stub set tls ext ticket callbacks

cpu · cpu · commit 0e434a25e36b · 2024-06-27T11:28:45.000-04:00
The `SSL_CTX_set_tlsext_ticket_key_cb` and
`SSL_CTX_set_tlsext_ticket_key_evp_cb` API functions can be used to set
up callbacks for managing TLS session tickets. Implementing this
properly will be challenging as they take `EVP_CIPHER_CTX` and
`EVP_MAC_CTX` arguments and expect the caller to do a lot of the
heavy-lifting.

For now let's stub it and see how far we can get by just opaquely
handling TLS session tickets internal to Rustls w/ our own ticketer.
diff --git a/rustls-libssl/src/entry.rs b/rustls-libssl/src/entry.rs
@@ -218,7 +218,9 @@ entry! {
                 C_INT_SUCCESS as c_long
             }
             Ok(SslCtrl::GetMaxProtoVersion) => ctx.get().get_max_protocol_version().into(),
-            Ok(SslCtrl::SetTlsExtHostname) | Ok(SslCtrl::SetTlsExtServerNameCallback) => {
+            Ok(SslCtrl::SetTlsExtHostname)
+            | Ok(SslCtrl::SetTlsExtServerNameCallback)
+            | Ok(SslCtrl::SetTlsExtTicketKeyCallback) => {
                 // not a defined operation in the OpenSSL API
                 0
             }
@@ -635,6 +637,10 @@ entry! {
                 ctx.get_mut().set_servername_callback(fp);
                 C_INT_SUCCESS as c_long
             }
+            Ok(SslCtrl::SetTlsExtTicketKeyCallback) => {
+                log::warn!("ignoring tls ext ticket key callback");
+                C_INT_SUCCESS as c_long
+            }
             _ => 0,
         }
     }
@@ -855,6 +861,7 @@ entry! {
             }
             // not a defined operation in the OpenSSL API
             Ok(SslCtrl::SetTlsExtServerNameCallback)
+            | Ok(SslCtrl::SetTlsExtTicketKeyCallback)
             | Ok(SslCtrl::SetTlsExtServerNameArg)
             | Ok(SslCtrl::SetSessCacheSize)
             | Ok(SslCtrl::GetSessCacheSize)
@@ -1885,6 +1892,7 @@ num_enum! {
         SetTlsExtServerNameCallback = 53,
         SetTlsExtServerNameArg = 54,
         SetTlsExtHostname = 55,
+        SetTlsExtTicketKeyCallback = 72,
         SetChain = 88,
         SetMinProtoVersion = 123,
         SetMaxProtoVersion = 124,

Original file line number	Diff line number	Diff line change
`@@ -218,7 +218,9 @@ entry! {`
`218`	`218`	`C_INT_SUCCESS as c_long`
`219`	`219`	`}`
`220`	`220`	`Ok(SslCtrl::GetMaxProtoVersion) => ctx.get().get_max_protocol_version().into(),`
`221`		`- Ok(SslCtrl::SetTlsExtHostname) \| Ok(SslCtrl::SetTlsExtServerNameCallback) => {`
	`221`	`+ Ok(SslCtrl::SetTlsExtHostname)`
	`222`	`+ \| Ok(SslCtrl::SetTlsExtServerNameCallback)`
	`223`	`+ \| Ok(SslCtrl::SetTlsExtTicketKeyCallback) => {`
`222`	`224`	`// not a defined operation in the OpenSSL API`
`223`	`225`	`0`
`224`	`226`	`}`
`@@ -635,6 +637,10 @@ entry! {`
`635`	`637`	`ctx.get_mut().set_servername_callback(fp);`
`636`	`638`	`C_INT_SUCCESS as c_long`
`637`	`639`	`}`
	`640`	`+ Ok(SslCtrl::SetTlsExtTicketKeyCallback) => {`
	`641`	`+ log::warn!("ignoring tls ext ticket key callback");`
	`642`	`+ C_INT_SUCCESS as c_long`
	`643`	`+ }`
`638`	`644`	`_ => 0,`
`639`	`645`	`}`
`640`	`646`	`}`
`@@ -855,6 +861,7 @@ entry! {`
`855`	`861`	`}`
`856`	`862`	`// not a defined operation in the OpenSSL API`
`857`	`863`	`Ok(SslCtrl::SetTlsExtServerNameCallback)`
	`864`	`+ \| Ok(SslCtrl::SetTlsExtTicketKeyCallback)`
`858`	`865`	`\| Ok(SslCtrl::SetTlsExtServerNameArg)`
`859`	`866`	`\| Ok(SslCtrl::SetSessCacheSize)`
`860`	`867`	`\| Ok(SslCtrl::GetSessCacheSize)`
`@@ -1885,6 +1892,7 @@ num_enum! {`
`1885`	`1892`	`SetTlsExtServerNameCallback = 53,`
`1886`	`1893`	`SetTlsExtServerNameArg = 54,`
`1887`	`1894`	`SetTlsExtHostname = 55,`
	`1895`	`+ SetTlsExtTicketKeyCallback = 72,`
`1888`	`1896`	`SetChain = 88,`
`1889`	`1897`	`SetMinProtoVersion = 123,`
`1890`	`1898`	`SetMaxProtoVersion = 124,`