From 8095b13035d3c80c255344b9166e7f4ff88e61e3 Mon Sep 17 00:00:00 2001
From: beck <beck@openbsd.org>
Date: Sat, 23 Oct 2021 16:29:15 +0000
Subject: [PATCH] Add new OpenSSL API SSL_CTX_set_num_tickets and friends.

Since we don't support session tickets in LibreSSL at the moment
these functions currently do not have any effect.

Again, symbols will appear with tb@'s reptar sized bump..

ok tb@
---
 lib/libssl/man/SSL_CTX_set_num_tickets.3 | 55 ++++++++++++++++++++++++
 lib/libssl/ssl.h                         |  6 ++-
 lib/libssl/ssl_lib.c                     | 31 ++++++++++++-
 lib/libssl/ssl_locl.h                    |  5 ++-
 4 files changed, 94 insertions(+), 3 deletions(-)
 create mode 100644 lib/libssl/man/SSL_CTX_set_num_tickets.3

diff --git a/lib/libssl/man/SSL_CTX_set_num_tickets.3 b/lib/libssl/man/SSL_CTX_set_num_tickets.3
new file mode 100644
index 00000000000..8dacecf65b3
--- /dev/null
+++ b/lib/libssl/man/SSL_CTX_set_num_tickets.3
@@ -0,0 +1,55 @@
+.\" $OpenBSD: SSL_CTX_set_num_tickets.3,v 1.1 2021/10/23 16:29:15 beck Exp $
+.\"
+.\" Copyright (c) 2021 Bob Beck <beck@openbsd.org>
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\"
+.Dd $Mdocdate: October 23 2021 $
+.Dt SSL_CTX_SET_NUM_TICKETS 3
+.Os
+.Sh NAME
+.Nm SSL_CTX_set_num_tickets ,
+.Nm SSL_CTX_get_num_tickets ,
+.Nm SSL_set_num_tickets ,
+.Nm SSL_get_num_tickets
+.Nd Set and get the number of TLS 1.3 session tickets to be sent
+.Sh SYNOPSIS
+.In openssl/ssl.h
+.Ft void
+.Fn SSL_CTX_set_num_tickets "SSL_CTX *ctx" "size_t num_tickets"
+.Ft SSL_CTX_get_num_tickets "const SSL_CTX *ctx"
+.Fn SSL_set_num_tickets "SSL *ssl" "size_t num_tickets"
+.Ft SSL_get_num_tickets "const SSL *ssl"
+.Sh DESCRIPTION
+These functions set, and retrieve, the configured number of session
+tickets from the respective objects.
+.Pp
+These functions are provided only for compatibility with OpenSSL.
+They have no effect in LibreSSL.
+.Sh RETURN VALUES
+.Fn SSL_CTX_set_num_tickets
+and
+.Fn SSL_set_num_tickets
+always return 1.
+.Pp
+.Fn SSL_CTX_get_num_tickets
+and
+.Fn SSL_get_num_tickets
+return the previously set number of tickets, or 0 if they have not been set.
+.Sh SEE ALSO
+.Xr ssl 3 ,
+.Xr SSL_CTX_new 3
+.Sh HISTORY
+These function first appeared in OpenSSL 1.1.1
+and have been available since
+.Ox 7.1 .
diff --git a/lib/libssl/ssl.h b/lib/libssl/ssl.h
index 1a0403c72b1..a6ab4fc2f63 100644
--- a/lib/libssl/ssl.h
+++ b/lib/libssl/ssl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl.h,v 1.212 2021/10/23 15:30:44 beck Exp $ */
+/* $OpenBSD: ssl.h,v 1.213 2021/10/23 16:29:15 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -509,6 +509,10 @@ typedef void (*SSL_CTX_keylog_cb_func)(const SSL *ssl, const char *line);
 #if defined(LIBRESSL_NEW_API)
 void SSL_CTX_set_keylog_callback(SSL_CTX *ctx, SSL_CTX_keylog_cb_func cb);
 SSL_CTX_keylog_cb_func SSL_CTX_get_keylog_callback(const SSL_CTX *ctx);
+int SSL_set_num_tickets(SSL *s, size_t num_tickets);
+size_t SSL_get_num_tickets(const SSL *s);
+int SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets);
+size_t SSL_CTX_get_num_tickets(const SSL_CTX *ctx);
 #endif
 
 #ifndef LIBRESSL_INTERNAL
diff --git a/lib/libssl/ssl_lib.c b/lib/libssl/ssl_lib.c
index c48cee33b29..3c7bdfd265d 100644
--- a/lib/libssl/ssl_lib.c
+++ b/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_lib.c,v 1.273 2021/10/23 16:11:30 tb Exp $ */
+/* $OpenBSD: ssl_lib.c,v 1.274 2021/10/23 16:29:15 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -265,6 +265,7 @@ SSL_new(SSL_CTX *ctx)
 	s->internal->options = ctx->internal->options;
 	s->internal->mode = ctx->internal->mode;
 	s->internal->max_cert_list = ctx->internal->max_cert_list;
+	s->internal->num_tickets = ctx->internal->num_tickets;
 
 	if ((s->cert = ssl_cert_dup(ctx->internal->cert)) == NULL)
 		goto err;
@@ -783,6 +784,34 @@ SSL_CTX_get_keylog_callback(const SSL_CTX *ctx)
 	return (ctx->internal->keylog_callback);
 }
 
+int
+SSL_set_num_tickets(SSL *s, size_t num_tickets)
+{
+	s->internal->num_tickets = num_tickets;
+
+	return 1;
+}
+
+size_t
+SSL_get_num_tickets(const SSL *s)
+{
+	return s->internal->num_tickets;
+}
+
+int
+SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets)
+{
+	ctx->internal->num_tickets = num_tickets;
+
+	return 1;
+}
+
+size_t
+SSL_CTX_get_num_tickets(const SSL_CTX *ctx)
+{
+	return ctx->internal->num_tickets;
+}
+
 int
 SSL_CTX_get_verify_mode(const SSL_CTX *ctx)
 {
diff --git a/lib/libssl/ssl_locl.h b/lib/libssl/ssl_locl.h
index ea1ee084a08..579899f4643 100644
--- a/lib/libssl/ssl_locl.h
+++ b/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.364 2021/10/23 15:02:27 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.365 2021/10/23 16:29:15 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -849,6 +849,7 @@ typedef struct ssl_ctx_internal_st {
 	size_t tlsext_supportedgroups_length;
 	uint16_t *tlsext_supportedgroups; /* our list */
 	SSL_CTX_keylog_cb_func keylog_callback; /* Unused. For OpenSSL compatibility. */
+	size_t num_tickets; /* Unused, for OpenSSL compatibility */
 } SSL_CTX_INTERNAL;
 
 struct ssl_ctx_st {
@@ -1028,6 +1029,8 @@ typedef struct ssl_internal_st {
 	int mac_packet;
 
 	int empty_record_count;
+
+	size_t num_tickets; /* Unused, for OpenSSL compatibility */
 } SSL_INTERNAL;
 
 struct ssl_st {
-- 
2.20.1