[openssl] master update

Fri, 16 Jul 2021 03:20:59 -0700 

The branch master has been updated
       via  3bec48515354bc4138ce14c5aafc2c9e3bcc473f (commit)
       via  21ba77cad67f6a40b051ac9d57069fa58d0658f7 (commit)
      from  e0ad156d22587514b60920143917cdb149734212 (commit)


- Log -----------------------------------------------------------------
commit 3bec48515354bc4138ce14c5aafc2c9e3bcc473f
Author: Matt Caswell <m...@openssl.org>
Date:   Tue Jul 13 17:44:44 2021 +0100

    Disallow SSL_key_update() if there are writes pending
    
    If an application is halfway through writing application data it should
    not be allowed to attempt an SSL_key_update() operation. Instead the
    SSL_write() operation should be completed.
    
    Fixes #12485
    
    Reviewed-by: Tomas Mraz <to...@openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/16077)

commit 21ba77cad67f6a40b051ac9d57069fa58d0658f7
Author: Matt Caswell <m...@openssl.org>
Date:   Tue Jul 13 17:19:12 2021 +0100

    Don't reset the packet pointer in ssl3_setup_read_buffer
    
    Sometimes this function gets called when the buffers have already been
    set up. If there is already a partial packet in the read buffer then the
    packet pointer will be set to an incorrect value. The packet pointer already
    gets reset to the correct value when we first read a packet anyway, so we
    don't also need to do it in ssl3_setup_read_buffer.
    
    Fixes #13729
    
    Reviewed-by: Tomas Mraz <to...@openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/16077)

-----------------------------------------------------------------------

Summary of changes:
 ssl/record/ssl3_buffer.c | 1 -
 ssl/ssl_lib.c            | 5 +++++
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/ssl/record/ssl3_buffer.c b/ssl/record/ssl3_buffer.c
index 861610a08b..daa175d98c 100644
--- a/ssl/record/ssl3_buffer.c
+++ b/ssl/record/ssl3_buffer.c
@@ -73,7 +73,6 @@ int ssl3_setup_read_buffer(SSL *s)
         b->len = len;
     }
 
-    RECORD_LAYER_set_packet(&s->rlayer, &(b->buf[0]));
     return 1;
 }
 
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index c1e8e41f02..892a417d93 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -2262,6 +2262,11 @@ int SSL_key_update(SSL *s, int updatetype)
         return 0;
     }
 
+    if (RECORD_LAYER_write_pending(&s->rlayer)) {
+        ERR_raise(ERR_LIB_SSL, SSL_R_BAD_WRITE_RETRY);
+        return 0;
+    }
+
     ossl_statem_set_in_init(s, 1);
     s->key_update = updatetype;
     return 1;

Reply via email to