From 6dc7e73103356c68fb1a0e418474365eed4d822c Mon Sep 17 00:00:00 2001 From: jsing <> Date: Sat, 23 Feb 2019 15:00:44 +0000 Subject: Set BIO retry on TLS13_IO_WANT_POLLIN/TLS13_IO_WANT_POLLOUT. In most cases a TLS13_IO_WANT_POLLIN or TLS13_IO_WANT_POLLOUT will have bubbled up from the wire callbacks, in which case the BIO retry flag will already be set. However, if we return TLS13_IO_WANT_POLLIN or TLS13_IO_WANT_POLLOUT from a higher layer the BIO retry flag will not be set and that will cause SSL_get_error() to return SSL_ERROR_SYSCALL rather than the intended SSL_ERROR_WANT_READ/SSL_ERROR_WANT_WRITE. ok beck@ tb@ --- src/lib/libssl/tls13_lib.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/lib/libssl/tls13_lib.c b/src/lib/libssl/tls13_lib.c index f9505fa438..d8a22c8fc7 100644 --- a/src/lib/libssl/tls13_lib.c +++ b/src/lib/libssl/tls13_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_lib.c,v 1.4 2019/02/21 17:15:00 jsing Exp $ */ +/* $OpenBSD: tls13_lib.c,v 1.5 2019/02/23 15:00:44 jsing Exp $ */ /* * Copyright (c) 2018, 2019 Joel Sing * @@ -219,10 +219,12 @@ tls13_legacy_return_code(SSL *ssl, ssize_t ret) return -1; case TLS13_IO_WANT_POLLIN: + BIO_set_retry_read(ssl->rbio); ssl->internal->rwstate = SSL_READING; return -1; case TLS13_IO_WANT_POLLOUT: + BIO_set_retry_write(ssl->wbio); ssl->internal->rwstate = SSL_WRITING; return -1; } -- cgit v1.2.3-55-g6feb