commit 39ef78210c7110600e083e7aec8fe7cda076522b
author Matt Caswell <matt@openssl.org> Wed Mar 29 17:00:55 2017 +0100
committer Matt Caswell <matt@openssl.org> Thu Mar 30 09:09:21 2017 +0100
tree 35e976540553dc2bfb56db97c8aff2b782ca6845
parent 3fd5ece39b59d938d0cc84b8e5148d19044d15cf

Fix bug with SSL_read_early_data()

If read_ahead is set, or SSL_MODE_AUTO_RETRY is used then if
SSL_read_early_data() hits an EndOfEarlyData message then it will
immediately retry automatically, but this time read normal data instead
of early data!

Fixes #3041

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3077)

ssl/record/rec_layer_s3.c

diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c
index e8e9329..b51807c 100644
--- a/ssl/record/rec_layer_s3.c
+++ b/ssl/record/rec_layer_s3.c
@@ -1496,6 +1496,8 @@
      */
     if ((s->rlayer.handshake_fragment_len >= 4)
             && !ossl_statem_get_in_handshake(s)) {
+        int ined = (s->early_data_state == SSL_EARLY_DATA_READING);
+
         /* We found handshake data, so we're going back into init */
         ossl_statem_set_in_init(s, 1);
 
@@ -1507,6 +1509,14 @@
             return -1;
         }
 
+        /*
+         * If we were actually trying to read early data and we found a
+         * handshake message, then we don't want to continue to try and read
+         * the application data any more. It won't be "early" now.
+         */
+        if (ined)
+            return -1;
+
         if (!(s->mode & SSL_MODE_AUTO_RETRY)) {
             if (SSL3_BUFFER_get_left(rbuf) == 0) {
                 /* no read-ahead left? */