Set BIO retry on TLS13_IO_WANT_POLLIN/TLS13_IO_WANT_POLLOUT.

In most cases a TLS13_IO_WANT_POLLIN or TLS13_IO_WANT_POLLOUT will have
bubbled up from the wire callbacks, in which case the BIO retry flag will
already be set. However, if we return TLS13_IO_WANT_POLLIN or
TLS13_IO_WANT_POLLOUT from a higher layer the BIO retry flag will not be
set and that will cause SSL_get_error() to return SSL_ERROR_SYSCALL rather
than the intended SSL_ERROR_WANT_READ/SSL_ERROR_WANT_WRITE.

ok beck@ tb@

1 files changed, 3 insertions, 1 deletions

diff --git a/src/lib/libssl/tls13_lib.c b/src/lib/libssl/tls13_lib.c
index f9505fa438..d8a22c8fc7 100644
--- a/src/lib/libssl/tls13_lib.c
+++ b/src/lib/libssl/tls13_lib.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: tls13_lib.c,v 1.4 2019/02/21 17:15:00 jsing Exp $ */
+/*      $OpenBSD: tls13_lib.c,v 1.5 2019/02/23 15:00:44 jsing Exp $ */
 /*
  * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
  *
@@ -219,10 +219,12 @@ tls13_legacy_return_code(SSL *ssl, ssize_t ret)
                 return -1;
 
         case TLS13_IO_WANT_POLLIN:
+                BIO_set_retry_read(ssl->rbio);
                 ssl->internal->rwstate = SSL_READING;
                 return -1;
 
         case TLS13_IO_WANT_POLLOUT:
+                BIO_set_retry_write(ssl->wbio);
                 ssl->internal->rwstate = SSL_WRITING;
                 return -1;
         }