)	270	if ((s->cert = ssl_cert_dup(ctx->internal->cert)) == NULL)
270	goto err;	271	goto err;
@@ -784,6 +785,34 @@ SSL_CTX_get_keylog_callback(const SSL_CTX *ctx)
784	}	785	}
785		786
786	int	787	int
		788	SSL_set_num_tickets(SSL *s, size_t num_tickets)
		789	{
		790	s->internal->num_tickets = num_tickets;
		791
		792	return 1;
		793	}
		794
		795	size_t
		796	SSL_get_num_tickets(const SSL *s)
		797	{
		798	return s->internal->num_tickets;
		799	}
		800
		801	int
		802	SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets)
		803	{
		804	ctx->internal->num_tickets = num_tickets;
		805
		806	return 1;
		807	}
		808
		809	size_t
		810	SSL_CTX_get_num_tickets(const SSL_CTX *ctx)
		811	{
		812	return ctx->internal->num_tickets;
		813	}
		814
		815	int
787	SSL_CTX_get_verify_mode(const SSL_CTX *ctx)	816	SSL_CTX_get_verify_mode(const SSL_CTX *ctx)
788	{	817	{
789	return (ctx->verify_mode);	818	return (ctx->verify_mode);


diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h index ea1ee084a0..579899f464 100644 --- a/src/lib/libssl/ssl_locl.h +++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_locl.h,v 1.364 2021/10/23 15:02:27 jsing Exp $ */	1	/* $OpenBSD: ssl_locl.h,v 1.365 2021/10/23 16:29:15 beck Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -849,6 +849,7 @@ typedef struct ssl_ctx_internal_st {
849	size_t tlsext_supportedgroups_length;	849	size_t tlsext_supportedgroups_length;
850	uint16_t tlsext_supportedgroups; / our list */	850	uint16_t tlsext_supportedgroups; / our list */
851	SSL_CTX_keylog_cb_func keylog_callback; /* Unused. For OpenSSL compatibility. */	851	SSL_CTX_keylog_cb_func keylog_callback; /* Unused. For OpenSSL compatibility. */
		852	size_t num_tickets; /* Unused, for OpenSSL compatibility */
852	} SSL_CTX_INTERNAL;	853	} SSL_CTX_INTERNAL;
853		854
854	struct ssl_ctx_st {	855	struct ssl_ctx_st {
@@ -1028,6 +1029,8 @@ typedef struct ssl_internal_st {
1028	int mac_packet;	1029	int mac_packet;
1029		1030
1030	int empty_record_count;	1031	int empty_record_count;
		1032
		1033	size_t num_tickets; /* Unused, for OpenSSL compatibility */
1031	} SSL_INTERNAL;	1034	} SSL_INTERNAL;
1032		1035
1033	struct ssl_st {	1036	struct ssl_st {