deps: Remove EOED when SSL_MODE_QUIC_HACK is enabled

jasnell · juanarbol · commit d3869f1fea6a · 2019-12-17T11:09:19.000-05:00
Ported from tatsuhiro-t/openssl@920a331 PR-URL: nodejs#6 Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
diff --git a/deps/openssl/openssl/ssl/ssl_lib.c b/deps/openssl/openssl/ssl/ssl_lib.c
@@ -1833,6 +1833,12 @@ int SSL_read_early_data(SSL *s, void *buf, size_t num, size_t *readbytes)
         ret = SSL_accept(s);
         if (ret <= 0) {
             /* NBIO or error */
+            if ((s->mode & SSL_MODE_QUIC_HACK)
+                && s->ext.early_data == SSL_EARLY_DATA_ACCEPTED) {
+                *readbytes = 0;
+                return SSL_READ_EARLY_DATA_FINISH;
+            }
+
             s->early_data_state = SSL_EARLY_DATA_ACCEPT_RETRY;
             return SSL_READ_EARLY_DATA_ERROR;
         }
diff --git a/deps/openssl/openssl/ssl/statem/statem_clnt.c b/deps/openssl/openssl/ssl/statem/statem_clnt.c
@@ -450,7 +450,8 @@ static WRITE_TRAN ossl_statem_client13_write_transition(SSL *s)
         return WRITE_TRAN_CONTINUE;
 
     case TLS_ST_PENDING_EARLY_DATA_END:
-        if (s->ext.early_data == SSL_EARLY_DATA_ACCEPTED) {
+        if (!(s->mode & SSL_MODE_QUIC_HACK)
+            && s->ext.early_data == SSL_EARLY_DATA_ACCEPTED) {
             st->hand_state = TLS_ST_CW_END_OF_EARLY_DATA;
             return WRITE_TRAN_CONTINUE;
         }
diff --git a/deps/openssl/openssl/ssl/statem/statem_srvr.c b/deps/openssl/openssl/ssl/statem/statem_srvr.c
@@ -57,7 +57,8 @@ static int ossl_statem_server13_read_transition(SSL *s, int mt)
                 return 1;
             }
             break;
-        } else if (s->ext.early_data == SSL_EARLY_DATA_ACCEPTED) {
+        } else if (!(s->mode & SSL_MODE_QUIC_HACK)
+                   && s->ext.early_data == SSL_EARLY_DATA_ACCEPTED) {
             if (mt == SSL3_MT_END_OF_EARLY_DATA) {
                 st->hand_state = TLS_ST_SR_END_OF_EARLY_DATA;
                 return 1;
@@ -939,6 +940,15 @@ WORK_STATE ossl_statem_server_post_work(SSL *s, WORK_STATE wst)
                         SSL3_CC_APPLICATION | SSL3_CHANGE_CIPHER_SERVER_WRITE))
             /* SSLfatal() already called */
             return WORK_ERROR;
+
+            if ((s->mode & SSL_MODE_QUIC_HACK)
+                && s->ext.early_data == SSL_EARLY_DATA_ACCEPTED) {
+                s->early_data_state = SSL_EARLY_DATA_FINISHED_READING;
+                if (!s->method->ssl3_enc->change_cipher_state(
+                        s, SSL3_CC_HANDSHAKE | SSL3_CHANGE_CIPHER_SERVER_READ))
+                    /* SSLfatal() already called */
+                    return WORK_ERROR;
+            }
         }
         break;
 

Original file line number	Diff line number	Diff line change
`@@ -450,7 +450,8 @@ static WRITE_TRAN ossl_statem_client13_write_transition(SSL *s)`
`450`	`450`	`return WRITE_TRAN_CONTINUE;`
`451`	`451`
`452`	`452`	`case TLS_ST_PENDING_EARLY_DATA_END:`
`453`		`- if (s->ext.early_data == SSL_EARLY_DATA_ACCEPTED) {`
	`453`	`+ if (!(s->mode & SSL_MODE_QUIC_HACK)`
	`454`	`+ && s->ext.early_data == SSL_EARLY_DATA_ACCEPTED) {`
`454`	`455`	`st->hand_state = TLS_ST_CW_END_OF_EARLY_DATA;`
`455`	`456`	`return WRITE_TRAN_CONTINUE;`
`456`	`457`	`}`