Don't handle handshake messages when writing early data on server

[openssl.git] / ssl / record / rec_layer_s3.c

diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c
index b51807c088ef64084e8a73dfeb4513248942f241..562b9e454be7a0671ca6d482d87172ab3de53249 100644 (file)
--- a/ssl/record/rec_layer_s3.c
+++ b/ssl/record/rec_layer_s3.c
@@ -367,7 +367,13 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, size_t len,
 
     s->rlayer.wnum = 0;
 
-    if (SSL_in_init(s) && !ossl_statem_get_in_handshake(s)) {
+    /*
+     * When writing early data on the server side we could be "in_init" in
+     * between receiving the EoED and the CF - but we don't want to handle those
+     * messages yet.
+     */
+    if (SSL_in_init(s) && !ossl_statem_get_in_handshake(s)
+            && s->early_data_state != SSL_EARLY_DATA_UNAUTH_WRITING) {
         i = s->handshake_func(s);
         if (i < 0)
             return i;