Automatically complete the handshake from tls13_legacy_{read,write}_bytes()

If the TLS handshake has not been completed, automatically complete the
handshake as part of the read/write call, implementing the current
SSL_read()/SSL_write() behaviour.

Once the TLS handshake is completed we push a WANT_POLLIN or WANT_POLLOUT
back up to the caller, since some applications appear to incorrectly call
SSL_read() or SSL_write(), rather than repeating the previous call. This
can lead to attempts to read data that does not exist, since the
WANT_POLLIN was actually triggered as part of the handshake.

ok inoguchi@ tb@

1 files changed, 2 insertions, 1 deletions

diff --git a/src/lib/libssl/tls13_handshake.c b/src/lib/libssl/tls13_handshake.c
index d4fc7cb6f7..536630ac33 100644
--- a/src/lib/libssl/tls13_handshake.c
+++ b/src/lib/libssl/tls13_handshake.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: tls13_handshake.c,v 1.30 2019/02/28 17:39:36 jsing Exp $      */
+/*      $OpenBSD: tls13_handshake.c,v 1.31 2019/02/28 17:56:43 jsing Exp $      */
 /*
  * Copyright (c) 2018-2019 Theo Buehler <tb@openbsd.org>
  * Copyright (c) 2019 Joel Sing <jsing@openbsd.org>
@@ -282,6 +282,7 @@ tls13_handshake_perform(struct tls13_ctx *ctx)
                         return TLS13_IO_FAILURE;
 
                 if (action->handshake_complete) {
+                        ctx->handshake_completed = 1;
                         tls13_record_layer_handshake_completed(ctx->rl);
                         return TLS13_IO_SUCCESS;
                 }