Disallow SSL_key_update() if there are writes pending If an application is halfway through writing application data it should not be allowed to attempt an SSL_key_update() operation. Instead the SSL_write() operation should be completed. Fixes #12485 Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16077)

commit: 3bec48515354bc4138ce14c5aafc2c9e3bcc473f [log] [tgz]
author: Matt Caswell <matt@openssl.org> Tue Jul 13 17:44:44 2021 +0100
committer: Tomas Mraz <tomas@openssl.org> Fri Jul 16 12:20:20 2021 +0200
tree: 0db5ccf5c6f7e975717a4385ef154305b36da6f2
parent: 21ba77cad67f6a40b051ac9d57069fa58d0658f7 [diff]
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index c1e8e41..892a417 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c

@@ -2262,6 +2262,11 @@
         return 0;
     }
 
+    if (RECORD_LAYER_write_pending(&s->rlayer)) {
+        ERR_raise(ERR_LIB_SSL, SSL_R_BAD_WRITE_RETRY);
+        return 0;
+    }
+
     ossl_statem_set_in_init(s, 1);
     s->key_update = updatetype;
     return 1;
commit	3bec48515354bc4138ce14c5aafc2c9e3bcc473f	[log] [tgz]
author	Matt Caswell <matt@openssl.org>	Tue Jul 13 17:44:44 2021 +0100
committer	Tomas Mraz <tomas@openssl.org>	Fri Jul 16 12:20:20 2021 +0200
tree	0db5ccf5c6f7e975717a4385ef154305b36da6f2
parent	21ba77cad67f6a40b051ac9d57069fa58d0658f7 [diff]