Flush server side unauthenticated writes
authorMatt Caswell <matt@openssl.org>
Tue, 8 May 2018 13:34:27 +0000 (14:34 +0100)
committerMatt Caswell <matt@openssl.org>
Fri, 11 May 2018 13:51:08 +0000 (14:51 +0100)
When a server call SSL_write_early_data() to write to an unauthenticated
client the buffering BIO is still in place, so we should ensure we flush
the write.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6198)

ssl/ssl_lib.c

index 3aefa34..41574c4 100644 (file)
@@ -2023,6 +2023,9 @@ int SSL_write_early_data(SSL *s, const void *buf, size_t num, size_t *written)
         /* We are a server writing to an unauthenticated client */
         s->early_data_state = SSL_EARLY_DATA_UNAUTH_WRITING;
         ret = SSL_write_ex(s, buf, num, written);
+        /* The buffering BIO is still in place */
+        if (ret)
+            (void)BIO_flush(s->wbio);
         s->early_data_state = early_data_state;
         return ret;