Commit c2f9648d authored by Matt Caswell's avatar Matt Caswell
Browse files

Add the ability for s_server to operate statelessly 



Reviewed-by: default avatarBen Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4435)
parent e9359719

apps/s_server.c

+68 −52
Original line number Diff line number Diff line
@@ -114,6 +114,7 @@ static long socket_mtu; 
 * code.

 */

static int dtlslisten = 0;

static int stateless = 0;



static int early_data = 0;

static SSL_SESSION *psksess = NULL;
@@ -751,7 +752,7 @@ typedef enum OPTION_choice { 
    OPT_UPPER_WWW, OPT_HTTP, OPT_ASYNC, OPT_SSL_CONFIG,

    OPT_MAX_SEND_FRAG, OPT_SPLIT_SEND_FRAG, OPT_MAX_PIPELINES, OPT_READ_BUF,

    OPT_SSL3, OPT_TLS1_3, OPT_TLS1_2, OPT_TLS1_1, OPT_TLS1, OPT_DTLS, OPT_DTLS1,

    OPT_DTLS1_2, OPT_SCTP, OPT_TIMEOUT, OPT_MTU, OPT_LISTEN,

    OPT_DTLS1_2, OPT_SCTP, OPT_TIMEOUT, OPT_MTU, OPT_LISTEN, OPT_STATELESS,

    OPT_ID_PREFIX, OPT_SERVERNAME, OPT_SERVERNAME_FATAL,

    OPT_CERT2, OPT_KEY2, OPT_NEXTPROTONEG, OPT_ALPN,

    OPT_SRTP_PROFILES, OPT_KEYMATEXPORT, OPT_KEYMATEXPORTLEN,
@@ -933,6 +934,7 @@ const OPTIONS s_server_options[] = { 
    {"listen", OPT_LISTEN, '-',

     "Listen for a DTLS ClientHello with a cookie and then connect"},

#endif

    {"stateless", OPT_STATELESS, '-', "Require TLSv1.3 cookies"},

#ifndef OPENSSL_NO_DTLS1

    {"dtls1", OPT_DTLS1, '-', "Just talk DTLSv1"},

#endif
@@ -1496,6 +1498,9 @@ int s_server_main(int argc, char *argv[]) 
            dtlslisten = 1;

#endif

            break;

        case OPT_STATELESS:

            stateless = 1;

            break;

        case OPT_ID_PREFIX:

            session_id_prefix = opt_arg();

            break;
@@ -1588,6 +1593,11 @@ int s_server_main(int argc, char *argv[]) 
    }

#endif



    if (stateless && socket_type != SOCK_STREAM) {

        BIO_printf(bio_err, "Can only use --stateless with TLS\n");

        goto end;

    }



#ifdef AF_UNIX

    if (socket_family == AF_UNIX && socket_type != SOCK_STREAM) {

        BIO_printf(bio_err,
@@ -2691,19 +2701,23 @@ static int init_ssl_connection(SSL *con) 
    long verify_err;

    int retry = 0;



#ifndef OPENSSL_NO_DTLS

    if (dtlslisten) {

    if (dtlslisten || stateless) {

        BIO_ADDR *client = NULL;



        if (dtlslisten) {

            if ((client = BIO_ADDR_new()) == NULL) {

                BIO_printf(bio_err, "ERROR - memory\n");

                return 0;

            }

            i = DTLSv1_listen(con, client);

        } else {

            i = SSL_stateless(con);

        }

        if (i > 0) {

            BIO *wbio;

            int fd = -1;



            if (dtlslisten) {

                wbio = SSL_get_wbio(con);

                if (wbio) {

                    BIO_get_fd(wbio, &fd);
@@ -2716,13 +2730,14 @@ static int init_ssl_connection(SSL *con) 
                }

                BIO_ADDR_free(client);

                dtlslisten = 0;

            } else {

                stateless = 0;

            }

            i = SSL_accept(con);

        } else {

            BIO_ADDR_free(client);

        }

    } else

#endif



    } else {

        do {

            i = SSL_accept(con);
@@ -2762,10 +2777,11 @@ static int init_ssl_connection(SSL *con) 
            }

#endif

        } while (i < 0 && SSL_waiting_for_async(con));

    }



    if (i <= 0) {

        if ((dtlslisten && i == 0)

                || (!dtlslisten && retry)) {

        if (((dtlslisten || stateless) && i == 0)

                || (!dtlslisten && !stateless && retry)) {

            BIO_printf(bio_s_out, "DELAY\n");

            return 1;

        }