]> git.ipfire.org Git - thirdparty/openssl.git/blobdiff - ssl/record/rec_layer_s3.c
projects / thirdparty / openssl.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Defer sending a KeyUpdate until after pending writes are complete
[thirdparty/openssl.git] / ssl / record / rec_layer_s3.c
diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c
index 64e132aac00becb3071bbfa2a95c6ff21ad8688d..a9911328e61df39d736db4d083368f72f2cfaeec 100644 (file)
--- a/ssl/record/rec_layer_s3.c
+++ b/ssl/record/rec_layer_s3.c
@@ -377,6 +377,13 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, size_t len,
 
     s->rlayer.wnum = 0;
 
+    /*
+     * If we are supposed to be sending a KeyUpdate then go into init unless we
+     * have writes pending - in which case we should finish doing that first.
+     */
+    if (wb->left == 0 && s->key_update != SSL_KEY_UPDATE_NONE)
+        ossl_statem_set_in_init(s, 1);
+
     /*
      * When writing early data on the server side we could be "in_init" in
      * between receiving the EoED and the CF - but we don't want to handle those
A mirror of the official openssl repository