From 9bdb8cf2b0cdef5430b92da746812d02b3e4a0db Mon Sep 17 00:00:00 2001
From: beck <>
Date: Fri, 24 Jan 2020 04:36:29 +0000
Subject: Fix breakage in SSL_connect, SSL_accept, etc. by not propagating new
 retry conditions from the record layer all the way up to the callers. 
 Instead we catch them at the top of the record layer and retry the
 operations, unless we actually got a retry indicated from actual IO
 operations.

ok jsing@ tb@
---
 src/lib/libssl/tls13_internal.h     |  5 +++--
 src/lib/libssl/tls13_lib.c          |  6 ++++-
 src/lib/libssl/tls13_record_layer.c | 44 ++++++++++++++++++++++++++++---------
 3 files changed, 42 insertions(+), 13 deletions(-)

(limited to 'src/lib')

diff --git a/src/lib/libssl/tls13_internal.h b/src/lib/libssl/tls13_internal.h
index e9f629f387..7b3670bf45 100644
--- a/src/lib/libssl/tls13_internal.h
+++ b/src/lib/libssl/tls13_internal.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_internal.h,v 1.50 2020/01/23 11:57:20 jsing Exp $ */
+/* $OpenBSD: tls13_internal.h,v 1.51 2020/01/24 04:36:29 beck Exp $ */
 /*
  * Copyright (c) 2018 Bob Beck <beck@openbsd.org>
  * Copyright (c) 2018 Theo Buehler <tb@openbsd.org>
@@ -36,7 +36,8 @@ __BEGIN_HIDDEN_DECLS
 #define TLS13_IO_ALERT		-2
 #define TLS13_IO_WANT_POLLIN	-3
 #define TLS13_IO_WANT_POLLOUT	-4
-#define TLS13_IO_USE_LEGACY	-5
+#define TLS13_IO_WANT_RETRY	-5 /* Retry the previous call immediately. */
+#define TLS13_IO_USE_LEGACY	-6
 
 #define TLS13_ERR_VERIFY_FAILED		16
 #define TLS13_ERR_HRR_FAILED		17
diff --git a/src/lib/libssl/tls13_lib.c b/src/lib/libssl/tls13_lib.c
index 473163ee76..cfe3985050 100644
--- a/src/lib/libssl/tls13_lib.c
+++ b/src/lib/libssl/tls13_lib.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: tls13_lib.c,v 1.26 2020/01/23 11:57:20 jsing Exp $ */
+/*	$OpenBSD: tls13_lib.c,v 1.27 2020/01/24 04:36:29 beck Exp $ */
 /*
  * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
  * Copyright (c) 2019 Bob Beck <beck@openbsd.org>
@@ -420,6 +420,10 @@ tls13_legacy_return_code(SSL *ssl, ssize_t ret)
 		BIO_set_retry_write(ssl->wbio);
 		ssl->internal->rwstate = SSL_WRITING;
 		return -1;
+
+	case TLS13_IO_WANT_RETRY:
+		SSLerror(ssl, ERR_R_INTERNAL_ERROR);
+		return -1;
 	}
 
 	SSLerror(ssl, ERR_R_INTERNAL_ERROR);
diff --git a/src/lib/libssl/tls13_record_layer.c b/src/lib/libssl/tls13_record_layer.c
index aa8968484b..e5f8ba8859 100644
--- a/src/lib/libssl/tls13_record_layer.c
+++ b/src/lib/libssl/tls13_record_layer.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_record_layer.c,v 1.24 2020/01/23 05:08:30 jsing Exp $ */
+/* $OpenBSD: tls13_record_layer.c,v 1.25 2020/01/24 04:36:29 beck Exp $ */
 /*
  * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
  *
@@ -274,7 +274,7 @@ tls13_record_layer_process_alert(struct tls13_record_layer *rl)
 		ret = TLS13_IO_EOF;
 	} else if (alert_desc == SSL_AD_USER_CANCELLED) {
 		/* Ignored at the record layer. */
-		ret = TLS13_IO_WANT_POLLIN;
+		ret = TLS13_IO_WANT_RETRY;
 	} else if (alert_level == SSL3_AL_FATAL) {
 		rl->read_closed = 1;
 		rl->write_closed = 1;
@@ -330,7 +330,7 @@ tls13_record_layer_send_phh(struct tls13_record_layer *rl)
 	if (!CBS_skip(&rl->phh_cbs, ret))
 		return TLS13_IO_FAILURE;
 	if (CBS_len(&rl->phh_cbs) != 0)
-		return TLS13_IO_WANT_POLLOUT;
+		return TLS13_IO_WANT_RETRY;
 
 	freezero(rl->phh_data, rl->phh_len);
 	rl->phh_data = NULL;
@@ -776,7 +776,7 @@ tls13_record_layer_read_record(struct tls13_record_layer *rl)
 			return tls13_send_alert(rl, SSL_AD_ILLEGAL_PARAMETER);
 		rl->ccs_seen = 1;
 		tls13_record_layer_rrec_free(rl);
-		return TLS13_IO_WANT_POLLIN;
+		return TLS13_IO_WANT_RETRY;
 	}
 
 	/*
@@ -896,7 +896,7 @@ tls13_record_layer_read_internal(struct tls13_record_layer *rl,
 				rl->phh = 0;
 
 				if (ret == TLS13_IO_SUCCESS)
-					return TLS13_IO_WANT_POLLIN;
+					return TLS13_IO_WANT_RETRY;
 
 				return ret;
 			}
@@ -929,14 +929,26 @@ ssize_t
 tls13_record_layer_peek(struct tls13_record_layer *rl, uint8_t content_type,
     uint8_t *buf, size_t n)
 {
-	return tls13_record_layer_read_internal(rl, content_type, buf, n, 1);
+	ssize_t ret;
+
+	do {
+		ret = tls13_record_layer_read_internal(rl, content_type, buf, n, 1);
+	} while (ret == TLS13_IO_WANT_RETRY);
+
+	return ret;
 }
 
 ssize_t
 tls13_record_layer_read(struct tls13_record_layer *rl, uint8_t content_type,
     uint8_t *buf, size_t n)
 {
-	return tls13_record_layer_read_internal(rl, content_type, buf, n, 0);
+	ssize_t ret;
+
+	do {
+		ret = tls13_record_layer_read_internal(rl, content_type, buf, n, 0);
+	} while (ret == TLS13_IO_WANT_RETRY);
+
+	return ret;
 }
 
 static ssize_t
@@ -1015,10 +1027,17 @@ tls13_record_layer_write(struct tls13_record_layer *rl, uint8_t content_type,
 {
 	ssize_t ret;
 
-	if ((ret = tls13_record_layer_send_pending(rl)) != TLS13_IO_SUCCESS)
+	do {
+		ret = tls13_record_layer_send_pending(rl);
+	} while (ret == TLS13_IO_WANT_RETRY);
+	if (ret != TLS13_IO_SUCCESS)
 		return ret;
 
-	return tls13_record_layer_write_chunk(rl, content_type, buf, n);
+	do {
+		ret = tls13_record_layer_write_chunk(rl, content_type, buf, n);
+	} while (ret == TLS13_IO_WANT_RETRY);
+
+	return ret;
 }
 
 ssize_t
@@ -1075,10 +1094,15 @@ ssize_t
 tls13_send_alert(struct tls13_record_layer *rl, uint8_t alert_desc)
 {
 	uint8_t alert_level = SSL3_AL_FATAL;
+	ssize_t ret;
 
 	if (alert_desc == SSL_AD_CLOSE_NOTIFY ||
 	    alert_desc == SSL_AD_USER_CANCELLED)
 		alert_level = SSL3_AL_WARNING;
 
-	return tls13_record_layer_alert(rl, alert_level, alert_desc);
+	do {
+		ret = tls13_record_layer_alert(rl, alert_level, alert_desc);
+	} while (ret == TLS13_IO_WANT_RETRY);
+
+	return ret;
 }
-- 
cgit v1.2.3-55-g6feb