Don't handle handshake messages when writing early data on server

If we have received the EoED message but not yet had the CF then we are "in init". Despite that we still want to write application data, so suppress the "in init" check in ssl3_write_bytes() in that scenario. Fixes #3041 Reviewed-by: N Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3091)

Don't handle handshake messages when writing early data on server
If we have received the EoED message but not yet had the CF then we are "in init". Despite that we still want to write application data, so suppress the "in init" check in ssl3_write_bytes() in that scenario. Fixes #3041 Reviewed-by: N Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3091)
59cebcf9 · Matt Caswell · a8e75d56 · 59cebcf9
隐藏空白更改
内联并排

Showing with 7 addition and 1 deletion

ssl/record/rec_layer_s3.c ssl/record/rec_layer_s3.c +7 -1

未找到文件。
--- a/ssl/record/rec_layer_s3.c
+++ b/ssl/record/rec_layer_s3.c
@@ -367,7 +367,13 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, size_t len,

    s->rlayer.wnum = 0;

-    if (SSL_in_init(s) && !ossl_statem_get_in_handshake(s)) {
+    /*
+     * When writing early data on the server side we could be "in_init" in
+     * between receiving the EoED and the CF - but we don't want to handle those
+     * messages yet.
+     */
+    if (SSL_in_init(s) && !ossl_statem_get_in_handshake(s)
+            && s->early_data_state != SSL_EARLY_DATA_UNAUTH_WRITING) {
        i = s->handshake_func(s);
        if (i < 0)
            return i;