Provide the option to retry or return after post-handshake messages.

In TLSv1.3 post-handshake handshake messages are used for key updates and
session tickets. These are in-band and mean that when the upper layer goes
to read application data, we can end up reading and having to process
handshake messages - this option changes whether we retry and read the
next TLS record, or if we return, signalling that we want more data to
be available.

ok beck@ inoguchi@ tb@

1 files changed, 14 insertions, 3 deletions

diff --git a/lib/libssl/tls13_record_layer.c b/lib/libssl/tls13_record_layer.c
index 2188d517a8f..658a6d6a9e6 100644
--- a/lib/libssl/tls13_record_layer.c
+++ b/lib/libssl/tls13_record_layer.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_record_layer.c,v 1.44 2020/05/20 14:58:33 beck Exp $ */
+/* $OpenBSD: tls13_record_layer.c,v 1.45 2020/05/23 11:57:41 jsing Exp $ */
 /*
  * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
  *
@@ -34,6 +34,7 @@ struct tls13_record_layer {
 	int handshake_completed;
 	int legacy_alerts_allowed;
 	int phh;
+	int phh_retry;
 
 	/*
 	 * Read and/or write channels are closed due to an alert being
@@ -233,6 +234,12 @@ tls13_record_layer_handshake_completed(struct tls13_record_layer *rl)
 	rl->handshake_completed = 1;
 }
 
+void
+tls13_record_layer_set_retry_after_phh(struct tls13_record_layer *rl, int retry)
+{
+	rl->phh_retry = retry;
+}
+
 static ssize_t
 tls13_record_layer_process_alert(struct tls13_record_layer *rl)
 {
@@ -930,8 +937,12 @@ tls13_record_layer_read_internal(struct tls13_record_layer *rl,
 				 */
 				rl->phh = 0;
 
-				if (ret == TLS13_IO_SUCCESS)
-					return TLS13_IO_WANT_RETRY;
+				if (ret == TLS13_IO_SUCCESS) {
+					if (rl->phh_retry)
+						return TLS13_IO_WANT_RETRY;
+
+					return TLS13_IO_WANT_POLLIN;
+				}
 
 				return ret;
 			}