handshake: increase the default number of tickets we send to 2tmp-increase-nr-of-tickets

This makes it easier for clients which perform multiple connections
to the server to use the tickets sent by a default server. That's
because 2 tickets allow for 2 new connections (if one is using each
ticket once as recommended), which in turn lead to 4 new and so on.

Resolves: #596

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

5 files changed, 58 insertions, 31 deletions

diff --git a/lib/Makefile.am b/lib/Makefile.am
index 955ac683e7..fe9cf63a2f 100644
--- a/lib/Makefile.am
+++ b/lib/Makefile.am
@@ -111,11 +111,11 @@ if ENABLE_NETTLE
 SUBDIRS += nettle
 endif
 
-HFILES = abstract_int.h debug.h cipher.h	\
-	buffers.h errors.h gnutls_int.h dtls.h	\
-	handshake.h num.h algorithms.h		\
-	dh.h kx.h hash_int.h cipher_int.h	\
-	db.h auth.h hello_ext.h	\
+HFILES = abstract_int.h debug.h cipher.h	 \
+	buffers.h errors.h gnutls_int.h dtls.h	 \
+	handshake.h num.h algorithms.h		 \
+	dh.h kx.h hash_int.h cipher_int.h	 \
+	db.h auth.h hello_ext.h	handshake-defs.h \
 	x509_b64.h sslv2_compat.h datum.h \
 	mpi.h pk.h record.h		\
 	constate.h global.h tls-sig.h mem.h	\
diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
index ccbcc5b558..bfca84c96f 100644
--- a/lib/gnutls_int.h
+++ b/lib/gnutls_int.h
@@ -127,16 +127,9 @@ typedef struct {
 #define GNUTLS_MASTER_SIZE 48
 #define GNUTLS_RANDOM_SIZE 32
 
-#define HRR_RANDOM \
-	 "\xCF\x21\xAD\x74\xE5\x9A\x61\x11\xBE\x1D\x8C\x02\x1E\x65\xB8\x91" \
-	 "\xC2\xA2\x11\x16\x7A\xBB\x8C\x5E\x07\x9E\x09\xE2\xC8\xA8\x33\x9C"
-
 /* Under TLS1.3 a hello retry request is sent as server hello */
 #define REAL_HSK_TYPE(t) ((t)==GNUTLS_HANDSHAKE_HELLO_RETRY_REQUEST?GNUTLS_HANDSHAKE_SERVER_HELLO:t)
 
-/* Enable: Appendix D4.  Middlebox Compatibility Mode */
-#define TLS13_APPENDIX_D4 1
-
 /* DTLS */
 #define DTLS_RETRANS_TIMEOUT 1000
 
diff --git a/lib/handshake-defs.h b/lib/handshake-defs.h
new file mode 100644
index 0000000000..d322febc90
--- /dev/null
+++ b/lib/handshake-defs.h
@@ -0,0 +1,49 @@
+/*
+ * Copyright (C) 2019 Red Hat, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>
+ *
+ */
+#ifndef HANDSHAKE_DEFS_H
+#define HANDSHAKE_DEFS_H
+
+#define EARLY_TRAFFIC_LABEL "c e traffic"
+#define EXT_BINDER_LABEL "ext binder"
+#define RES_BINDER_LABEL "res binder"
+#define EARLY_EXPORTER_MASTER_LABEL "e exp master"
+#define HANDSHAKE_CLIENT_TRAFFIC_LABEL "c hs traffic"
+#define HANDSHAKE_SERVER_TRAFFIC_LABEL "s hs traffic"
+#define DERIVED_LABEL "derived"
+#define APPLICATION_CLIENT_TRAFFIC_LABEL "c ap traffic"
+#define APPLICATION_SERVER_TRAFFIC_LABEL "s ap traffic"
+#define APPLICATION_TRAFFIC_UPDATE "traffic upd"
+#define EXPORTER_MASTER_LABEL "exp master"
+#define RMS_MASTER_LABEL "res master"
+#define EXPORTER_LABEL "exp master"
+#define RESUMPTION_LABEL "resumption"
+
+#define HRR_RANDOM \
+	 "\xCF\x21\xAD\x74\xE5\x9A\x61\x11\xBE\x1D\x8C\x02\x1E\x65\xB8\x91" \
+	 "\xC2\xA2\x11\x16\x7A\xBB\x8C\x5E\x07\x9E\x09\xE2\xC8\xA8\x33\x9C"
+
+#define TLS13_TICKETS_TO_SEND 2
+
+/* Enable: Appendix D4.  Middlebox Compatibility Mode */
+#define TLS13_APPENDIX_D4 1
+
+#endif /* HANDSHAKE_DEFS_H */
diff --git a/lib/handshake-tls13.c b/lib/handshake-tls13.c
index 30a45986a7..33ed3afa3b 100644
--- a/lib/handshake-tls13.c
+++ b/lib/handshake-tls13.c
@@ -362,8 +362,6 @@ static int generate_hs_traffic_keys(gnutls_session_t session)
 	return 0;
 }
 
-#define TICKETS_TO_SEND 1
-
 /*
  * _gnutls13_handshake_server
  * This function does the server stuff of the handshake protocol.
@@ -510,7 +508,7 @@ int _gnutls13_handshake_server(gnutls_session_t session)
 			_gnutls_set_resumed_parameters(session);
 
 		if (session->internals.hsk_flags & HSK_EARLY_START_USED) {
-			ret = _gnutls13_send_session_ticket(session, TICKETS_TO_SEND,
+			ret = _gnutls13_send_session_ticket(session, TLS13_TICKETS_TO_SEND,
 							    AGAIN(STATE109));
 
 			STATE = STATE109;
@@ -566,7 +564,7 @@ int _gnutls13_handshake_server(gnutls_session_t session)
 		FALLTHROUGH;
 	case STATE115:
 		if (!(session->internals.hsk_flags & (HSK_TLS13_TICKET_SENT|HSK_EARLY_START_USED))) {
-			ret = _gnutls13_send_session_ticket(session, TICKETS_TO_SEND,
+			ret = _gnutls13_send_session_ticket(session, TLS13_TICKETS_TO_SEND,
 							    AGAIN(STATE115));
 			STATE = STATE115;
 			IMED_RET("send session ticket", ret, 0);
@@ -738,7 +736,7 @@ _gnutls13_recv_async_handshake(gnutls_session_t session)
  *
  * Sends a fresh session ticket to the peer. This is relevant only
  * in server side under TLS1.3. This function may also return %GNUTLS_E_AGAIN
- * or %GNUTLS_E_INTERRUPTED.
+ * or %GNUTLS_E_INTERRUPTED and in that case it must be called again.
  *
  * Returns: %GNUTLS_E_SUCCESS on success, or a negative error code.
  **/
diff --git a/lib/handshake.h b/lib/handshake.h
index 2d56219591..490e836fae 100644
--- a/lib/handshake.h
+++ b/lib/handshake.h
@@ -153,20 +153,7 @@ int _gnutls_handshake_get_session_hash(gnutls_session_t session, gnutls_datum_t
 int _gnutls_check_id_for_change(gnutls_session_t session);
 int _gnutls_check_if_cert_hash_is_same(gnutls_session_t session, gnutls_certificate_credentials_t cred);
 
-#define EARLY_TRAFFIC_LABEL "c e traffic"
-#define EXT_BINDER_LABEL "ext binder"
-#define RES_BINDER_LABEL "res binder"
-#define EARLY_EXPORTER_MASTER_LABEL "e exp master"
-#define HANDSHAKE_CLIENT_TRAFFIC_LABEL "c hs traffic"
-#define HANDSHAKE_SERVER_TRAFFIC_LABEL "s hs traffic"
-#define DERIVED_LABEL "derived"
-#define APPLICATION_CLIENT_TRAFFIC_LABEL "c ap traffic"
-#define APPLICATION_SERVER_TRAFFIC_LABEL "s ap traffic"
-#define APPLICATION_TRAFFIC_UPDATE "traffic upd"
-#define EXPORTER_MASTER_LABEL "exp master"
-#define RMS_MASTER_LABEL "res master"
-#define EXPORTER_LABEL "exp master"
-#define RESUMPTION_LABEL "resumption"
+#include "handshake-defs.h"
 
 int _gnutls_call_hook_func(gnutls_session_t session,
 			   gnutls_handshake_description_t type,