Add the SSL_NO_EOED internal macro

The TLS EndOfEarlyData message is not applicable in some scenarios (e.g., QUIC). This adds a macro to handle this message. Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26552)
2025-04-06 20:20:50 +08:00 · 2025-02-11 16:13:26 +08:00 · 2025-02-11 16:13:26 +08:00 · 1b3f27f920
commit 1b3f27f920
parent 76e3fdd0f6
6 changed files with 24 additions and 7 deletions
--- a/include/internal/statem.h
+++ b/include/internal/statem.h
@ -154,7 +154,7 @@ void ossl_statem_set_in_init(SSL_CONNECTION *s, int init);
 int ossl_statem_get_in_handshake(SSL_CONNECTION *s);
 void ossl_statem_set_in_handshake(SSL_CONNECTION *s, int inhand);
 __owur int ossl_statem_skip_early_data(SSL_CONNECTION *s);
-void ossl_statem_check_finish_init(SSL_CONNECTION *s, int send);
+int ossl_statem_check_finish_init(SSL_CONNECTION *s, int send);
 void ossl_statem_set_hello_verify_done(SSL_CONNECTION *s);
 __owur int ossl_statem_app_data_allowed(SSL_CONNECTION *s);
 __owur int ossl_statem_export_allowed(SSL_CONNECTION *s);
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@ -2327,7 +2327,8 @@ int ssl_read_internal(SSL *s, void *buf, size_t num, size_t *readbytes)
     * If we are a client and haven't received the ServerHello etc then we
     * better do that
     */
-    ossl_statem_check_finish_init(sc, 0);
+    if (!ossl_statem_check_finish_init(sc, 0))
+        return -1;

    if ((sc->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
        struct ssl_async_args args;
@ -2551,7 +2552,8 @@ int ssl_write_internal(SSL *s, const void *buf, size_t num,
        return 0;
    }
    /* If we are a client and haven't sent the Finished we better do that */
-    ossl_statem_check_finish_init(sc, 1);
+    if (!ossl_statem_check_finish_init(sc, 1))
+        return -1;

    if ((sc->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
        int ret;
@ -4927,7 +4929,8 @@ int SSL_do_handshake(SSL *s)
        return -1;
    }

-    ossl_statem_check_finish_init(sc, -1);
+    if (!ossl_statem_check_finish_init(sc, -1))
+        return -1;

    s->method->ssl_renegotiate_check(s, 0);

--- a/ssl/ssl_local.h
+++ b/ssl/ssl_local.h
@ -312,6 +312,9 @@

 # define SSL_IS_QUIC_HANDSHAKE(s) (((s)->s3.flags & TLS1_FLAGS_QUIC) != 0)

+/* no end of early data */
+# define SSL_NO_EOED(s) SSL_IS_QUIC_HANDSHAKE(s)
+
 /* alert_dispatch values */

 /* No alert pending */
--- a/ssl/statem/statem.c
+++ b/ssl/statem/statem.c
@ -242,8 +242,17 @@ int ossl_statem_skip_early_data(SSL_CONNECTION *s)
 * attempting to read data (SSL_read*()), or -1 if we are in SSL_do_handshake()
 * or similar.
 */
-void ossl_statem_check_finish_init(SSL_CONNECTION *s, int sending)
+int ossl_statem_check_finish_init(SSL_CONNECTION *s, int sending)
 {
+    int i = SSL3_CC_HANDSHAKE | SSL3_CHANGE_CIPHER_SERVER_READ;
+
+    if (s->server && SSL_NO_EOED(s) && s->ext.early_data == SSL_EARLY_DATA_ACCEPTED
+        && s->early_data_state != SSL_EARLY_DATA_FINISHED_READING
+            && s->statem.hand_state == TLS_ST_EARLY_DATA) {
+        s->early_data_state = SSL_EARLY_DATA_FINISHED_READING;
+        if (!SSL_CONNECTION_GET_SSL(s)->method->ssl3_enc->change_cipher_state(s, i))
+            return 0;
+    }
    if (sending == -1) {
        if (s->statem.hand_state == TLS_ST_PENDING_EARLY_DATA_END
                || s->statem.hand_state == TLS_ST_EARLY_DATA) {
@ -274,6 +283,7 @@ void ossl_statem_check_finish_init(SSL_CONNECTION *s, int sending)
                && s->statem.hand_state == TLS_ST_EARLY_DATA)
            ossl_statem_set_in_init(s, 1);
    }
+    return 1;
 }

 void ossl_statem_set_hello_verify_done(SSL_CONNECTION *s)
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@ -491,7 +491,7 @@ static WRITE_TRAN ossl_statem_client13_write_transition(SSL_CONNECTION *s)
        return WRITE_TRAN_CONTINUE;

    case TLS_ST_PENDING_EARLY_DATA_END:
-        if (s->ext.early_data == SSL_EARLY_DATA_ACCEPTED) {
+        if (s->ext.early_data == SSL_EARLY_DATA_ACCEPTED && !SSL_NO_EOED(s)) {
            st->hand_state = TLS_ST_CW_END_OF_EARLY_DATA;
            return WRITE_TRAN_CONTINUE;
        }
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@ -85,7 +85,8 @@ static int ossl_statem_server13_read_transition(SSL_CONNECTION *s, int mt)
                return 1;
            }
            break;
-        } else if (s->ext.early_data == SSL_EARLY_DATA_ACCEPTED) {
+        } else if (s->ext.early_data == SSL_EARLY_DATA_ACCEPTED
+                   && !SSL_NO_EOED(s)) {
            if (mt == SSL3_MT_END_OF_EARLY_DATA) {
                st->hand_state = TLS_ST_SR_END_OF_EARLY_DATA;
                return 1;