Skip to content

Comments

Fix SSL_key_update() problems (1.1.1)#16098

Closed
mattcaswell wants to merge 2 commits intoopenssl:OpenSSL_1_1_1-stablefrom
mattcaswell:key-update-read-111
Closed

Fix SSL_key_update() problems (1.1.1)#16098
mattcaswell wants to merge 2 commits intoopenssl:OpenSSL_1_1_1-stablefrom
mattcaswell:key-update-read-111

Conversation

@mattcaswell
Copy link
Member

@mattcaswell mattcaswell commented Jul 16, 2021

This is a backport of #16077 to 1.1.1

@mattcaswell
Don't reset the packet pointer in ssl3_setup_read_buffer
567ac3c 
Sometimes this function gets called when the buffers have already been
set up. If there is already a partial packet in the read buffer then the
packet pointer will be set to an incorrect value. The packet pointer already
gets reset to the correct value when we first read a packet anyway, so we
don't also need to do it in ssl3_setup_read_buffer.

Fixes openssl#13729
@mattcaswell
Disallow SSL_key_update() if there are writes pending
12c0e4e 
If an application is halfway through writing application data it should
not be allowed to attempt an SSL_key_update() operation. Instead the
SSL_write() operation should be completed.

Fixes openssl#12485
@mattcaswell mattcaswell added approval: review pending This pull request needs review by a committer branch: 1.1.1 Applies to OpenSSL_1_1_1-stable branch (EOL) labels Jul 16, 2021
@mattcaswell mattcaswell requested review from kaduk and t8m July 16, 2021 10:44
@t8m t8m added approval: done This pull request has the required number of approvals and removed approval: review pending This pull request needs review by a committer labels Jul 16, 2021
@openssl-machine openssl-machine added approval: ready to merge The 24 hour grace period has passed, ready to merge and removed approval: done This pull request has the required number of approvals labels Jul 17, 2021
@openssl-machine
Copy link
Collaborator

openssl-machine commented Jul 17, 2021

This pull request is ready to merge

openssl-machine pushed a commit that referenced this pull request Jul 19, 2021
@mattcaswell
Don't reset the packet pointer in ssl3_setup_read_buffer
9766408 
Sometimes this function gets called when the buffers have already been
set up. If there is already a partial packet in the read buffer then the
packet pointer will be set to an incorrect value. The packet pointer already
gets reset to the correct value when we first read a packet anyway, so we
don't also need to do it in ssl3_setup_read_buffer.

Fixes #13729

Reviewed-by: Ben Kaduk <[email protected]>
Reviewed-by: Tomas Mraz <[email protected]>
(Merged from #16098)
openssl-machine pushed a commit that referenced this pull request Jul 19, 2021
@mattcaswell
Disallow SSL_key_update() if there are writes pending
c9d782d 
If an application is halfway through writing application data it should
not be allowed to attempt an SSL_key_update() operation. Instead the
SSL_write() operation should be completed.

Fixes #12485

Reviewed-by: Ben Kaduk <[email protected]>
Reviewed-by: Tomas Mraz <[email protected]>
(Merged from #16098)
@t8m
Copy link
Member

t8m commented Jul 19, 2021

Merged to 1.1.1. Thank you.

@t8m t8m closed this Jul 19, 2021
dstebila added a commit to open-quantum-safe/openssl that referenced this pull request Aug 26, 2021
@dstebila @mattcaswell
@NanXiao @t8m @sebastianas @richsalz @levitte @ischwarze @devnexen @DDvO @oleavr @anupamam13 @bbbrumley @tmshort @beldmit @tim-hitchins-ekkosense @mspncp @arminfuerst @bernd-edlinger @jay @kaduk @bsdjhb @zjd87 @jwalch @mszabo @romen @mamapanda @paulidale @dongbeiouba @yursha @mohd-akram @dcoombs @niclasr @slontis @tomato42 @iguessthislldo @bonniegong @botovq @tiran @jpboivin @p-steuer @goodpaperman @larsimmisch-adobe @luyahan @davidben @ueno @ifranzki
Update to OpenSSL 1.1.1l (#330