From: Matt Caswell <matt@openssl.org>
Date: Thu, 30 Mar 2017 16:35:55 +0000 (+0100)
Subject: Don't handle handshake messages when writing early data on server
X-Git-Tag: OpenSSL_1_1_1-pre1~1883
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=59cebcf9f6cfd6c9703357c638aabb9c508c84bc;p=oweals%2Fopenssl.git

Don't handle handshake messages when writing early data on server

If we have received the EoED message but not yet had the CF then we are
"in init". Despite that we still want to write application data, so suppress
the "in init" check in ssl3_write_bytes() in that scenario.

Fixes #3041

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3091)
---

diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c
index b51807c088..562b9e454b 100644
--- a/ssl/record/rec_layer_s3.c
+++ b/ssl/record/rec_layer_s3.c
@@ -367,7 +367,13 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, size_t len,
 
     s->rlayer.wnum = 0;
 
-    if (SSL_in_init(s) && !ossl_statem_get_in_handshake(s)) {
+    /*
+     * When writing early data on the server side we could be "in_init" in
+     * between receiving the EoED and the CF - but we don't want to handle those
+     * messages yet.
+     */
+    if (SSL_in_init(s) && !ossl_statem_get_in_handshake(s)
+            && s->early_data_state != SSL_EARLY_DATA_UNAUTH_WRITING) {
         i = s->handshake_func(s);
         if (i < 0)
             return i;