From 1b3f27f9208a8d7576102b3bba6443885fb01e7c Mon Sep 17 00:00:00 2001
From: Cheng Zhang <zhangcheng170@huawei.com>
Date: Tue, 11 Feb 2025 16:13:26 +0800
Subject: [PATCH] Add the SSL_NO_EOED internal macro

The TLS EndOfEarlyData message is not applicable in some scenarios (e.g., QUIC).
This adds a macro to handle this message.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26552)
---
 include/internal/statem.h |  2 +-
 ssl/ssl_lib.c             |  9 ++++++---
 ssl/ssl_local.h           |  3 +++
 ssl/statem/statem.c       | 12 +++++++++++-
 ssl/statem/statem_clnt.c  |  2 +-
 ssl/statem/statem_srvr.c  |  3 ++-
 6 files changed, 24 insertions(+), 7 deletions(-)

diff --git a/include/internal/statem.h b/include/internal/statem.h
index 136e6523660..8b8c3522fcf 100644
--- a/include/internal/statem.h
+++ b/include/internal/statem.h
@@ -154,7 +154,7 @@ void ossl_statem_set_in_init(SSL_CONNECTION *s, int init);
 int ossl_statem_get_in_handshake(SSL_CONNECTION *s);
 void ossl_statem_set_in_handshake(SSL_CONNECTION *s, int inhand);
 __owur int ossl_statem_skip_early_data(SSL_CONNECTION *s);
-void ossl_statem_check_finish_init(SSL_CONNECTION *s, int send);
+int ossl_statem_check_finish_init(SSL_CONNECTION *s, int send);
 void ossl_statem_set_hello_verify_done(SSL_CONNECTION *s);
 __owur int ossl_statem_app_data_allowed(SSL_CONNECTION *s);
 __owur int ossl_statem_export_allowed(SSL_CONNECTION *s);
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index e27c8750532..4307f020311 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -2327,7 +2327,8 @@ int ssl_read_internal(SSL *s, void *buf, size_t num, size_t *readbytes)
      * If we are a client and haven't received the ServerHello etc then we
      * better do that
      */
-    ossl_statem_check_finish_init(sc, 0);
+    if (!ossl_statem_check_finish_init(sc, 0))
+        return -1;
 
     if ((sc->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
         struct ssl_async_args args;
@@ -2551,7 +2552,8 @@ int ssl_write_internal(SSL *s, const void *buf, size_t num,
         return 0;
     }
     /* If we are a client and haven't sent the Finished we better do that */
-    ossl_statem_check_finish_init(sc, 1);
+    if (!ossl_statem_check_finish_init(sc, 1))
+        return -1;
 
     if ((sc->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
         int ret;
@@ -4927,7 +4929,8 @@ int SSL_do_handshake(SSL *s)
         return -1;
     }
 
-    ossl_statem_check_finish_init(sc, -1);
+    if (!ossl_statem_check_finish_init(sc, -1))
+        return -1;
 
     s->method->ssl_renegotiate_check(s, 0);
 
diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h
index a8000882326..fad69d8d468 100644
--- a/ssl/ssl_local.h
+++ b/ssl/ssl_local.h
@@ -312,6 +312,9 @@
 
 # define SSL_IS_QUIC_HANDSHAKE(s) (((s)->s3.flags & TLS1_FLAGS_QUIC) != 0)
 
+/* no end of early data */
+# define SSL_NO_EOED(s) SSL_IS_QUIC_HANDSHAKE(s)
+
 /* alert_dispatch values */
 
 /* No alert pending */
diff --git a/ssl/statem/statem.c b/ssl/statem/statem.c
index 87ed6c64c56..d7bb510d0c5 100644
--- a/ssl/statem/statem.c
+++ b/ssl/statem/statem.c
@@ -242,8 +242,17 @@ int ossl_statem_skip_early_data(SSL_CONNECTION *s)
  * attempting to read data (SSL_read*()), or -1 if we are in SSL_do_handshake()
  * or similar.
  */
-void ossl_statem_check_finish_init(SSL_CONNECTION *s, int sending)
+int ossl_statem_check_finish_init(SSL_CONNECTION *s, int sending)
 {
+    int i = SSL3_CC_HANDSHAKE | SSL3_CHANGE_CIPHER_SERVER_READ;
+
+    if (s->server && SSL_NO_EOED(s) && s->ext.early_data == SSL_EARLY_DATA_ACCEPTED
+        && s->early_data_state != SSL_EARLY_DATA_FINISHED_READING
+            && s->statem.hand_state == TLS_ST_EARLY_DATA) {
+        s->early_data_state = SSL_EARLY_DATA_FINISHED_READING;
+        if (!SSL_CONNECTION_GET_SSL(s)->method->ssl3_enc->change_cipher_state(s, i))
+            return 0;
+    }
     if (sending == -1) {
         if (s->statem.hand_state == TLS_ST_PENDING_EARLY_DATA_END
                 || s->statem.hand_state == TLS_ST_EARLY_DATA) {
@@ -274,6 +283,7 @@ void ossl_statem_check_finish_init(SSL_CONNECTION *s, int sending)
                 && s->statem.hand_state == TLS_ST_EARLY_DATA)
             ossl_statem_set_in_init(s, 1);
     }
+    return 1;
 }
 
 void ossl_statem_set_hello_verify_done(SSL_CONNECTION *s)
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index 101c93ca45d..fe034f4cb0b 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -491,7 +491,7 @@ static WRITE_TRAN ossl_statem_client13_write_transition(SSL_CONNECTION *s)
         return WRITE_TRAN_CONTINUE;
 
     case TLS_ST_PENDING_EARLY_DATA_END:
-        if (s->ext.early_data == SSL_EARLY_DATA_ACCEPTED) {
+        if (s->ext.early_data == SSL_EARLY_DATA_ACCEPTED && !SSL_NO_EOED(s)) {
             st->hand_state = TLS_ST_CW_END_OF_EARLY_DATA;
             return WRITE_TRAN_CONTINUE;
         }
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index 21e5807795d..7cdb3a00ddd 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -85,7 +85,8 @@ static int ossl_statem_server13_read_transition(SSL_CONNECTION *s, int mt)
                 return 1;
             }
             break;
-        } else if (s->ext.early_data == SSL_EARLY_DATA_ACCEPTED) {
+        } else if (s->ext.early_data == SSL_EARLY_DATA_ACCEPTED
+                   && !SSL_NO_EOED(s)) {
             if (mt == SSL3_MT_END_OF_EARLY_DATA) {
                 st->hand_state = TLS_ST_SR_END_OF_EARLY_DATA;
                 return 1;
-- 
2.47.2