Fix breakage in SSL_connect, SSL_accept, etc. by not propagating

new retry conditions from the record layer all the way up to the
callers.  Instead we catch them at the top of the record layer
and retry the operations, unless we actually got a retry indicated
from actual IO operations.

ok jsing@ tb@

1 files changed, 5 insertions, 1 deletions

diff --git a/src/lib/libssl/tls13_lib.c b/src/lib/libssl/tls13_lib.c
index 473163ee76..cfe3985050 100644
--- a/src/lib/libssl/tls13_lib.c
+++ b/src/lib/libssl/tls13_lib.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: tls13_lib.c,v 1.26 2020/01/23 11:57:20 jsing Exp $ */
+/*      $OpenBSD: tls13_lib.c,v 1.27 2020/01/24 04:36:29 beck Exp $ */
 /*
  * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
  * Copyright (c) 2019 Bob Beck <beck@openbsd.org>
@@ -420,6 +420,10 @@ tls13_legacy_return_code(SSL *ssl, ssize_t ret)
                 BIO_set_retry_write(ssl->wbio);
                 ssl->internal->rwstate = SSL_WRITING;
                 return -1;
+
+        case TLS13_IO_WANT_RETRY:
+                SSLerror(ssl, ERR_R_INTERNAL_ERROR);
+                return -1;
         }
 
         SSLerror(ssl, ERR_R_INTERNAL_ERROR);