From: Matt Caswell Date: Wed, 13 Sep 2017 12:48:48 +0000 (+0100) Subject: Add the SSL_stateless() function X-Git-Tag: OpenSSL_1_1_1-pre1~151 X-Git-Url: https://git.openssl.org/?p=openssl.git;a=commitdiff_plain;h=042c57539bfe7bbd642cdf6410c56327e91ad908;hp=10ee72461254643bd152a7f3f6112edb6f517d4b;ds=sidebyside Add the SSL_stateless() function This enables sending and receiving of the TLSv1.3 cookie on the server side as appropriate. Reviewed-by: Ben Kaduk (Merged from https://github.com/openssl/openssl/pull/4435) --- diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 7aa98dab67..cfb069695b 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -1753,6 +1753,7 @@ __owur int SSL_get_changed_async_fds(SSL *s, OSSL_ASYNC_FD *addfd, size_t *numdelfds); # endif __owur int SSL_accept(SSL *ssl); +__owur int SSL_stateless(SSL *s); __owur int SSL_connect(SSL *ssl); __owur int SSL_read(SSL *ssl, void *buf, int num); __owur int SSL_read_ex(SSL *ssl, void *buf, size_t num, size_t *readbytes); diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 1457fc68f6..b0d016a03d 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -5295,3 +5295,20 @@ __owur unsigned int ssl_get_split_send_fragment(const SSL *ssl) /* return current SSL connection setting */ return ssl->split_send_fragment; } + +int SSL_stateless(SSL *s) +{ + int ret; + + /* Ensure there is no state left over from a previous invocation */ + if (!SSL_clear(s)) + return -1; + + ERR_clear_error(); + + s->s3->flags |= TLS1_FLAGS_STATELESS; + ret = SSL_accept(s); + s->s3->flags &= ~TLS1_FLAGS_STATELESS; + + return ret; +} diff --git a/util/libssl.num b/util/libssl.num index 243c1fb2cf..abaa5bf548 100644 --- a/util/libssl.num +++ b/util/libssl.num @@ -473,3 +473,4 @@ DTLS_set_timer_cb 473 1_1_1 EXIST::FUNCTION: SSL_CTX_set_tlsext_max_fragment_length 474 1_1_1 EXIST::FUNCTION: SSL_set_tlsext_max_fragment_length 475 1_1_1 EXIST::FUNCTION: SSL_SESSION_get_max_fragment_length 476 1_1_1 EXIST::FUNCTION: +SSL_stateless 477 1_1_1 EXIST::FUNCTION: