Improve handling of BIO_read()/BIO_write() failures in the TLSv1.3 stack.

When BIO returns a failure, it does not always add an error to the error
stack. In the case of the legacy stack, this was generally handled by the
guesswork performed by SSL_get_error(). However, in the case of the new
stack we push an 'unknown' error onto the stack.

Improve this situation by specifically checking errno in the case of a
BIO_read() or BIO_write() failure. If the error stack is empty then push
a SYSerror() with the errno which is preferable to the 'unknown' error
later.

Noted by bluhm@ via syslogd regress.

ok beck@ tb@

1 files changed, 9 insertions, 1 deletions

diff --git a/lib/libssl/tls13_legacy.c b/lib/libssl/tls13_legacy.c
index 39d7f0b3ed9..317a1cb0f51 100644
--- a/lib/libssl/tls13_legacy.c
+++ b/lib/libssl/tls13_legacy.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: tls13_legacy.c,v 1.12 2020/07/30 16:57:53 jsing Exp $ */
+/*	$OpenBSD: tls13_legacy.c,v 1.13 2020/09/13 15:04:35 jsing Exp $ */
 /*
  * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
  *
@@ -35,6 +35,7 @@ tls13_legacy_wire_read(SSL *ssl, uint8_t *buf, size_t len)
 	}
 
 	ssl->internal->rwstate = SSL_READING;
+	errno = 0;
 
 	if ((n = BIO_read(ssl->rbio, buf, len)) <= 0) {
 		if (BIO_should_read(ssl->rbio))
@@ -44,6 +45,9 @@ tls13_legacy_wire_read(SSL *ssl, uint8_t *buf, size_t len)
 		if (n == 0)
 			return TLS13_IO_EOF;
 
+		if (ERR_peek_error() == 0 && errno != 0)
+			SYSerror(errno);
+
 		return TLS13_IO_FAILURE;
 	}
 
@@ -72,6 +76,7 @@ tls13_legacy_wire_write(SSL *ssl, const uint8_t *buf, size_t len)
 	}
 
 	ssl->internal->rwstate = SSL_WRITING;
+	errno = 0;
 
 	if ((n = BIO_write(ssl->wbio, buf, len)) <= 0) {
 		if (BIO_should_read(ssl->wbio))
@@ -79,6 +84,9 @@ tls13_legacy_wire_write(SSL *ssl, const uint8_t *buf, size_t len)
 		if (BIO_should_write(ssl->wbio))
 			return TLS13_IO_WANT_POLLOUT;
 
+		if (ERR_peek_error() == 0 && errno != 0)
+			SYSerror(errno);
+
 		return TLS13_IO_FAILURE;
 	}