Set BIO retry on TLS13_IO_WANT_POLLIN/TLS13_IO_WANT_POLLOUT.

In most cases a TLS13_IO_WANT_POLLIN or TLS13_IO_WANT_POLLOUT will have
bubbled up from the wire callbacks, in which case the BIO retry flag will
already be set. However, if we return TLS13_IO_WANT_POLLIN or
TLS13_IO_WANT_POLLOUT from a higher layer the BIO retry flag will not be
set and that will cause SSL_get_error() to return SSL_ERROR_SYSCALL rather
than the intended SSL_ERROR_WANT_READ/SSL_ERROR_WANT_WRITE.

ok beck@ tb@

1 files changed, 3 insertions, 1 deletions

diff --git a/lib/libssl/tls13_lib.c b/lib/libssl/tls13_lib.c
index f9505fa4385..d8a22c8fc7b 100644
--- a/lib/libssl/tls13_lib.c
+++ b/lib/libssl/tls13_lib.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: tls13_lib.c,v 1.4 2019/02/21 17:15:00 jsing Exp $ */
+/*	$OpenBSD: tls13_lib.c,v 1.5 2019/02/23 15:00:44 jsing Exp $ */
 /*
  * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
  *
@@ -219,10 +219,12 @@ tls13_legacy_return_code(SSL *ssl, ssize_t ret)
 		return -1;
 
 	case TLS13_IO_WANT_POLLIN:
+		BIO_set_retry_read(ssl->rbio);
 		ssl->internal->rwstate = SSL_READING;
 		return -1;
 
 	case TLS13_IO_WANT_POLLOUT:
+		BIO_set_retry_write(ssl->wbio);
 		ssl->internal->rwstate = SSL_WRITING;
 		return -1;
 	}