s->rlayer.wnum = 0;
- if (SSL_in_init(s) && !ossl_statem_get_in_handshake(s)) {
+ /*
+ * When writing early data on the server side we could be "in_init" in
+ * between receiving the EoED and the CF - but we don't want to handle those
+ * messages yet.
+ */
+ if (SSL_in_init(s) && !ossl_statem_get_in_handshake(s)
+ && s->early_data_state != SSL_EARLY_DATA_UNAUTH_WRITING) {
i = s->handshake_func(s);
if (i < 0)
return i;
*/
if ((s->rlayer.handshake_fragment_len >= 4)
&& !ossl_statem_get_in_handshake(s)) {
+ int ined = (s->early_data_state == SSL_EARLY_DATA_READING);
+
/* We found handshake data, so we're going back into init */
ossl_statem_set_in_init(s, 1);
return -1;
}
+ /*
+ * If we were actually trying to read early data and we found a
+ * handshake message, then we don't want to continue to try and read
+ * the application data any more. It won't be "early" now.
+ */
+ if (ined)
+ return -1;
+
if (!(s->mode & SSL_MODE_AUTO_RETRY)) {
if (SSL3_BUFFER_get_left(rbuf) == 0) {
/* no read-ahead left? */