diff options
Diffstat (limited to 'ssl')
| -rw-r--r-- | ssl/record/rec_layer_s3.c | 7 | ||||
| -rw-r--r-- | ssl/statem/statem_clnt.c | 6 | ||||
| -rw-r--r-- | ssl/statem/statem_lib.c | 7 | ||||
| -rw-r--r-- | ssl/statem/statem_srvr.c | 6 |
4 files changed, 9 insertions, 17 deletions
diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c index 64e132aac0..a9911328e6 100644 --- a/ssl/record/rec_layer_s3.c +++ b/ssl/record/rec_layer_s3.c @@ -378,6 +378,13 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, size_t len, s->rlayer.wnum = 0; /* + * If we are supposed to be sending a KeyUpdate then go into init unless we + * have writes pending - in which case we should finish doing that first. + */ + if (wb->left == 0 && s->key_update != SSL_KEY_UPDATE_NONE) + ossl_statem_set_in_init(s, 1); + + /* * When writing early data on the server side we could be "in_init" in * between receiving the EoED and the CF - but we don't want to handle those * messages yet. diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index 1be7c5745c..d096143530 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -474,12 +474,6 @@ static WRITE_TRAN ossl_statem_client13_write_transition(SSL *s) return WRITE_TRAN_CONTINUE; case TLS_ST_CR_KEY_UPDATE: - if (s->key_update != SSL_KEY_UPDATE_NONE) { - st->hand_state = TLS_ST_CW_KEY_UPDATE; - return WRITE_TRAN_CONTINUE; - } - /* Fall through */ - case TLS_ST_CW_KEY_UPDATE: case TLS_ST_CR_SESSION_TICKET: case TLS_ST_CW_FINISHED: diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c index 033ea613c5..8c7d5e2a60 100644 --- a/ssl/statem/statem_lib.c +++ b/ssl/statem/statem_lib.c @@ -643,12 +643,9 @@ MSG_PROCESS_RETURN tls_process_key_update(SSL *s, PACKET *pkt) /* * If we get a request for us to update our sending keys too then, we need * to additionally send a KeyUpdate message. However that message should - * not also request an update (otherwise we get into an infinite loop). We - * ignore a request for us to update our sending keys too if we already - * sent close_notify. + * not also request an update (otherwise we get into an infinite loop). */ - if (updatetype == SSL_KEY_UPDATE_REQUESTED - && (s->shutdown & SSL_SENT_SHUTDOWN) == 0) + if (updatetype == SSL_KEY_UPDATE_REQUESTED) s->key_update = SSL_KEY_UPDATE_NOT_REQUESTED; if (!tls13_update_key(s, 0)) { diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index fe495a3a68..6504f4f74e 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -503,12 +503,6 @@ static WRITE_TRAN ossl_statem_server13_write_transition(SSL *s) return WRITE_TRAN_CONTINUE; case TLS_ST_SR_KEY_UPDATE: - if (s->key_update != SSL_KEY_UPDATE_NONE) { - st->hand_state = TLS_ST_SW_KEY_UPDATE; - return WRITE_TRAN_CONTINUE; - } - /* Fall through */ - case TLS_ST_SW_KEY_UPDATE: st->hand_state = TLS_ST_OK; return WRITE_TRAN_CONTINUE; |