[openssl] master update

tomas at openssl.org tomas at openssl.org
Fri Jul 16 10:20:48 UTC 2021 

The branch master has been updated
       via  3bec48515354bc4138ce14c5aafc2c9e3bcc473f (commit)
       via  21ba77cad67f6a40b051ac9d57069fa58d0658f7 (commit)
      from  e0ad156d22587514b60920143917cdb149734212 (commit)


- Log -----------------------------------------------------------------
commit 3bec48515354bc4138ce14c5aafc2c9e3bcc473f
Author: Matt Caswell <matt at openssl.org>
Date:   Tue Jul 13 17:44:44 2021 +0100

    Disallow SSL_key_update() if there are writes pending
    
    If an application is halfway through writing application data it should
    not be allowed to attempt an SSL_key_update() operation. Instead the
    SSL_write() operation should be completed.
    
    Fixes #12485
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/16077)

commit 21ba77cad67f6a40b051ac9d57069fa58d0658f7
Author: Matt Caswell <matt at openssl.org>
Date:   Tue Jul 13 17:19:12 2021 +0100

    Don't reset the packet pointer in ssl3_setup_read_buffer
    
    Sometimes this function gets called when the buffers have already been
    set up. If there is already a partial packet in the read buffer then the
    packet pointer will be set to an incorrect value. The packet pointer already
    gets reset to the correct value when we first read a packet anyway, so we
    don't also need to do it in ssl3_setup_read_buffer.
    
    Fixes #13729
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/16077)

-----------------------------------------------------------------------

Summary of changes:
 ssl/record/ssl3_buffer.c | 1 -
 ssl/ssl_lib.c            | 5 +++++
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/ssl/record/ssl3_buffer.c b/ssl/record/ssl3_buffer.c
index 861610a08b..daa175d98c 100644
--- a/ssl/record/ssl3_buffer.c
+++ b/ssl/record/ssl3_buffer.c
@@ -73,7 +73,6 @@ int ssl3_setup_read_buffer(SSL *s)
         b->len = len;
     }
 
-    RECORD_LAYER_set_packet(&s->rlayer, &(b->buf[0]));
     return 1;
 }
 
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index c1e8e41f02..892a417d93 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -2262,6 +2262,11 @@ int SSL_key_update(SSL *s, int updatetype)
         return 0;
     }
 
+    if (RECORD_LAYER_write_pending(&s->rlayer)) {
+        ERR_raise(ERR_LIB_SSL, SSL_R_BAD_WRITE_RETRY);
+        return 0;
+    }
+
     ossl_statem_set_in_init(s, 1);
     s->key_update = updatetype;
     return 1;

More information about the openssl-commits mailing list