Commit 59cebcf9 authored by Matt Caswell's avatar Matt Caswell
Browse files

Don't handle handshake messages when writing early data on server 



If we have received the EoED message but not yet had the CF then we are
"in init". Despite that we still want to write application data, so suppress
the "in init" check in ssl3_write_bytes() in that scenario.

Fixes #3041

Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3091)
parent a8e75d56

ssl/record/rec_layer_s3.c

+7 −1
Original line number Diff line number Diff line
@@ -367,7 +367,13 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, size_t len, 


    s->rlayer.wnum = 0;



    if (SSL_in_init(s) && !ossl_statem_get_in_handshake(s)) {

    /*

     * When writing early data on the server side we could be "in_init" in

     * between receiving the EoED and the CF - but we don't want to handle those

     * messages yet.

     */

    if (SSL_in_init(s) && !ossl_statem_get_in_handshake(s)

            && s->early_data_state != SSL_EARLY_DATA_UNAUTH_WRITING) {

        i = s->handshake_func(s);

        if (i < 0)

            return i;