diff options
author | Matt Caswell <matt@openssl.org> | 2021-07-13 17:44:44 +0100 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2021-07-16 12:20:20 +0200 |
commit | 3bec48515354bc4138ce14c5aafc2c9e3bcc473f (patch) | |
tree | 0db5ccf5c6f7e975717a4385ef154305b36da6f2 /ssl/ssl_lib.c | |
parent | 21ba77cad67f6a40b051ac9d57069fa58d0658f7 (diff) |
Disallow SSL_key_update() if there are writes pending
If an application is halfway through writing application data it should
not be allowed to attempt an SSL_key_update() operation. Instead the
SSL_write() operation should be completed.
Fixes #12485
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16077)
Diffstat (limited to 'ssl/ssl_lib.c')
-rw-r--r-- | ssl/ssl_lib.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index c1e8e41f02..892a417d93 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -2262,6 +2262,11 @@ int SSL_key_update(SSL *s, int updatetype) return 0; } + if (RECORD_LAYER_write_pending(&s->rlayer)) { + ERR_raise(ERR_LIB_SSL, SSL_R_BAD_WRITE_RETRY); + return 0; + } + ossl_statem_set_in_init(s, 1); s->key_update = updatetype; return 1; |