Thank you for the response.
I was under the (probably incorrect) assumption that wolfSSL_read() may do both reads and writes on the underlying transport. Same with wolfSSL_write(). If this is *not* the case and SSL_read only does reads and SSL_write only does writes, then things get a little easier.
Still wrapping my head around all the details. One aspect I struggle with is breaking a select() call when a packet comes in on CAN hardware. On linux I would use a pipe to patch into the select(), but that's not available in this environment. My solution of last resort will be to use non-blocking sockets in a polling loop, but would prefer to do something more elegant and less busy.