[openssl] OpenSSL_1_1_1-stable update

tomas at openssl.org tomas at openssl.org
Mon Jul 19 08:31:08 UTC 2021


The branch OpenSSL_1_1_1-stable has been updated
       via  c9d782d72f573045d0c09e1685a1125df58ecb03 (commit)
       via  97664088f3b332cfd462e3d209983115ef88cfc9 (commit)
      from  657f3d030fce41600d3b9f8daf4cb98c8dc4ec3e (commit)


- Log -----------------------------------------------------------------
commit c9d782d72f573045d0c09e1685a1125df58ecb03
Author: Matt Caswell <matt at openssl.org>
Date:   Tue Jul 13 17:44:44 2021 +0100

    Disallow SSL_key_update() if there are writes pending
    
    If an application is halfway through writing application data it should
    not be allowed to attempt an SSL_key_update() operation. Instead the
    SSL_write() operation should be completed.
    
    Fixes #12485
    
    Reviewed-by: Ben Kaduk <kaduk at mit.edu>
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/16098)

commit 97664088f3b332cfd462e3d209983115ef88cfc9
Author: Matt Caswell <matt at openssl.org>
Date:   Tue Jul 13 17:19:12 2021 +0100

    Don't reset the packet pointer in ssl3_setup_read_buffer
    
    Sometimes this function gets called when the buffers have already been
    set up. If there is already a partial packet in the read buffer then the
    packet pointer will be set to an incorrect value. The packet pointer already
    gets reset to the correct value when we first read a packet anyway, so we
    don't also need to do it in ssl3_setup_read_buffer.
    
    Fixes #13729
    
    Reviewed-by: Ben Kaduk <kaduk at mit.edu>
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/16098)

-----------------------------------------------------------------------

Summary of changes:
 ssl/record/ssl3_buffer.c | 1 -
 ssl/ssl_lib.c            | 5 +++++
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/ssl/record/ssl3_buffer.c b/ssl/record/ssl3_buffer.c
index 9b2a6964c6..c99f5bd249 100644
--- a/ssl/record/ssl3_buffer.c
+++ b/ssl/record/ssl3_buffer.c
@@ -74,7 +74,6 @@ int ssl3_setup_read_buffer(SSL *s)
         b->len = len;
     }
 
-    RECORD_LAYER_set_packet(&s->rlayer, &(b->buf[0]));
     return 1;
 }
 
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index e1c95ddc60..ffd0a0bc6d 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -2119,6 +2119,11 @@ int SSL_key_update(SSL *s, int updatetype)
         return 0;
     }
 
+    if (RECORD_LAYER_write_pending(&s->rlayer)) {
+        SSLerr(SSL_F_SSL_KEY_UPDATE, SSL_R_BAD_WRITE_RETRY);
+        return 0;
+    }
+
     ossl_statem_set_in_init(s, 1);
     s->key_update = updatetype;
     return 1;


More information about the openssl-commits mailing list