Revert guard, impl. SSL_MODE_AUTO_RETRY

WillChilds-Klein · WillChilds-Klein · commit c75e5cb8c521 · 2024-01-10T19:48:22.000Z
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
@@ -869,6 +869,9 @@ OPENSSL_EXPORT uint32_t SSL_get_options(const SSL *ssl);
 // session resumption is used for a given SSL*.
 #define SSL_MODE_NO_SESSION_CREATION 0x00000200L
 
+// TODO [childw]
+#define SSL_MODE_AUTO_RETRY 0x00000004L
+
 // SSL_MODE_SEND_FALLBACK_SCSV sends TLS_FALLBACK_SCSV in the ClientHello.
 // To be set only by applications that reconnect with a downgraded protocol
 // version; see RFC 7507 for details.
@@ -5275,7 +5278,6 @@ DEFINE_STACK_OF(SSL_COMP)
 
 // The following flags do nothing and are included only to make it easier to
 // compile code with BoringSSL.
-#define SSL_MODE_AUTO_RETRY 0
 #define SSL_MODE_RELEASE_BUFFERS 0
 #define SSL_MODE_SEND_CLIENTHELLO_TIME 0
 #define SSL_MODE_SEND_SERVERHELLO_TIME 0
diff --git a/ssl/ssl_lib.cc b/ssl/ssl_lib.cc
@@ -1027,7 +1027,10 @@ static int ssl_read_impl(SSL *ssl) {
                                  &alert, ssl->s3->read_buffer.span());
     bool retry;
     int bio_ret = ssl_handle_open_record(ssl, &retry, ret, consumed, alert);
-    if (bio_ret <= 0) {
+
+    if (bio_ret == 0 && retry && (ssl->ctx->mode & SSL_MODE_AUTO_RETRY)) {
+      continue;
+    } else if (bio_ret <= 0) {
       return bio_ret;
     }
     if (!retry) {
@@ -1388,11 +1391,8 @@ int SSL_get_error(const SSL *ssl, int ret_code) {
     }
     // An EOF was observed which violates the protocol, and the underlying
     // transport does not participate in the error queue. Bubble up to the
-    // caller. Do not consider retryable |rwstate| EOF.
-    if (ssl->s3->rwstate != SSL_ERROR_WANT_READ
-            && ssl->s3->rwstate != SSL_ERROR_WANT_WRITE) {
-      return SSL_ERROR_SYSCALL;
-    }
+    // caller.
+    return SSL_ERROR_SYSCALL;
   }
 
   switch (ssl->s3->rwstate) {
diff --git a/ssl/ssl_test.cc b/ssl/ssl_test.cc
@@ -10507,6 +10507,10 @@ TEST(SSLTest, IntermittentEmptyRead) {
   ret = SSL_read(client.get(), buf, sizeof(buf));
   EXPECT_EQ(ret, (int) sizeof(buf));
   EXPECT_EQ(SSL_get_error(client.get(), ret), SSL_ERROR_NONE);
+
+  ret = SSL_read(client.get(), buf, sizeof(buf));
+  EXPECT_LE(ret, 0);
+  EXPECT_EQ(SSL_get_error(client.get(), ret), SSL_ERROR_SSL);
 }
 
 // Test that |SSL_shutdown|, when quiet shutdown is enabled, simulates receiving
