TicketNo:AR000C7MNN

Description:D-Transport: Connection Setup on Server side
Team:OTHERS
Feature or Bugfix:Feature
Binary Source:No
PrivateCode(Yes/No):No

Change-Id: I1214f2f74b233555f2903a23990640852e42cca6
Reviewed-on: http://mgit-tm.rnd.huawei.com/4999713Reviewed-by: Nwangyanbo 00291255 <wangyanbo3@huawei.com>
Tested-by: Npublic jenkins <public_jenkins@notesmail.huawei.com>
Reviewed-by: Ngaokui 00368537 <gaokui1@huawei.com>
Reviewed-by: Ntenghui 00211420 <th.tenghui@huawei.com>

include/openssl/ssl.h

@@ -494,6 +494,8 @@ typedef int (*SSL_verify_cb)(int preverify_ok, X509_STORE_CTX *x509_ctx);
  */
 # define SSL_MODE_ASYNC 0x00000100U
 
+# define SSL_MODE_QUIC_HACK 0x00000800U
+
 /* Cert related flags */
 /*
  * Many implementations ignore some aspects of the TLS standards such as
@@ -621,6 +623,20 @@ void SSL_set_msg_callback(SSL *ssl,
 # define SSL_CTX_set_msg_callback_arg(ctx, arg) SSL_CTX_ctrl((ctx), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg))
 # define SSL_set_msg_callback_arg(ssl, arg) SSL_ctrl((ssl), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg))
 
+typedef enum {
+    SSL_KEY_CLIENT_EARLY_TRAFFIC,
+    SSL_KEY_CLIENT_HANDSHAKE_TRAFFIC,
+    SSL_KEY_CLIENT_APPLICATION_TRAFFIC,
+    SSL_KEY_SERVER_HANDSHAKE_TRAFFIC,
+    SSL_KEY_SERVER_APPLICATION_TRAFFIC
+} OSSL_KEY_TYPE;
+
+void SSL_set_key_callback(SSL *ssl,
+                          int (*cb)(SSL *ssl, int name,
+                                    const unsigned char *secret,
+                                    size_t secretlen, void *arg),
+                          void *arg);
+
 # define SSL_get_extms_support(s) \
         SSL_ctrl((s),SSL_CTRL_GET_EXTMS_SUPPORT,0,NULL)
 

ssl/record/rec_layer_s3.c

@@ -10,6 +10,7 @@
 #include <stdio.h>
 #include <limits.h>
 #include <errno.h>
+#include <assert.h>
 #include "../ssl_locl.h"
 #include <openssl/evp.h>
 #include <openssl/buffer.h>
@@ -347,6 +348,22 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, size_t len,
     int i;
     size_t tmpwrit;
 
+    if (s->mode & SSL_MODE_QUIC_HACK) {
+        /* If we have an alert to send, lets send it */
+        if (s->s3->alert_dispatch) {
+            i = s->method->ssl_dispatch_alert(s);
+            if (i <= 0) {
+                /* SSLfatal() already called if appropriate */
+                return i;
+            }
+        }
+
+        s->rwstate = SSL_WRITING;
+        *written = len;
+
+        return 1;
+    }
+
     s->rwstate = SSL_NOTHING;
     tot = s->rlayer.wnum;
     /*
@@ -659,6 +676,10 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
     size_t totlen = 0, len, wpinited = 0;
     size_t j;
 
+    if (s->mode & SSL_MODE_QUIC_HACK) {
+        assert(0);
+    }
+
     for (j = 0; j < numpipes; j++)
         totlen += pipelens[j];
     /*
@@ -1123,6 +1144,10 @@ int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, size_t len,
     size_t currbuf = 0;
     size_t tmpwrit = 0;
 
+    if (s->mode & SSL_MODE_QUIC_HACK) {
+        assert(0);
+    }
+
     if ((s->rlayer.wpend_tot > len)
         || (!(s->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER)
             && (s->rlayer.wpend_buf != buf))
@@ -1226,6 +1251,115 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
         }
     }
 
+    if (s->mode & SSL_MODE_QUIC_HACK) {
+        /* In QUIC, we only expect handshake protocol.  Alerts are
+           notified by decicated API function. */
+        if (!ossl_statem_get_in_handshake(s)) {
+            /* We found handshake data, so we're going back into init */
+            ossl_statem_set_in_init(s, 1);
+
+            i = s->handshake_func(s);
+            /* SSLfatal() already called if appropriate */
+            if (i < 0)
+                return i;
+            if (i == 0) {
+                return -1;
+            }
+            *readbytes = 0;
+            return 1;
+        }
+
+        if (s->rlayer.packet_length == 0) {
+            if (rbuf->left < 4) {
+                if (rbuf->len - rbuf->offset < 4 - rbuf->left) {
+                    memmove(rbuf->buf, rbuf->buf + rbuf->offset - rbuf->left,
+                            rbuf->left);
+                    rbuf->offset = 0;
+                }
+                s->rwstate = SSL_READING;
+                /* TODO(size_t): Convert this function */
+                ret = BIO_read(s->rbio, rbuf->buf + rbuf->offset + rbuf->left,
+                               rbuf->len - rbuf->offset - rbuf->left);
+                if (ret < 0) {
+                    return -1;
+                }
+                /* TODO Check this is really ok */
+                if (ret == 0) {
+                    *readbytes = 0;
+                    return 1;
+                }
+
+                rbuf->left += ret;
+
+                if (rbuf->left < 4) {
+                    *readbytes = 0;
+                    return 1;
+                }
+            }
+
+            switch (rbuf->buf[rbuf->offset]) {
+            case SSL3_MT_CLIENT_HELLO:
+            case SSL3_MT_SERVER_HELLO:
+            case SSL3_MT_NEWSESSION_TICKET:
+            case SSL3_MT_END_OF_EARLY_DATA:
+            case SSL3_MT_ENCRYPTED_EXTENSIONS:
+            case SSL3_MT_CERTIFICATE:
+            case SSL3_MT_CERTIFICATE_REQUEST:
+            case SSL3_MT_CERTIFICATE_VERIFY:
+            case SSL3_MT_FINISHED:
+            case SSL3_MT_KEY_UPDATE:
+            case SSL3_MT_MESSAGE_HASH:
+                break;
+            default:
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_READ_BYTES,
+                         ERR_R_INTERNAL_ERROR);
+                return -1;
+            }
+
+            s->rlayer.packet_length = (rbuf->buf[rbuf->offset + 1] << 16)
+                                      + (rbuf->buf[rbuf->offset + 2] << 8)
+                                      + rbuf->buf[rbuf->offset + 3] + 4;
+        }
+
+        if (s->rlayer.packet_length) {
+            size_t n;
+
+            n = len < s->rlayer.packet_length ? len : s->rlayer.packet_length;
+            if (rbuf->left == 0) {
+                s->rwstate = SSL_READING;
+                ret = BIO_read(s->rbio, buf, n);
+                if (ret >= 0) {
+                    s->rlayer.packet_length -= ret;
+                    *readbytes = ret;
+                    if (recvd_type) {
+                        *recvd_type = SSL3_RT_HANDSHAKE;
+                    }
+                    return 1;
+                }
+                return -1;
+            }
+
+            n = n < rbuf->left ? n : rbuf->left;
+
+            memcpy(buf, rbuf->buf + rbuf->offset, n);
+            rbuf->offset += n;
+            rbuf->left -= n;
+            s->rlayer.packet_length -= n;
+            if (rbuf->left == 0) {
+                rbuf->offset = 0;
+            }
+            *readbytes = n;
+            if (recvd_type) {
+                *recvd_type = SSL3_RT_HANDSHAKE;
+            }
+            return 1;
+        }
+
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_READ_BYTES,
+                 ERR_R_INTERNAL_ERROR);
+        return -1;
+    }
+
     if ((type && (type != SSL3_RT_APPLICATION_DATA)
          && (type != SSL3_RT_HANDSHAKE)) || (peek
                                              && (type !=

ssl/s3_msg.c

@@ -74,9 +74,16 @@ int ssl3_dispatch_alert(SSL *s)
     size_t written;
 
     s->s3->alert_dispatch = 0;
-    alertlen = 2;
-    i = do_ssl3_write(s, SSL3_RT_ALERT, &s->s3->send_alert[0], &alertlen, 1, 0,
-                      &written);
+
+    if (!(s->mode & SSL_MODE_QUIC_HACK)) {
+        alertlen = 2;
+        i = do_ssl3_write(s, SSL3_RT_ALERT, &s->s3->send_alert[0], &alertlen, 1,
+                          0, &written);
+    } else {
+        s->rwstate = SSL_WRITING;
+        i = 1;
+    }
+
     if (i <= 0) {
         s->s3->alert_dispatch = 1;
     } else {

ssl/ssl_lib.c

@@ -1807,6 +1807,12 @@ int SSL_read_early_data(SSL *s, void *buf, size_t num, size_t *readbytes)
         ret = SSL_accept(s);
         if (ret <= 0) {
             /* NBIO or error */
+            if ((s->mode & SSL_MODE_QUIC_HACK)
+                && s->ext.early_data == SSL_EARLY_DATA_ACCEPTED) {
+                *readbytes = 0;
+                return SSL_READ_EARLY_DATA_FINISH;
+            }
+
             s->early_data_state = SSL_EARLY_DATA_ACCEPT_RETRY;
             return SSL_READ_EARLY_DATA_ERROR;
         }
@@ -4299,6 +4305,16 @@ void SSL_set_msg_callback(SSL *ssl,
     SSL_callback_ctrl(ssl, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb);
 }
 
+void SSL_set_key_callback(SSL *ssl,
+                          int (*cb)(SSL *ssl, int name,
+                                    const unsigned char *secret,
+                                    size_t secretlen, void *arg),
+                          void *arg)
+{
+    ssl->key_callback = cb;
+    ssl->key_callback_arg = arg;
+}
+
 void SSL_CTX_set_not_resumable_session_callback(SSL_CTX *ctx,
                                                 int (*cb) (SSL *ssl,
                                                            int

ssl/ssl_locl.h

@@ -1133,6 +1133,9 @@ struct ssl_st {
     void (*msg_callback) (int write_p, int version, int content_type,
                           const void *buf, size_t len, SSL *ssl, void *arg);
     void *msg_callback_arg;
+    int (*key_callback)(SSL *ssl, int name, const unsigned char *secret,
+                        size_t secretlen, void *arg);
+    void *key_callback_arg;
     int hit;                    /* reusing a previous session */
     X509_VERIFY_PARAM *param;
     /* Per connection DANE state */

ssl/statem/statem_clnt.c

@@ -450,7 +450,8 @@ static WRITE_TRAN ossl_statem_client13_write_transition(SSL *s)
         return WRITE_TRAN_CONTINUE;
 
     case TLS_ST_PENDING_EARLY_DATA_END:
-        if (s->ext.early_data == SSL_EARLY_DATA_ACCEPTED) {
+        if (!(s->mode & SSL_MODE_QUIC_HACK)
+            && s->ext.early_data == SSL_EARLY_DATA_ACCEPTED) {
             st->hand_state = TLS_ST_CW_END_OF_EARLY_DATA;
             return WRITE_TRAN_CONTINUE;
         }

ssl/statem/statem_srvr.c

@@ -57,7 +57,8 @@ static int ossl_statem_server13_read_transition(SSL *s, int mt)
                 return 1;
             }
             break;
-        } else if (s->ext.early_data == SSL_EARLY_DATA_ACCEPTED) {
+        } else if (!(s->mode & SSL_MODE_QUIC_HACK)
+                   && s->ext.early_data == SSL_EARLY_DATA_ACCEPTED) {
             if (mt == SSL3_MT_END_OF_EARLY_DATA) {
                 st->hand_state = TLS_ST_SR_END_OF_EARLY_DATA;
                 return 1;
@@ -935,6 +936,15 @@ WORK_STATE ossl_statem_server_post_work(SSL *s, WORK_STATE wst)
                         SSL3_CC_APPLICATION | SSL3_CHANGE_CIPHER_SERVER_WRITE))
             /* SSLfatal() already called */
             return WORK_ERROR;
+
+            if ((s->mode & SSL_MODE_QUIC_HACK)
+                && s->ext.early_data == SSL_EARLY_DATA_ACCEPTED) {
+                s->early_data_state = SSL_EARLY_DATA_FINISHED_READING;
+                if (!s->method->ssl3_enc->change_cipher_state(
+                        s, SSL3_CC_HANDSHAKE | SSL3_CHANGE_CIPHER_SERVER_READ))
+                    /* SSLfatal() already called */
+                    return WORK_ERROR;
+            }
         }
         break;
 

ssl/tls13_enc.c

@@ -625,6 +625,56 @@ int tls13_change_cipher_state(SSL *s, int which)
         goto err;
     }
 
+    if (s->key_callback) {
+        int type;
+        if (label == client_early_traffic) {
+            type = SSL_KEY_CLIENT_EARLY_TRAFFIC;
+        } else if (label == client_handshake_traffic) {
+            type = SSL_KEY_CLIENT_HANDSHAKE_TRAFFIC;
+        } else if (label == client_application_traffic) {
+            type = SSL_KEY_CLIENT_APPLICATION_TRAFFIC;
+        } else if (label == server_handshake_traffic) {
+            type = SSL_KEY_SERVER_HANDSHAKE_TRAFFIC;
+        } else if (label == server_application_traffic) {
+            type = SSL_KEY_SERVER_APPLICATION_TRAFFIC;
+        } else {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_CHANGE_CIPHER_STATE,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+        if (!s->key_callback(s, type, secret, hashlen, s->key_callback_arg)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_CHANGE_CIPHER_STATE,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+
+        if (s->server) {
+            switch (type) {
+            case SSL_KEY_CLIENT_HANDSHAKE_TRAFFIC:
+            case SSL_KEY_CLIENT_APPLICATION_TRAFFIC:
+                if (s->rlayer.rbuf.left) {
+                    SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                             SSL_F_TLS13_CHANGE_CIPHER_STATE,
+                             ERR_R_INTERNAL_ERROR);
+                    goto err;
+                }
+                break;
+            }
+        } else {
+            switch (type) {
+            case SSL_KEY_SERVER_HANDSHAKE_TRAFFIC:
+            case SSL_KEY_SERVER_APPLICATION_TRAFFIC:
+                if (s->rlayer.rbuf.left) {
+                    SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                             SSL_F_TLS13_CHANGE_CIPHER_STATE,
+                             ERR_R_INTERNAL_ERROR);
+                    goto err;
+                }
+                break;
+            }
+        }
+    }
+
     if (label == server_application_traffic) {
         memcpy(s->server_app_traffic_secret, secret, hashlen);
         /* Now we create the exporter master secret */

util/libssl.num

@@ -498,3 +498,9 @@ SSL_CTX_get_recv_max_early_data         498	1_1_1	EXIST::FUNCTION:
 SSL_CTX_set_recv_max_early_data         499	1_1_1	EXIST::FUNCTION:
 SSL_CTX_set_post_handshake_auth         500	1_1_1	EXIST::FUNCTION:
 SSL_get_signature_type_nid              501	1_1_1a	EXIST::FUNCTION:
+SSL_CTX_set_async_callback              502	1_1_1	EXIST::FUNCTION:
+SSL_CTX_set_async_callback_arg          503	1_1_1	EXIST::FUNCTION:
+SSL_set_async_callback                  504	1_1_1	EXIST::FUNCTION:
+SSL_set_async_callback_arg              505	1_1_1	EXIST::FUNCTION:
+SSL_get_async_status                    506	1_1_1	EXIST::FUNCTION:
+SSL_set_key_callback                    507	1_1_1	EXIST::FUNCTION: