From 78553a4afddc4fe2a3045137470161d40051ec5a Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Wed, 29 Jan 2020 17:03:58 +0000
Subject: If the TLSv1.3 code has not recorded an error and something already
 exists on the error stack, refrain from pushing an 'unknown' error on the
 stack. This should allow libcrypto errors (including bio) to be visible,
 where we have nothing better to offer.

ok tb@
---
 src/lib/libssl/tls13_client.c | 3 ++-
 src/lib/libssl/tls13_lib.c    | 6 +++++-
 src/lib/libssl/tls13_server.c | 3 ++-
 3 files changed, 9 insertions(+), 3 deletions(-)

(limited to 'src')

diff --git a/src/lib/libssl/tls13_client.c b/src/lib/libssl/tls13_client.c
index f75f605ace..3c55be6e68 100644
--- a/src/lib/libssl/tls13_client.c
+++ b/src/lib/libssl/tls13_client.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_client.c,v 1.37 2020/01/26 06:55:17 jsing Exp $ */
+/* $OpenBSD: tls13_client.c,v 1.38 2020/01/29 17:03:58 jsing Exp $ */
 /*
  * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
  *
@@ -87,6 +87,7 @@ tls13_legacy_connect(SSL *ssl)
 		}
 	}
 
+	ERR_clear_error();
 	S3I(ssl)->hs.state = SSL_ST_CONNECT;
 
 	ret = tls13_connect(ctx);
diff --git a/src/lib/libssl/tls13_lib.c b/src/lib/libssl/tls13_lib.c
index 2a13e8f773..3a90c0d6df 100644
--- a/src/lib/libssl/tls13_lib.c
+++ b/src/lib/libssl/tls13_lib.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: tls13_lib.c,v 1.31 2020/01/26 02:45:27 beck Exp $ */
+/*	$OpenBSD: tls13_lib.c,v 1.32 2020/01/29 17:03:58 jsing Exp $ */
 /*
  * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
  * Copyright (c) 2019 Bob Beck <beck@openbsd.org>
@@ -408,6 +408,10 @@ tls13_legacy_error(SSL *ssl)
 		break;
 	}
 
+	/* Something (probably libcrypto) already pushed an error on the stack. */
+	if (reason == SSL_R_UNKNOWN && ERR_peek_error() != 0)
+		return;
+
 	ERR_put_error(ERR_LIB_SSL, (0xfff), reason, ctx->error.file,
 	    ctx->error.line);
 }
diff --git a/src/lib/libssl/tls13_server.c b/src/lib/libssl/tls13_server.c
index 41b4d2b24e..a559e03219 100644
--- a/src/lib/libssl/tls13_server.c
+++ b/src/lib/libssl/tls13_server.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_server.c,v 1.20 2020/01/26 06:55:17 jsing Exp $ */
+/* $OpenBSD: tls13_server.c,v 1.21 2020/01/29 17:03:58 jsing Exp $ */
 /*
  * Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org>
  * Copyright (c) 2020 Bob Beck <beck@openbsd.org>
@@ -78,6 +78,7 @@ tls13_legacy_accept(SSL *ssl)
 		}
 	}
 
+	ERR_clear_error();
 	S3I(ssl)->hs.state = SSL_ST_ACCEPT;
 
 	ret = tls13_accept(ctx);
-- 
cgit v1.2.3-55-g6feb