Add s_server and s_client async support

A new -async option is added which activates SSL_MODE_ASYNC. Also SSL_WANT_ASYNC errors are handled appropriately. Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-02-13 23:33:12 +00:00 · 2015-02-13 23:33:12 +00:00 · 7e25dd6da1
commit 7e25dd6da1
parent 07bbc92ccb
2 changed files with 63 additions and 21 deletions
--- a/apps/s_client.c
+++ b/apps/s_client.c
@ -182,6 +182,7 @@ extern int verify_error;
 extern int verify_return_error;
 extern int verify_quiet;

+static int async = 0;
 static int c_nbio = 0;
 static int c_tlsextdebug = 0;
 static int c_status_req = 0;
@ -472,6 +473,7 @@ typedef enum OPTION_choice {
    OPT_CHAINCAFILE, OPT_VERIFYCAFILE, OPT_NEXTPROTONEG, OPT_ALPN,
    OPT_SERVERINFO, OPT_STARTTLS, OPT_SERVERNAME, OPT_JPAKE,
    OPT_USE_SRTP, OPT_KEYMATEXPORT, OPT_KEYMATEXPORTLEN, OPT_SMTPHOST,
+    OPT_ASYNC,
    OPT_V_ENUM,
    OPT_X_ENUM,
    OPT_S_ENUM,
@ -557,6 +559,7 @@ OPTIONS s_client_options[] = {
     "types  Send empty ClientHello extensions (comma-separated numbers)"},
    {"alpn", OPT_ALPN, 's',
     "Enable ALPN extension, considering named protocols supported (comma-separated list)"},
+    {"async", OPT_ASYNC, '-', "Support asynchronous operation"},
    OPT_S_OPTIONS,
    OPT_V_OPTIONS,
    OPT_X_OPTIONS,
@ -1061,6 +1064,9 @@ int s_client_main(int argc, char **argv)
        case OPT_KEYMATEXPORTLEN:
            keymatexportlen = atoi(opt_arg());
            break;
+        case OPT_ASYNC:
+            async = 1;
+            break;
        }
    }
    argc = opt_num_rest();
@ -1199,6 +1205,9 @@ int s_client_main(int argc, char **argv)
        goto end;
    }

+    if (async)
+        SSL_CTX_set_mode(ctx, SSL_MODE_ASYNC);
+
    if (!config_ctx(cctx, ssl_args, ctx, 1, jpake_secret == NULL))
        goto end;

@ -1883,6 +1892,11 @@ int s_client_main(int argc, char **argv)
                write_ssl = 1;
                read_tty = 0;
                break;
+            case SSL_ERROR_WANT_ASYNC:
+                BIO_printf(bio_c_out, "write A BLOCK\n");
+                write_ssl = 1;
+                read_tty = 0;
+                break;
            case SSL_ERROR_WANT_READ:
                BIO_printf(bio_c_out, "write R BLOCK\n");
                write_tty = 0;
@ -1965,6 +1979,13 @@ int s_client_main(int argc, char **argv)
                read_ssl = 0;
                write_tty = 1;
                break;
+            case SSL_ERROR_WANT_ASYNC:
+                BIO_printf(bio_c_out, "read A BLOCK\n");
+                write_tty = 0;
+                read_ssl = 1;
+                if ((read_tty == 0) && (write_ssl == 0))
+                    write_ssl = 1;
+                break;
            case SSL_ERROR_WANT_WRITE:
                BIO_printf(bio_c_out, "read W BLOCK\n");
                write_ssl = 1;
--- a/apps/s_server.c
+++ b/apps/s_server.c
@ -252,6 +252,8 @@ static int s_brief = 0;
 static char *keymatexportlabel = NULL;
 static int keymatexportlen = 20;

+static int async = 0;
+
 #ifndef OPENSSL_NO_ENGINE
 static char *engine_id = NULL;
 #endif
@ -402,6 +404,7 @@ static void s_server_init(void)
    s_msg = 0;
    s_quiet = 0;
    s_brief = 0;
+    async = 0;
 #ifndef OPENSSL_NO_ENGINE
    engine_id = NULL;
 #endif
@ -805,7 +808,7 @@ typedef enum OPTION_choice {
    OPT_SECURITY_DEBUG, OPT_SECURITY_DEBUG_VERBOSE, OPT_STATE, OPT_CRLF,
    OPT_QUIET, OPT_BRIEF, OPT_NO_TMP_RSA, OPT_NO_DHE, OPT_NO_ECDHE,
    OPT_NO_RESUME_EPHEMERAL, OPT_PSK_HINT, OPT_PSK, OPT_SRPVFILE,
-    OPT_SRPUSERSEED, OPT_REV, OPT_WWW, OPT_UPPER_WWW, OPT_HTTP,
+    OPT_SRPUSERSEED, OPT_REV, OPT_WWW, OPT_UPPER_WWW, OPT_HTTP, OPT_ASYNC,
    OPT_SSL3,
    OPT_TLS1_2, OPT_TLS1_1, OPT_TLS1, OPT_DTLS, OPT_DTLS1,
    OPT_DTLS1_2, OPT_TIMEOUT, OPT_MTU, OPT_CHAIN, OPT_LISTEN,
@ -914,6 +917,7 @@ OPTIONS s_server_options[] = {
    {"security_debug_verbose", OPT_SECURITY_DEBUG_VERBOSE, '-'},
    {"brief", OPT_BRIEF, '-'},
    {"rev", OPT_REV, '-'},
+    {"async", OPT_ASYNC, '-', "Operate in asynchronous mode"},
    OPT_S_OPTIONS,
    OPT_V_OPTIONS,
    OPT_X_OPTIONS,
@ -1438,6 +1442,9 @@ int s_server_main(int argc, char *argv[])
        case OPT_KEYMATEXPORTLEN:
            keymatexportlen = atoi(opt_arg());
            break;
+        case OPT_ASYNC:
+            async = 1;
+            break;
        }
    }
    argc = opt_num_rest();
@ -1650,6 +1657,9 @@ int s_server_main(int argc, char *argv[])
    else
        SSL_CTX_sess_set_cache_size(ctx, 128);

+    if (async)
+        SSL_CTX_set_mode(ctx, SSL_MODE_ASYNC);
+
 #ifndef OPENSSL_NO_SRTP
    if (srtp_profiles != NULL) {
        /* Returns 0 on success! */
@ -1721,6 +1731,9 @@ int s_server_main(int argc, char *argv[])
        else
            SSL_CTX_sess_set_cache_size(ctx2, 128);

+        if (async)
+			SSL_CTX_set_mode(ctx2, SSL_MODE_ASYNC);
+
        if ((!SSL_CTX_load_verify_locations(ctx2, CAfile, CApath)) ||
            (!SSL_CTX_set_default_verify_paths(ctx2))) {
            ERR_print_errors(bio_err);
@ -2281,6 +2294,9 @@ static int sv_body(char *hostname, int s, int stype, unsigned char *context)
                switch (SSL_get_error(con, k)) {
                case SSL_ERROR_NONE:
                    break;
+                case SSL_ERROR_WANT_ASYNC:
+                    BIO_printf(bio_s_out, "Write BLOCK (Async)\n");
+                    break;
                case SSL_ERROR_WANT_WRITE:
                case SSL_ERROR_WANT_READ:
                case SSL_ERROR_WANT_X509_LOOKUP:
@ -2345,6 +2361,7 @@ static int sv_body(char *hostname, int s, int stype, unsigned char *context)
                    if (SSL_pending(con))
                        goto again;
                    break;
+                case SSL_ERROR_WANT_ASYNC:
                case SSL_ERROR_WANT_WRITE:
                case SSL_ERROR_WANT_READ:
                    BIO_printf(bio_s_out, "Read BLOCK\n");
@ -2423,33 +2440,37 @@ static int init_ssl_connection(SSL *con)
        }
    } else
 #endif
+
+    do {
        i = SSL_accept(con);

 #ifdef CERT_CB_TEST_RETRY
-    {
-        while (i <= 0 && SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP
-               && SSL_get_state(con) == TLS_ST_SR_CLNT_HELLO) {
-            BIO_printf(bio_err,
+        {
+            while (i <= 0 && SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP
+                    && SSL_get_state(con) == TLS_ST_SR_CLNT_HELLO) {
+                BIO_printf(bio_err,
                       "LOOKUP from certificate callback during accept\n");
+                i = SSL_accept(con);
+            }
+        }
+#endif
+
+#ifndef OPENSSL_NO_SRP
+        while (i <= 0 && SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP) {
+            BIO_printf(bio_s_out, "LOOKUP during accept %s\n",
+                       srp_callback_parm.login);
+            srp_callback_parm.user =
+                SRP_VBASE_get_by_user(srp_callback_parm.vb,
+                                      srp_callback_parm.login);
+            if (srp_callback_parm.user)
+                BIO_printf(bio_s_out, "LOOKUP done %s\n",
+                           srp_callback_parm.user->info);
+            else
+                BIO_printf(bio_s_out, "LOOKUP not successful\n");
            i = SSL_accept(con);
        }
-    }
-#endif
-#ifndef OPENSSL_NO_SRP
-    while (i <= 0 && SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP) {
-        BIO_printf(bio_s_out, "LOOKUP during accept %s\n",
-                   srp_callback_parm.login);
-        srp_callback_parm.user =
-            SRP_VBASE_get_by_user(srp_callback_parm.vb,
-                                  srp_callback_parm.login);
-        if (srp_callback_parm.user)
-            BIO_printf(bio_s_out, "LOOKUP done %s\n",
-                       srp_callback_parm.user->info);
-        else
-            BIO_printf(bio_s_out, "LOOKUP not successful\n");
-        i = SSL_accept(con);
-    }
 #endif
+    } while (i < 0 && SSL_waiting_for_async(con));

    if (i <= 0) {
        if ((dtlslisten && i == 0)