openssl/ssl
Matt Caswell feb9e31c40 Defer sending a KeyUpdate until after pending writes are complete
If we receive a KeyUpdate message (update requested) from the peer while
we are in the middle of a write, we should defer sending the responding
KeyUpdate message until after the current write is complete. We do this
by waiting to send the KeyUpdate until the next time we write and there is
no pending write data.

This does imply a subtle change in behaviour. Firstly the responding
KeyUpdate message won't be sent straight away as it is now. Secondly if
the peer sends multiple KeyUpdates without us doing any writing then we
will only send one response, as opposed to previously where we sent a
response for each KeyUpdate received.

Fixes #8677

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/8773)
2019-06-03 11:51:14 +01:00
..
record Defer sending a KeyUpdate until after pending writes are complete 2019-06-03 11:51:14 +01:00
statem Defer sending a KeyUpdate until after pending writes are complete 2019-06-03 11:51:14 +01:00
bio_ssl.c Following the license change, modify the boilerplates in ssl/ 2018-12-06 14:20:59 +01:00
build.info
d1_lib.c Use (D)TLS_MAX_VERSION_INTERNAL internally 2018-12-15 12:52:02 +01:00
d1_msg.c issue-8998: Ensure that the alert is generated and reaches the remote 2019-05-30 11:30:54 +01:00
d1_srtp.c Following the license change, modify the boilerplates in ssl/ 2018-12-06 14:20:59 +01:00
methods.c Following the license change, modify the boilerplates in ssl/ 2018-12-06 14:20:59 +01:00
packet_locl.h Following the license change, modify the boilerplates in ssl/ 2018-12-06 14:20:59 +01:00
packet.c Following the license change, modify the boilerplates in ssl/ 2018-12-06 14:20:59 +01:00
pqueue.c Following the license change, modify the boilerplates in ssl/ 2018-12-06 14:20:59 +01:00
s3_cbc.c Structure alignment macro. 2019-05-01 08:37:11 +10:00
s3_enc.c Collapse ssl3_state_st (s3) into ssl_st 2019-04-29 17:26:09 +01:00
s3_lib.c Fix no-srp 2019-05-01 14:51:51 +01:00
s3_msg.c Collapse ssl3_state_st (s3) into ssl_st 2019-04-29 17:26:09 +01:00
ssl_asn1.c constify *_dup() and *i2d_*() and related functions as far as possible, introducing DECLARE_ASN1_DUP_FUNCTION 2019-03-06 16:10:09 +00:00
ssl_cert_table.h Following the license change, modify the boilerplates in ssl/ 2018-12-06 14:20:59 +01:00
ssl_cert.c Collapse ssl3_state_st (s3) into ssl_st 2019-04-29 17:26:09 +01:00
ssl_ciph.c Update format string for ciphers to account for newer ciphers 2019-05-27 07:22:32 +10:00
ssl_conf.c Add option to disable Extended Master Secret 2019-02-15 10:11:18 +00:00
ssl_err.c ssl: Add SSL_sendfile 2019-05-07 14:24:16 +01:00
ssl_init.c Adapt OPENSSL_INIT_DEBUG to the new generic trace API 2019-03-06 11:15:13 +01:00
ssl_lib.c Change SSL parameter SSL_session_reused const 2019-05-21 09:58:50 +10:00
ssl_locl.h Collapse ssl3_state_st (s3) into ssl_st 2019-04-29 17:26:09 +01:00
ssl_mcnf.c Following the license change, modify the boilerplates in ssl/ 2018-12-06 14:20:59 +01:00
ssl_rsa.c Following the license change, modify the boilerplates in ssl/ 2018-12-06 14:20:59 +01:00
ssl_sess.c Collapse ssl3_state_st (s3) into ssl_st 2019-04-29 17:26:09 +01:00
ssl_stat.c Following the license change, modify the boilerplates in ssl/ 2018-12-06 14:20:59 +01:00
ssl_txt.c Following the license change, modify the boilerplates in ssl/ 2018-12-06 14:20:59 +01:00
ssl_utst.c Following the license change, modify the boilerplates in ssl/ 2018-12-06 14:20:59 +01:00
t1_enc.c Changed ssl layer to use EVP_KDF API for TLS1_PRF and HKDF. 2019-05-27 20:28:18 +10:00
t1_lib.c Collapse ssl3_state_st (s3) into ssl_st 2019-04-29 17:26:09 +01:00
t1_trce.c Collapse ssl3_state_st (s3) into ssl_st 2019-04-29 17:26:09 +01:00
tls13_enc.c Changed ssl layer to use EVP_KDF API for TLS1_PRF and HKDF. 2019-05-27 20:28:18 +10:00
tls_srp.c Following the license change, modify the boilerplates in ssl/ 2018-12-06 14:20:59 +01:00