bio: fix wrong wbio pointer on SSL_get_error

[ihciah]

This PR fixed a wrong wbio pointer usage on SSL_get_error.
The bug will cause SSL_get_error to return SSL_ERROR_SYSCALL even after BIO_set_retry_write in some cases such as BIO_CTRL_FLUSH. Without this fix, when BIO_CTRL_FLUSH, if BIO writer gets a WOULD_BLOCK error, it calls BIO_set_retry_write and returns 0, it will not work and openssl will return a failure.

[t8m]

This would be acceptable with CLA: trivial. Please see https://www.openssl.org/policies/cla.html

[ihciah]

In bio_ssl.c it indeed uses wbio. It is strange ctrl receives wrong BIO pointer...

    case BIO_CTRL_FLUSH:
        BIO_clear_retry_flags(b);
        ret = BIO_ctrl(sc->wbio, cmd, num, ptr);
        BIO_copy_next_retry(b);
        break;

[ihciah]

I added some BIO_copy_next_retry(b); after BIO_ctrl, it should make SSL_get_error work correctly. Is this fix acceptable?
I also found many of the same issue in different files and places, should I fix them all in this PR?

[t8m]

Could you please split these two different changes in separate commits as they are unrelated?

[t8m]

Also the typo in quic call is master branch only thing but the other fix should probably go into all 3.x branches (no need to do a separate PR but definitely separate commit should be done).

[mattcaswell]

After some investigation I found the cause is not passing flags between bios. So I fixed it in another way and it works now.

So the original issue has been resolved. I will close this PR.

[ihciah]

After some investigation I found the cause is not passing flags between bios. So I fixed it in another way and it works now.

So the original issue has been resolved. I will close this PR.

@mattcaswell "in another way" means passing flags between bios, it should be done in openssl, as the PR does. I've force pushed the branch which maybe you missed it.

[mattcaswell]

Ah. My apologies. I misunderstood. I've reopened it and will take another look.

[ihciah]

If the fix is right, I'm willing to trying fix all similar issue in this PR :)

[mattcaswell]

The blanket calls to BIO_copy_next_retry() for all possible IO ctrls does not seem correct to me. Most of those ctrls are not "IO" related ctrls so applications would not expect the "retry" the status to change as a result. The only one where it would is in BIO_CTRL_FLUSH. So I would keep the two you have inserted in this section and remove all the others.

[ihciah]

@mattcaswell
Thanks! I have removed all other insertions. In the new pushed commit I also added some for other BIO_CTRL_FLUSH. Is it correct?

[ihciah]

ping~ @mattcaswell

[ihciah]

Ping @t8m @mattcaswell Can it be merged?

[paulidale]

Two approvals are required before it can be merged.
This seems to have become lost in the noise.

[t8m]

@mattcaswell are you OK with CLA: trivial?

Also, I wonder, should we special-case this in BIO_ctrl() actually? I.e. instead of patching all BIOs which might be also third party ones so they won't get the fix, should we instead do it automatically when BIO_ctrl() returns and the BIO_CTRL_FLUSH is used?

[mattcaswell]

Actually I think this maybe goes beyond CLA trivial. I think we should have a CLA for this one.

Also, I wonder, should we special-case this in BIO_ctrl() actually? I.e. instead of patching all BIOs which might be also third party ones so they won't get the fix, should we instead do it automatically when BIO_ctrl() returns and the BIO_CTRL_FLUSH is used?

Hmm. Maybe, but that's quite ugly. It doesn't actually apply to all BIOs, only filter BIOs (because source/sink BIOs don't have a "next"). And I wonder if there are special cases where you wouldn't want this to happen.

[ihciah]

I've signed and sent the CLA pdf(also with @suikammd which is another co-auther).

[ihciah]

Close in favor of #21298