From 042c57539bfe7bbd642cdf6410c56327e91ad908 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Wed, 13 Sep 2017 13:48:48 +0100 Subject: [PATCH 1/1] Add the SSL_stateless() function This enables sending and receiving of the TLSv1.3 cookie on the server side as appropriate. Reviewed-by: Ben Kaduk (Merged from https://github.com/openssl/openssl/pull/4435) --- include/openssl/ssl.h | 1 + ssl/ssl_lib.c | 17 +++++++++++++++++ util/libssl.num | 1 + 3 files changed, 19 insertions(+) diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 7aa98dab67..cfb069695b 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -1753,6 +1753,7 @@ __owur int SSL_get_changed_async_fds(SSL *s, OSSL_ASYNC_FD *addfd, size_t *numdelfds); # endif __owur int SSL_accept(SSL *ssl); +__owur int SSL_stateless(SSL *s); __owur int SSL_connect(SSL *ssl); __owur int SSL_read(SSL *ssl, void *buf, int num); __owur int SSL_read_ex(SSL *ssl, void *buf, size_t num, size_t *readbytes); diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 1457fc68f6..b0d016a03d 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -5295,3 +5295,20 @@ __owur unsigned int ssl_get_split_send_fragment(const SSL *ssl) /* return current SSL connection setting */ return ssl->split_send_fragment; } + +int SSL_stateless(SSL *s) +{ + int ret; + + /* Ensure there is no state left over from a previous invocation */ + if (!SSL_clear(s)) + return -1; + + ERR_clear_error(); + + s->s3->flags |= TLS1_FLAGS_STATELESS; + ret = SSL_accept(s); + s->s3->flags &= ~TLS1_FLAGS_STATELESS; + + return ret; +} diff --git a/util/libssl.num b/util/libssl.num index 243c1fb2cf..abaa5bf548 100644 --- a/util/libssl.num +++ b/util/libssl.num @@ -473,3 +473,4 @@ DTLS_set_timer_cb 473 1_1_1 EXIST::FUNCTION: SSL_CTX_set_tlsext_max_fragment_length 474 1_1_1 EXIST::FUNCTION: SSL_set_tlsext_max_fragment_length 475 1_1_1 EXIST::FUNCTION: SSL_SESSION_get_max_fragment_length 476 1_1_1 EXIST::FUNCTION: +SSL_stateless 477 1_1_1 EXIST::FUNCTION: -- 2.34.1