From: Matt Caswell <matt@openssl.org>
Date: Thu, 30 Mar 2017 14:24:07 +0000 (+0100)
Subject: Fix early data bug with pause between EoED and CF
X-Git-Tag: OpenSSL_1_1_1-pre1~1899
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=116d0da5e8bcbb79ac1bdd1ec6bb861d9830e3a5;p=openssl

Fix early data bug with pause between EoED and CF

If the server received EoED then SSL_read_early_data() will return
SSL_READ_EARLY_DATA_FINISH. However if the CF has not yet been processed
then SSL_is_init_finished() will still return 0. Therefore we should still
be able to write early data.

Fixes #3041

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3089)
---

diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index f169611c01..a76ee40680 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -1829,6 +1829,7 @@ int SSL_write_early_data(SSL *s, const void *buf, size_t num, size_t *written)
         s->early_data_state = SSL_EARLY_DATA_WRITE_RETRY;
         return ret;
 
+    case SSL_EARLY_DATA_FINISHED_READING:
     case SSL_EARLY_DATA_READ_RETRY:
         /* We are a server writing to an unauthenticated client */
         s->early_data_state = SSL_EARLY_DATA_UNAUTH_WRITING;