Revert "TicketNo:AR000C7MNN"

This reverts commit 487cd50bbe2cd30aedfcb35fda706061c05628e9.

Change-Id: I03d4dcc6246c1037abc8afc34ddec50ba0a8451f
Reviewed-on: http://mgit-tm.rnd.huawei.com/5004161Tested-by: Npublic jenkins <public_jenkins@notesmail.huawei.com>
Reviewed-by: Ngaokui 00368537 <gaokui1@huawei.com>
Reviewed-by: Nliwei 00495960 <sirius.liwei@huawei.com>

include/openssl/ssl.h

@@ -494,8 +494,6 @@ typedef int (*SSL_verify_cb)(int preverify_ok, X509_STORE_CTX *x509_ctx);
  */
 # define SSL_MODE_ASYNC 0x00000100U
 
-# define SSL_MODE_QUIC_HACK 0x00000800U
-
 /* Cert related flags */
 /*
  * Many implementations ignore some aspects of the TLS standards such as
@@ -623,20 +621,6 @@ void SSL_set_msg_callback(SSL *ssl,
 # define SSL_CTX_set_msg_callback_arg(ctx, arg) SSL_CTX_ctrl((ctx), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg))
 # define SSL_set_msg_callback_arg(ssl, arg) SSL_ctrl((ssl), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg))
 
-typedef enum {
-    SSL_KEY_CLIENT_EARLY_TRAFFIC,
-    SSL_KEY_CLIENT_HANDSHAKE_TRAFFIC,
-    SSL_KEY_CLIENT_APPLICATION_TRAFFIC,
-    SSL_KEY_SERVER_HANDSHAKE_TRAFFIC,
-    SSL_KEY_SERVER_APPLICATION_TRAFFIC
-} OSSL_KEY_TYPE;
-
-void SSL_set_key_callback(SSL *ssl,
-                          int (*cb)(SSL *ssl, int name,
-                                    const unsigned char *secret,
-                                    size_t secretlen, void *arg),
-                          void *arg);
-
 # define SSL_get_extms_support(s) \
         SSL_ctrl((s),SSL_CTRL_GET_EXTMS_SUPPORT,0,NULL)
 

ssl/record/rec_layer_s3.c

@@ -10,7 +10,6 @@
 #include <stdio.h>
 #include <limits.h>
 #include <errno.h>
-#include <assert.h>
 #include "../ssl_locl.h"
 #include <openssl/evp.h>
 #include <openssl/buffer.h>
@@ -348,22 +347,6 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, size_t len,
     int i;
     size_t tmpwrit;
 
-    if (s->mode & SSL_MODE_QUIC_HACK) {
-        /* If we have an alert to send, lets send it */
-        if (s->s3->alert_dispatch) {
-            i = s->method->ssl_dispatch_alert(s);
-            if (i <= 0) {
-                /* SSLfatal() already called if appropriate */
-                return i;
-            }
-        }
-
-        s->rwstate = SSL_WRITING;
-        *written = len;
-
-        return 1;
-    }
-
     s->rwstate = SSL_NOTHING;
     tot = s->rlayer.wnum;
     /*
@@ -676,10 +659,6 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
     size_t totlen = 0, len, wpinited = 0;
     size_t j;
 
-    if (s->mode & SSL_MODE_QUIC_HACK) {
-        assert(0);
-    }
-
     for (j = 0; j < numpipes; j++)
         totlen += pipelens[j];
     /*
@@ -1144,10 +1123,6 @@ int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, size_t len,
     size_t currbuf = 0;
     size_t tmpwrit = 0;
 
-    if (s->mode & SSL_MODE_QUIC_HACK) {
-        assert(0);
-    }
-
     if ((s->rlayer.wpend_tot > len)
         || (!(s->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER)
             && (s->rlayer.wpend_buf != buf))
@@ -1251,115 +1226,6 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
         }
     }
 
-    if (s->mode & SSL_MODE_QUIC_HACK) {
-        /* In QUIC, we only expect handshake protocol.  Alerts are
-           notified by decicated API function. */
-        if (!ossl_statem_get_in_handshake(s)) {
-            /* We found handshake data, so we're going back into init */
-            ossl_statem_set_in_init(s, 1);
-
-            i = s->handshake_func(s);
-            /* SSLfatal() already called if appropriate */
-            if (i < 0)
-                return i;
-            if (i == 0) {
-                return -1;
-            }
-            *readbytes = 0;
-            return 1;
-        }
-
-        if (s->rlayer.packet_length == 0) {
-            if (rbuf->left < 4) {
-                if (rbuf->len - rbuf->offset < 4 - rbuf->left) {
-                    memmove(rbuf->buf, rbuf->buf + rbuf->offset - rbuf->left,
-                            rbuf->left);
-                    rbuf->offset = 0;
-                }
-                s->rwstate = SSL_READING;
-                /* TODO(size_t): Convert this function */
-                ret = BIO_read(s->rbio, rbuf->buf + rbuf->offset + rbuf->left,
-                               rbuf->len - rbuf->offset - rbuf->left);
-                if (ret < 0) {
-                    return -1;
-                }
-                /* TODO Check this is really ok */
-                if (ret == 0) {
-                    *readbytes = 0;
-                    return 1;
-                }
-
-                rbuf->left += ret;
-
-                if (rbuf->left < 4) {
-                    *readbytes = 0;
-                    return 1;
-                }
-            }
-
-            switch (rbuf->buf[rbuf->offset]) {
-            case SSL3_MT_CLIENT_HELLO:
-            case SSL3_MT_SERVER_HELLO:
-            case SSL3_MT_NEWSESSION_TICKET:
-            case SSL3_MT_END_OF_EARLY_DATA:
-            case SSL3_MT_ENCRYPTED_EXTENSIONS:
-            case SSL3_MT_CERTIFICATE:
-            case SSL3_MT_CERTIFICATE_REQUEST:
-            case SSL3_MT_CERTIFICATE_VERIFY:
-            case SSL3_MT_FINISHED:
-            case SSL3_MT_KEY_UPDATE:
-            case SSL3_MT_MESSAGE_HASH:
-                break;
-            default:
-                SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_READ_BYTES,
-                         ERR_R_INTERNAL_ERROR);
-                return -1;
-            }
-
-            s->rlayer.packet_length = (rbuf->buf[rbuf->offset + 1] << 16)
-                                      + (rbuf->buf[rbuf->offset + 2] << 8)
-                                      + rbuf->buf[rbuf->offset + 3] + 4;
-        }
-
-        if (s->rlayer.packet_length) {
-            size_t n;
-
-            n = len < s->rlayer.packet_length ? len : s->rlayer.packet_length;
-            if (rbuf->left == 0) {
-                s->rwstate = SSL_READING;
-                ret = BIO_read(s->rbio, buf, n);
-                if (ret >= 0) {
-                    s->rlayer.packet_length -= ret;
-                    *readbytes = ret;
-                    if (recvd_type) {
-                        *recvd_type = SSL3_RT_HANDSHAKE;
-                    }
-                    return 1;
-                }
-                return -1;
-            }
-
-            n = n < rbuf->left ? n : rbuf->left;
-
-            memcpy(buf, rbuf->buf + rbuf->offset, n);
-            rbuf->offset += n;
-            rbuf->left -= n;
-            s->rlayer.packet_length -= n;
-            if (rbuf->left == 0) {
-                rbuf->offset = 0;
-            }
-            *readbytes = n;
-            if (recvd_type) {
-                *recvd_type = SSL3_RT_HANDSHAKE;
-            }
-            return 1;
-        }
-
-        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_READ_BYTES,
-                 ERR_R_INTERNAL_ERROR);
-        return -1;
-    }
-
     if ((type && (type != SSL3_RT_APPLICATION_DATA)
          && (type != SSL3_RT_HANDSHAKE)) || (peek
                                              && (type !=

ssl/s3_msg.c

@@ -74,16 +74,9 @@ int ssl3_dispatch_alert(SSL *s)
     size_t written;
 
     s->s3->alert_dispatch = 0;
-
-    if (!(s->mode & SSL_MODE_QUIC_HACK)) {
-        alertlen = 2;
-        i = do_ssl3_write(s, SSL3_RT_ALERT, &s->s3->send_alert[0], &alertlen, 1,
-                          0, &written);
-    } else {
-        s->rwstate = SSL_WRITING;
-        i = 1;
-    }
-
+    alertlen = 2;
+    i = do_ssl3_write(s, SSL3_RT_ALERT, &s->s3->send_alert[0], &alertlen, 1, 0,
+                      &written);
     if (i <= 0) {
         s->s3->alert_dispatch = 1;
     } else {

ssl/ssl_lib.c

@@ -1807,12 +1807,6 @@ int SSL_read_early_data(SSL *s, void *buf, size_t num, size_t *readbytes)
         ret = SSL_accept(s);
         if (ret <= 0) {
             /* NBIO or error */
-            if ((s->mode & SSL_MODE_QUIC_HACK)
-                && s->ext.early_data == SSL_EARLY_DATA_ACCEPTED) {
-                *readbytes = 0;
-                return SSL_READ_EARLY_DATA_FINISH;
-            }
-
             s->early_data_state = SSL_EARLY_DATA_ACCEPT_RETRY;
             return SSL_READ_EARLY_DATA_ERROR;
         }
@@ -4305,16 +4299,6 @@ void SSL_set_msg_callback(SSL *ssl,
     SSL_callback_ctrl(ssl, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb);
 }
 
-void SSL_set_key_callback(SSL *ssl,
-                          int (*cb)(SSL *ssl, int name,
-                                    const unsigned char *secret,
-                                    size_t secretlen, void *arg),
-                          void *arg)
-{
-    ssl->key_callback = cb;
-    ssl->key_callback_arg = arg;
-}
-
 void SSL_CTX_set_not_resumable_session_callback(SSL_CTX *ctx,
                                                 int (*cb) (SSL *ssl,
                                                            int

ssl/ssl_locl.h

@@ -1133,9 +1133,6 @@ struct ssl_st {
     void (*msg_callback) (int write_p, int version, int content_type,
                           const void *buf, size_t len, SSL *ssl, void *arg);
     void *msg_callback_arg;
-    int (*key_callback)(SSL *ssl, int name, const unsigned char *secret,
-                        size_t secretlen, void *arg);
-    void *key_callback_arg;
     int hit;                    /* reusing a previous session */
     X509_VERIFY_PARAM *param;
     /* Per connection DANE state */

ssl/statem/statem_clnt.c

@@ -450,8 +450,7 @@ static WRITE_TRAN ossl_statem_client13_write_transition(SSL *s)
         return WRITE_TRAN_CONTINUE;
 
     case TLS_ST_PENDING_EARLY_DATA_END:
-        if (!(s->mode & SSL_MODE_QUIC_HACK)
-            && s->ext.early_data == SSL_EARLY_DATA_ACCEPTED) {
+        if (s->ext.early_data == SSL_EARLY_DATA_ACCEPTED) {
             st->hand_state = TLS_ST_CW_END_OF_EARLY_DATA;
             return WRITE_TRAN_CONTINUE;
         }

ssl/statem/statem_srvr.c

@@ -57,8 +57,7 @@ static int ossl_statem_server13_read_transition(SSL *s, int mt)
                 return 1;
             }
             break;
-        } else if (!(s->mode & SSL_MODE_QUIC_HACK)
-                   && s->ext.early_data == SSL_EARLY_DATA_ACCEPTED) {
+        } else if (s->ext.early_data == SSL_EARLY_DATA_ACCEPTED) {
             if (mt == SSL3_MT_END_OF_EARLY_DATA) {
                 st->hand_state = TLS_ST_SR_END_OF_EARLY_DATA;
                 return 1;
@@ -936,15 +935,6 @@ WORK_STATE ossl_statem_server_post_work(SSL *s, WORK_STATE wst)
                         SSL3_CC_APPLICATION | SSL3_CHANGE_CIPHER_SERVER_WRITE))
             /* SSLfatal() already called */
             return WORK_ERROR;
-
-            if ((s->mode & SSL_MODE_QUIC_HACK)
-                && s->ext.early_data == SSL_EARLY_DATA_ACCEPTED) {
-                s->early_data_state = SSL_EARLY_DATA_FINISHED_READING;
-                if (!s->method->ssl3_enc->change_cipher_state(
-                        s, SSL3_CC_HANDSHAKE | SSL3_CHANGE_CIPHER_SERVER_READ))
-                    /* SSLfatal() already called */
-                    return WORK_ERROR;
-            }
         }
         break;
 

ssl/tls13_enc.c

@@ -625,56 +625,6 @@ int tls13_change_cipher_state(SSL *s, int which)
         goto err;
     }
 
-    if (s->key_callback) {
-        int type;
-        if (label == client_early_traffic) {
-            type = SSL_KEY_CLIENT_EARLY_TRAFFIC;
-        } else if (label == client_handshake_traffic) {
-            type = SSL_KEY_CLIENT_HANDSHAKE_TRAFFIC;
-        } else if (label == client_application_traffic) {
-            type = SSL_KEY_CLIENT_APPLICATION_TRAFFIC;
-        } else if (label == server_handshake_traffic) {
-            type = SSL_KEY_SERVER_HANDSHAKE_TRAFFIC;
-        } else if (label == server_application_traffic) {
-            type = SSL_KEY_SERVER_APPLICATION_TRAFFIC;
-        } else {
-            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_CHANGE_CIPHER_STATE,
-                     ERR_R_INTERNAL_ERROR);
-            goto err;
-        }
-        if (!s->key_callback(s, type, secret, hashlen, s->key_callback_arg)) {
-            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_CHANGE_CIPHER_STATE,
-                     ERR_R_INTERNAL_ERROR);
-            goto err;
-        }
-
-        if (s->server) {
-            switch (type) {
-            case SSL_KEY_CLIENT_HANDSHAKE_TRAFFIC:
-            case SSL_KEY_CLIENT_APPLICATION_TRAFFIC:
-                if (s->rlayer.rbuf.left) {
-                    SSLfatal(s, SSL_AD_INTERNAL_ERROR,
-                             SSL_F_TLS13_CHANGE_CIPHER_STATE,
-                             ERR_R_INTERNAL_ERROR);
-                    goto err;
-                }
-                break;
-            }
-        } else {
-            switch (type) {
-            case SSL_KEY_SERVER_HANDSHAKE_TRAFFIC:
-            case SSL_KEY_SERVER_APPLICATION_TRAFFIC:
-                if (s->rlayer.rbuf.left) {
-                    SSLfatal(s, SSL_AD_INTERNAL_ERROR,
-                             SSL_F_TLS13_CHANGE_CIPHER_STATE,
-                             ERR_R_INTERNAL_ERROR);
-                    goto err;
-                }
-                break;
-            }
-        }
-    }
-
     if (label == server_application_traffic) {
         memcpy(s->server_app_traffic_secret, secret, hashlen);
         /* Now we create the exporter master secret */

util/libssl.num

@@ -498,9 +498,3 @@ SSL_CTX_get_recv_max_early_data         498	1_1_1	EXIST::FUNCTION:
 SSL_CTX_set_recv_max_early_data         499	1_1_1	EXIST::FUNCTION:
 SSL_CTX_set_post_handshake_auth         500	1_1_1	EXIST::FUNCTION:
 SSL_get_signature_type_nid              501	1_1_1a	EXIST::FUNCTION:
-SSL_CTX_set_async_callback              502	1_1_1	EXIST::FUNCTION:
-SSL_CTX_set_async_callback_arg          503	1_1_1	EXIST::FUNCTION:
-SSL_set_async_callback                  504	1_1_1	EXIST::FUNCTION:
-SSL_set_async_callback_arg              505	1_1_1	EXIST::FUNCTION:
-SSL_get_async_status                    506	1_1_1	EXIST::FUNCTION:
-SSL_set_key_callback                    507	1_1_1	EXIST::FUNCTION: