Enable the client to call SSL_read() without stopping the ability to call SSL_write_early()
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737)
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 3bcb6e1..c244c3c 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -1545,13 +1545,16 @@
return 0;
}
- if (s->early_data_state != SSL_EARLY_DATA_NONE
- && s->early_data_state != SSL_EARLY_DATA_FINISHED_WRITING
- && s->early_data_state != SSL_EARLY_DATA_FINISHED_READING
- && s->early_data_state != SSL_EARLY_DATA_READING) {
+ if (s->early_data_state == SSL_EARLY_DATA_CONNECT_RETRY
+ || s->early_data_state == SSL_EARLY_DATA_ACCEPT_RETRY) {
SSLerr(SSL_F_SSL_READ_INTERNAL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return 0;
}
+ /*
+ * If we are a client and haven't received the ServerHello etc then we
+ * better do that
+ */
+ ossl_statem_check_finish_init(s, 0);
if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
struct ssl_async_args args;
@@ -1745,13 +1748,20 @@
return -1;
}
- if (s->early_data_state != SSL_EARLY_DATA_NONE
- && s->early_data_state != SSL_EARLY_DATA_FINISHED_WRITING
- && s->early_data_state != SSL_EARLY_DATA_FINISHED_READING
- && s->early_data_state != SSL_EARLY_DATA_WRITING) {
+ if (s->early_data_state == SSL_EARLY_DATA_WRITE_RETRY) {
+ /*
+ * We're still writing early data. We need to stop that so we can write
+ * normal data
+ */
+ if (!SSL_write_early_finish(s))
+ return 0;
+ } else if (s->early_data_state == SSL_EARLY_DATA_CONNECT_RETRY
+ || s->early_data_state == SSL_EARLY_DATA_ACCEPT_RETRY) {
SSLerr(SSL_F_SSL_WRITE_INTERNAL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return 0;
}
+ /* If we are a client and haven't sent the Finished we better do that */
+ ossl_statem_check_finish_init(s, 1);
if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
int ret;
diff --git a/ssl/statem/statem.c b/ssl/statem/statem.c
index 2c202f4..a1807f2 100644
--- a/ssl/statem/statem.c
+++ b/ssl/statem/statem.c
@@ -168,6 +168,13 @@
return 1;
}
+void ossl_statem_check_finish_init(SSL *s, int send)
+{
+ if ((send && s->statem.hand_state == TLS_ST_CW_PENDING_EARLY_DATA_END)
+ || (!send && s->statem.hand_state == TLS_ST_CW_EARLY_DATA))
+ ossl_statem_set_in_init(s, 1);
+}
+
void ossl_statem_set_hello_verify_done(SSL *s)
{
s->statem.state = MSG_FLOW_UNINITED;
diff --git a/ssl/statem/statem.h b/ssl/statem/statem.h
index c0c9cab..56009b0 100644
--- a/ssl/statem/statem.h
+++ b/ssl/statem/statem.h
@@ -123,6 +123,7 @@
int ossl_statem_get_in_handshake(SSL *s);
void ossl_statem_set_in_handshake(SSL *s, int inhand);
__owur int ossl_statem_skip_early_data(SSL *s);
+void ossl_statem_check_finish_init(SSL *s, int send);
void ossl_statem_set_hello_verify_done(SSL *s);
__owur int ossl_statem_app_data_allowed(SSL *s);
#ifndef OPENSSL_NO_SCTP
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index 23a4d76..6fdb37e 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -435,6 +435,14 @@
return WRITE_TRAN_CONTINUE;
case TLS_ST_CR_FINISHED:
+ if (s->early_data_state == SSL_EARLY_DATA_WRITE_RETRY)
+ st->hand_state = TLS_ST_CW_PENDING_EARLY_DATA_END;
+ else
+ st->hand_state = (s->s3->tmp.cert_req != 0) ? TLS_ST_CW_CERT
+ : TLS_ST_CW_FINISHED;
+ return WRITE_TRAN_CONTINUE;
+
+ case TLS_ST_CW_PENDING_EARLY_DATA_END:
st->hand_state = (s->s3->tmp.cert_req != 0) ? TLS_ST_CW_CERT
: TLS_ST_CW_FINISHED;
return WRITE_TRAN_CONTINUE;
@@ -659,6 +667,7 @@
break;
case TLS_ST_CW_EARLY_DATA:
+ case TLS_ST_CW_PENDING_EARLY_DATA_END:
case TLS_ST_OK:
return tls_finish_handshake(s, wst, 1);
}
