Fix early data bug with pause between EoED and CF
authorMatt Caswell <matt@openssl.org>
Thu, 30 Mar 2017 14:24:07 +0000 (15:24 +0100)
committerMatt Caswell <matt@openssl.org>
Thu, 30 Mar 2017 14:45:45 +0000 (15:45 +0100)
If the server received EoED then SSL_read_early_data() will return
SSL_READ_EARLY_DATA_FINISH. However if the CF has not yet been processed
then SSL_is_init_finished() will still return 0. Therefore we should still
be able to write early data.

Fixes #3041

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3089)

ssl/ssl_lib.c

index f169611..a76ee40 100644 (file)
@@ -1829,6 +1829,7 @@ int SSL_write_early_data(SSL *s, const void *buf, size_t num, size_t *written)
         s->early_data_state = SSL_EARLY_DATA_WRITE_RETRY;
         return ret;
 
+    case SSL_EARLY_DATA_FINISHED_READING:
     case SSL_EARLY_DATA_READ_RETRY:
         /* We are a server writing to an unauthenticated client */
         s->early_data_state = SSL_EARLY_DATA_UNAUTH_WRITING;