From 1d2b3dae57fb14e9884d047f00465183e2fca7a4 Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Wed, 29 Jan 2020 17:03:58 +0000
Subject: If the TLSv1.3 code has not recorded an error and something already
 exists on the error stack, refrain from pushing an 'unknown' error on the
 stack. This should allow libcrypto errors (including bio) to be visible,
 where we have nothing better to offer.

ok tb@
---
 src/lib/libssl/tls13_client.c | 3 ++-
 src/lib/libssl/tls13_lib.c    | 6 +++++-
 src/lib/libssl/tls13_server.c | 3 ++-
 3 files changed, 9 insertions(+), 3 deletions(-)

(limited to 'src/lib')

diff --git a/src/lib/libssl/tls13_client.c b/src/lib/libssl/tls13_client.c
index f75f605ace..3c55be6e68 100644
--- a/src/lib/libssl/tls13_client.c
+++ b/src/lib/libssl/tls13_client.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_client.c,v 1.37 2020/01/26 06:55:17 jsing Exp $ */
+/* $OpenBSD: tls13_client.c,v 1.38 2020/01/29 17:03:58 jsing Exp $ */
 /*
  * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
  *
@@ -87,6 +87,7 @@ tls13_legacy_connect(SSL *ssl)
 		}
 	}
 
+	ERR_clear_error();
 	S3I(ssl)->hs.state = SSL_ST_CONNECT;
 
 	ret = tls13_connect(ctx);
diff --git a/src/lib/libssl/tls13_lib.c b/src/lib/libssl/tls13_lib.c
index 2a13e8f773..3a90c0d6df 100644
--- a/src/lib/libssl/tls13_lib.c
+++ b/src/lib/libssl/tls13_lib.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: tls13_lib.c,v 1.31 2020/01/26 02:45:27 beck Exp $ */
+/*	$OpenBSD: tls13_lib.c,v 1.32 2020/01/29 17:03:58 jsing Exp $ */
 /*
  * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
  * Copyright (c) 2019 Bob Beck <beck@openbsd.org>
@@ -408,6 +408,10 @@ tls13_legacy_error(SSL *ssl)
 		break;
 	}
 
+	/* Something (probably libcrypto) already pushed an error on the stack. */
+	if (reason == SSL_R_UNKNOWN && ERR_peek_error() != 0)
+		return;
+
 	ERR_put_error(ERR_LIB_SSL, (0xfff), reason, ctx->error.file,
 	    ctx->error.line);
 }
diff --git a/src/lib/libssl/tls13_server.c b/src/lib/libssl/tls13_server.c
index 41b4d2b24e..a559e03219 100644
--- a/src/lib/libssl/tls13_server.c
+++ b/src/lib/libssl/tls13_server.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_server.c,v 1.20 2020/01/26 06:55:17 jsing Exp $ */
+/* $OpenBSD: tls13_server.c,v 1.21 2020/01/29 17:03:58 jsing Exp $ */
 /*
  * Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org>
  * Copyright (c) 2020 Bob Beck <beck@openbsd.org>
@@ -78,6 +78,7 @@ tls13_legacy_accept(SSL *ssl)
 		}
 	}
 
+	ERR_clear_error();
 	S3I(ssl)->hs.state = SSL_ST_ACCEPT;
 
 	ret = tls13_accept(ctx);
-- 
cgit v1.2.3-55-g6feb