From: Matt Caswell <matt@openssl.org>
Date: Tue, 13 Jul 2021 16:44:44 +0000 (+0100)
Subject: Disallow SSL_key_update() if there are writes pending
X-Git-Tag: openssl-3.0.0-beta2~54
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=3bec48515354bc4138ce14c5aafc2c9e3bcc473f;p=thirdparty%2Fopenssl.git

Disallow SSL_key_update() if there are writes pending

If an application is halfway through writing application data it should
not be allowed to attempt an SSL_key_update() operation. Instead the
SSL_write() operation should be completed.

Fixes #12485

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16077)
---

diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index c1e8e41f02b..892a417d935 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -2262,6 +2262,11 @@ int SSL_key_update(SSL *s, int updatetype)
         return 0;
     }
 
+    if (RECORD_LAYER_write_pending(&s->rlayer)) {
+        ERR_raise(ERR_LIB_SSL, SSL_R_BAD_WRITE_RETRY);
+        return 0;
+    }
+
     ossl_statem_set_in_init(s, 1);
     s->key_update = updatetype;
     return 1;