Handle zero byte reads/writes that trigger handshakes in the TLSv1.3 stack.

With the legaacy stack, it is possible to do a zero byte SSL_read() or
SSL_write() that triggers the handshake, but then returns zero without
SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE being flagged. This currently
works in the TLSv1.3 stack by returning TLS_IO_WANT_POLLIN or
TLS_IO_WANT_POLLOUT, which is then hidden by SSL_get_error().

However, due to upcoming changes to SSL_get_error() this will no longer be
the case. In order to maintain the existing legacy behaviour, explicitly
handle zero byte reads and writes in the TLSv1.3 stack, following
completion of a handshake.

ok inoguchi@ tb@

1 files changed, 5 insertions, 1 deletions

diff --git a/src/lib/libssl/tls13_legacy.c b/src/lib/libssl/tls13_legacy.c
index 0379c978e9..27e030fa77 100644
--- a/src/lib/libssl/tls13_legacy.c
+++ b/src/lib/libssl/tls13_legacy.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: tls13_legacy.c,v 1.36 2022/02/05 14:54:10 jsing Exp $ */
+/*      $OpenBSD: tls13_legacy.c,v 1.37 2022/02/06 16:08:14 jsing Exp $ */
 /*
  * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
  *
@@ -229,6 +229,8 @@ tls13_legacy_read_bytes(SSL *ssl, int type, unsigned char *buf, int len, int pee
         if (ctx == NULL || !ctx->handshake_completed) {
                 if ((ret = ssl->internal->handshake_func(ssl)) <= 0)
                         return ret;
+                if (len == 0)
+                        return 0;
                 return tls13_legacy_return_code(ssl, TLS13_IO_WANT_POLLIN);
         }
 
@@ -263,6 +265,8 @@ tls13_legacy_write_bytes(SSL *ssl, int type, const void *vbuf, int len)
         if (ctx == NULL || !ctx->handshake_completed) {
                 if ((ret = ssl->internal->handshake_func(ssl)) <= 0)
                         return ret;
+                if (len == 0)
+                        return 0;
                 return tls13_legacy_return_code(ssl, TLS13_IO_WANT_POLLOUT);
         }