Only check BIO_should_read() on read and BIO_should_write() on write.

The TLSv1.3 code that drives a BIO currently checks BIO_should_read()
after BIO_write() and BIO_should_write() after BIO_read(), which was
modelled on SSL_get_error(). However, there are certain cases where
this can confuse the caller - primarily where the same BIO is being
used for both read and write and the caller is manipulating the retry
flags. SSL_get_error() tends avoids this issue by relying on another
layer of state tracking.

Unfortunately haproxy hits this situation - it has its own BIO_METHOD,
the same BIO is used for both read and write and it manipulates the
retry flags - resulting in it stalling.

Issued noted by Thorsten Lockert <tholo@tzecmaun.org>

ok beck@ tb@

1 files changed, 1 insertions, 5 deletions

diff --git a/src/lib/libssl/tls13_legacy.c b/src/lib/libssl/tls13_legacy.c
index 463d56372e..81a317d4a5 100644
--- a/src/lib/libssl/tls13_legacy.c
+++ b/src/lib/libssl/tls13_legacy.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: tls13_legacy.c,v 1.18 2020/10/11 12:45:52 guenther Exp $ */
+/*      $OpenBSD: tls13_legacy.c,v 1.19 2020/11/03 17:41:39 jsing Exp $ */
 /*
  * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
  *
@@ -36,8 +36,6 @@ tls13_legacy_wire_read(SSL *ssl, uint8_t *buf, size_t len)
         if ((n = BIO_read(ssl->rbio, buf, len)) <= 0) {
                 if (BIO_should_read(ssl->rbio))
                         return TLS13_IO_WANT_POLLIN;
-                if (BIO_should_write(ssl->rbio))
-                        return TLS13_IO_WANT_POLLOUT;
                 if (n == 0)
                         return TLS13_IO_EOF;
 
@@ -75,8 +73,6 @@ tls13_legacy_wire_write(SSL *ssl, const uint8_t *buf, size_t len)
         errno = 0;
 
         if ((n = BIO_write(ssl->wbio, buf, len)) <= 0) {
-                if (BIO_should_read(ssl->wbio))
-                        return TLS13_IO_WANT_POLLIN;
                 if (BIO_should_write(ssl->wbio))
                         return TLS13_IO_WANT_POLLOUT;