If we have received the EoED message but not yet had the CF then we are
"in init". Despite that we still want to write application data, so suppress
the "in init" check in ssl3_write_bytes() in that scenario.
Fixes #3041
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3091)
s->rlayer.wnum = 0;
- if (SSL_in_init(s) && !ossl_statem_get_in_handshake(s)) {
+ /*
+ * When writing early data on the server side we could be "in_init" in
+ * between receiving the EoED and the CF - but we don't want to handle those
+ * messages yet.
+ */
+ if (SSL_in_init(s) && !ossl_statem_get_in_handshake(s)
+ && s->early_data_state != SSL_EARLY_DATA_UNAUTH_WRITING) {
i = s->handshake_func(s);
if (i < 0)
return i;