From 116d0da5e8bcbb79ac1bdd1ec6bb861d9830e3a5 Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Thu, 30 Mar 2017 15:24:07 +0100
Subject: [PATCH] Fix early data bug with pause between EoED and CF

If the server received EoED then SSL_read_early_data() will return
SSL_READ_EARLY_DATA_FINISH. However if the CF has not yet been processed
then SSL_is_init_finished() will still return 0. Therefore we should still
be able to write early data.

Fixes #3041

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3089)
---
 ssl/ssl_lib.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index f169611c01..a76ee40680 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -1829,6 +1829,7 @@ int SSL_write_early_data(SSL *s, const void *buf, size_t num, size_t *written)
         s->early_data_state = SSL_EARLY_DATA_WRITE_RETRY;
         return ret;
 
+    case SSL_EARLY_DATA_FINISHED_READING:
     case SSL_EARLY_DATA_READ_RETRY:
         /* We are a server writing to an unauthenticated client */
         s->early_data_state = SSL_EARLY_DATA_UNAUTH_WRITING;
-- 
2.50.1