Add the ability for s_server to operate statelessly

Reviewed-by: N Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4435)

Add the ability for s_server to operate statelessly
Reviewed-by: N Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4435)
c2f9648d · Matt Caswell · e9359719 · c2f9648d
显示空白变更内容
内联并排

Showing with 68 addition and 52 deletion

apps/s_server.c apps/s_server.c +68 -52

未找到文件。
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -114,6 +114,7 @@ static long socket_mtu;
 * code.
 */
 static int dtlslisten = 0;
+static int stateless = 0;
 static int early_data = 0;
 static SSL_SESSION *psksess = NULL;
@@ -751,7 +752,7 @@ typedef enum OPTION_choice {
    OPT_UPPER_WWW, OPT_HTTP, OPT_ASYNC, OPT_SSL_CONFIG,
    OPT_MAX_SEND_FRAG, OPT_SPLIT_SEND_FRAG, OPT_MAX_PIPELINES, OPT_READ_BUF,
    OPT_SSL3, OPT_TLS1_3, OPT_TLS1_2, OPT_TLS1_1, OPT_TLS1, OPT_DTLS, OPT_DTLS1,
-    OPT_DTLS1_2, OPT_SCTP, OPT_TIMEOUT, OPT_MTU, OPT_LISTEN,
+    OPT_DTLS1_2, OPT_SCTP, OPT_TIMEOUT, OPT_MTU, OPT_LISTEN, OPT_STATELESS,
    OPT_ID_PREFIX, OPT_SERVERNAME, OPT_SERVERNAME_FATAL,
    OPT_CERT2, OPT_KEY2, OPT_NEXTPROTONEG, OPT_ALPN,
    OPT_SRTP_PROFILES, OPT_KEYMATEXPORT, OPT_KEYMATEXPORTLEN,
@@ -933,6 +934,7 @@ const OPTIONS s_server_options[] = {
    {"listen", OPT_LISTEN, '-',
     "Listen for a DTLS ClientHello with a cookie and then connect"},
 #endif
+    {"stateless", OPT_STATELESS, '-', "Require TLSv1.3 cookies"},
 #ifndef OPENSSL_NO_DTLS1
    {"dtls1", OPT_DTLS1, '-', "Just talk DTLSv1"},
 #endif
@@ -1496,6 +1498,9 @@ int s_server_main(int argc, char *argv[])
            dtlslisten = 1;
 #endif
            break;
+        case OPT_STATELESS:
+            stateless = 1;
+            break;
        case OPT_ID_PREFIX:
            session_id_prefix = opt_arg();
            break;
@@ -1588,6 +1593,11 @@ int s_server_main(int argc, char *argv[])
    }
 #endif
+    if (stateless && socket_type != SOCK_STREAM) {
+        BIO_printf(bio_err, "Can only use --stateless with TLS\n");
+        goto end;
+    }
 #ifdef AF_UNIX
    if (socket_family == AF_UNIX && socket_type != SOCK_STREAM) {
        BIO_printf(bio_err,
@@ -2691,19 +2701,23 @@ static int init_ssl_connection(SSL *con)
    long verify_err;
    int retry = 0;
-#ifndef OPENSSL_NO_DTLS
+    if (dtlslisten || stateless) {
-    if (dtlslisten) {
        BIO_ADDR *client = NULL;
+        if (dtlslisten) {
            if ((client = BIO_ADDR_new()) == NULL) {
                BIO_printf(bio_err, "ERROR - memory\n");
                return 0;
            }
            i = DTLSv1_listen(con, client);
+        } else {
+            i = SSL_stateless(con);
+        }
        if (i > 0) {
            BIO *wbio;
            int fd = -1;
+            if (dtlslisten) {
                wbio = SSL_get_wbio(con);
                if (wbio) {
                    BIO_get_fd(wbio, &fd);
@@ -2716,13 +2730,14 @@ static int init_ssl_connection(SSL *con)
                }
                BIO_ADDR_free(client);
                dtlslisten = 0;
+            } else {
+                stateless = 0;
+            }
            i = SSL_accept(con);
        } else {
            BIO_ADDR_free(client);
        }
-    } else
+    } else {
-#endif
        do {
            i = SSL_accept(con);
@@ -2762,10 +2777,11 @@ static int init_ssl_connection(SSL *con)
            }
 #endif
        } while (i < 0 && SSL_waiting_for_async(con));
+    }
    if (i <= 0) {
-        if ((dtlslisten && i == 0)
+        if (((dtlslisten || stateless) && i == 0)
-                || (!dtlslisten && retry)) {
+                || (!dtlslisten && !stateless && retry)) {
            BIO_printf(bio_s_out, "DELAY\n");
            return 1;
        }