Add the SSL_stateless() function
authorMatt Caswell <matt@openssl.org>
Wed, 13 Sep 2017 12:48:48 +0000 (13:48 +0100)
committerMatt Caswell <matt@openssl.org>
Wed, 24 Jan 2018 18:02:36 +0000 (18:02 +0000)
This enables sending and receiving of the TLSv1.3 cookie on the server side
as appropriate.

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4435)

include/openssl/ssl.h
ssl/ssl_lib.c
util/libssl.num

index 7aa98da..cfb0696 100644 (file)
@@ -1753,6 +1753,7 @@ __owur int SSL_get_changed_async_fds(SSL *s, OSSL_ASYNC_FD *addfd,
                                      size_t *numdelfds);
 # endif
 __owur int SSL_accept(SSL *ssl);
+__owur int SSL_stateless(SSL *s);
 __owur int SSL_connect(SSL *ssl);
 __owur int SSL_read(SSL *ssl, void *buf, int num);
 __owur int SSL_read_ex(SSL *ssl, void *buf, size_t num, size_t *readbytes);
index 1457fc6..b0d016a 100644 (file)
@@ -5295,3 +5295,20 @@ __owur unsigned int ssl_get_split_send_fragment(const SSL *ssl)
     /* return current SSL connection setting */
     return ssl->split_send_fragment;
 }
+
+int SSL_stateless(SSL *s)
+{
+    int ret;
+
+    /* Ensure there is no state left over from a previous invocation */
+    if (!SSL_clear(s))
+        return -1;
+
+    ERR_clear_error();
+
+    s->s3->flags |= TLS1_FLAGS_STATELESS;
+    ret = SSL_accept(s);
+    s->s3->flags &= ~TLS1_FLAGS_STATELESS;
+
+    return ret;
+}
index 243c1fb..abaa5bf 100644 (file)
@@ -473,3 +473,4 @@ DTLS_set_timer_cb                       473 1_1_1   EXIST::FUNCTION:
 SSL_CTX_set_tlsext_max_fragment_length  474    1_1_1   EXIST::FUNCTION:
 SSL_set_tlsext_max_fragment_length      475    1_1_1   EXIST::FUNCTION:
 SSL_SESSION_get_max_fragment_length     476    1_1_1   EXIST::FUNCTION:
+SSL_stateless                           477    1_1_1   EXIST::FUNCTION: