root
/
openssl
mirror of https://github.com/openssl/openssl.git
1
0
Fork 0
Code Issues Actions 7 Packages Projects Releases Wiki Activity

Disallow SSL_key_update() if there are writes pending 

If an application is halfway through writing application data it should
not be allowed to attempt an SSL_key_update() operation. Instead the
SSL_write() operation should be completed.

Fixes #12485

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16098)
This commit is contained in:
Matt Caswell 2021-07-13 17:44:44 +01:00
parent 97664088f3
commit c9d782d72f
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
ssl/ssl_lib.c
View File

@ -2119,6 +2119,11 @@ int SSL_key_update(SSL *s, int updatetype)
return 0;
}
if (RECORD_LAYER_write_pending(&s->rlayer)) {
SSLerr(SSL_F_SSL_KEY_UPDATE, SSL_R_BAD_WRITE_RETRY);
return 0;
}
ossl_statem_set_in_init(s, 1);
s->key_update = updatetype;
return 1;