gnutls_session_ticket_send: new function

Introduced in order for a server to be able to send an arbitrary
amount of tickets, at any time.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

5 files changed, 57 insertions, 1 deletions

diff --git a/NEWS b/NEWS
index 707ada24e1..53c9601d21 100644
--- a/NEWS
+++ b/NEWS
@@ -60,6 +60,7 @@ See the end for copying conditions.
 ** API and ABI modifications:
 gnutls_fips140_set_mode: Added
 gnutls_session_key_update: Added
+gnutls_session_ticket_send: Added
 gnutls_ext_get_current_msg: Added
 gnutls_reauth: Added
 gnutls_ocsp_status_request_get2: Added
diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
index cc2003ae5f..367dbff83e 100644
--- a/lib/gnutls_int.h
+++ b/lib/gnutls_int.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2000-2016 Free Software Foundation, Inc.
- * Copyright (C) 2015-2017 Red Hat, Inc.
+ * Copyright (C) 2015-2018 Red Hat, Inc.
  *
  * Author: Nikos Mavrogiannopoulos
  *
@@ -277,11 +277,16 @@ typedef enum bye_state_t {
 	BYE_STATE0 = 0, BYE_STATE1, BYE_STATE2
 } bye_state_t;
 
+typedef enum send_ticket_state_t {
+	TICKET_STATE0 = 0, TICKET_STATE1
+} send_ticket_state_t;
+
 typedef enum reauth_state_t {
 	REAUTH_STATE0 = 0, REAUTH_STATE1, REAUTH_STATE2, REAUTH_STATE3,
 	REAUTH_STATE4, REAUTH_STATE5
 } reauth_state_t;
 
+#define TICKET_STATE session->internals.ticket_state
 #define BYE_STATE session->internals.bye_state
 #define REAUTH_STATE session->internals.reauth_state
 
@@ -1023,6 +1028,7 @@ typedef struct {
 						 * message */
 	bool resumable;	/* TRUE or FALSE - if we can resume that session */
 
+	send_ticket_state_t ticket_state; /* used by gnutls_session_ticket_send() */
 	bye_state_t bye_state; /* used by gnutls_bye() */
 	reauth_state_t reauth_state; /* used by gnutls_reauth() */
 
diff --git a/lib/handshake-tls13.c b/lib/handshake-tls13.c
index effc260566..2ebf20af5f 100644
--- a/lib/handshake-tls13.c
+++ b/lib/handshake-tls13.c
@@ -487,3 +487,49 @@ _gnutls13_recv_async_handshake(gnutls_session_t session, gnutls_buffer_st *buf)
 	return 0;
 }
 
+/**
+ * gnutls_session_ticket_send:
+ * @session: is a #gnutls_session_t type.
+ * @flags: must be zero
+ *
+ * Sends a fresh session ticket to the peer. This is relevant only
+ * in server side under TLS1.3. This function may also return %GNUTLS_E_AGAIN
+ * or %GNUTLS_E_INTERRUPTED.
+ *
+ * Returns: %GNUTLS_E_SUCCESS on success, or a negative error code.
+ **/
+int gnutls_session_ticket_send(gnutls_session_t session, unsigned flags)
+{
+	int ret = 0;
+	const version_entry_st *vers = get_version(session);
+
+	if (!vers->tls13_sem || session->security_parameters.entity == GNUTLS_CLIENT)
+		return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+	switch (TICKET_STATE) {
+	case TICKET_STATE0:
+		ret = _gnutls_io_write_flush(session);
+		TICKET_STATE = TICKET_STATE0;
+		if (ret < 0) {
+			gnutls_assert();
+			return ret;
+		}
+		/* fall through */
+	case TICKET_STATE1:
+		ret =
+		    _gnutls13_send_session_ticket(session, TICKET_STATE==TICKET_STATE1?1:0);
+		TICKET_STATE = TICKET_STATE1;
+		if (ret < 0) {
+			gnutls_assert();
+			return ret;
+		}
+		break;
+	default:
+		gnutls_assert();
+		return GNUTLS_E_INTERNAL_ERROR;
+	}
+
+	TICKET_STATE = TICKET_STATE0;
+
+	return 0;
+}
diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in
index b4f909873d..be350ecb15 100644
--- a/lib/includes/gnutls/gnutls.h.in
+++ b/lib/includes/gnutls/gnutls.h.in
@@ -1396,6 +1396,8 @@ int gnutls_session_ticket_enable_client(gnutls_session_t session);
 int gnutls_session_ticket_enable_server(gnutls_session_t session,
 					const gnutls_datum_t * key);
 
+int gnutls_session_ticket_send(gnutls_session_t session, unsigned flags);
+
   /* SRTP, RFC 5764 */
 
 /**
diff --git a/lib/libgnutls.map b/lib/libgnutls.map
index bcde6c177b..cfbd58c40e 100644
--- a/lib/libgnutls.map
+++ b/lib/libgnutls.map
@@ -1219,6 +1219,7 @@ GNUTLS_3_6_3
 	gnutls_pcert_list_import_x509_file;
 	gnutls_pkcs11_token_get_ptr;
 	gnutls_pkcs11_obj_get_ptr;
+	gnutls_session_ticket_send;
 } GNUTLS_3_6_2;
 
 GNUTLS_FIPS140_3_4 {