From bc908c679b0d13ed5fdeb06d4c2eda8b0b5f5ce6 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Fri, 24 Feb 2017 17:08:41 +0000 Subject: [PATCH] Improve the early data sanity check in SSL_do_handshake() Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/2737) --- ssl/ssl_lib.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index b675c2eead..3bcb6e1643 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -3232,9 +3232,15 @@ int SSL_do_handshake(SSL *s) return -1; } - if (s->early_data_state == SSL_EARLY_DATA_WRITE_RETRY - || s->early_data_state == SSL_EARLY_DATA_CONNECT_RETRY) - return -1; + if (s->early_data_state != SSL_EARLY_DATA_NONE + && s->early_data_state != SSL_EARLY_DATA_FINISHED_WRITING + && s->early_data_state != SSL_EARLY_DATA_FINISHED_READING + && s->early_data_state != SSL_EARLY_DATA_ACCEPTING + && s->early_data_state != SSL_EARLY_DATA_CONNECTING) { + SSLerr(SSL_F_SSL_WRITE_INTERNAL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return 0; + } + s->method->ssl_renegotiate_check(s, 0); -- 2.25.1