Automatically complete the handshake from tls13_legacy_{read,write}_bytes()

If the TLS handshake has not been completed, automatically complete the
handshake as part of the read/write call, implementing the current
SSL_read()/SSL_write() behaviour.

Once the TLS handshake is completed we push a WANT_POLLIN or WANT_POLLOUT
back up to the caller, since some applications appear to incorrectly call
SSL_read() or SSL_write(), rather than repeating the previous call. This
can lead to attempts to read data that does not exist, since the
WANT_POLLIN was actually triggered as part of the handshake.

ok inoguchi@ tb@

1 files changed, 2 insertions, 1 deletions

diff --git a/src/lib/libssl/tls13_internal.h b/src/lib/libssl/tls13_internal.h
index c3b698e987..f3cccc14a6 100644
--- a/src/lib/libssl/tls13_internal.h
+++ b/src/lib/libssl/tls13_internal.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_internal.h,v 1.24 2019/02/25 19:44:04 tb Exp $ */
+/* $OpenBSD: tls13_internal.h,v 1.25 2019/02/28 17:56:43 jsing Exp $ */
 /*
  * Copyright (c) 2018 Bob Beck <beck@openbsd.org>
  * Copyright (c) 2018 Theo Buehler <tb@openbsd.org>
@@ -156,6 +156,7 @@ struct tls13_ctx {
         struct ssl_handshake_tls13_st *hs;
         uint8_t mode;
         struct tls13_handshake_stage handshake_stage;
+        int handshake_completed;
 
         const EVP_AEAD *aead;
         const EVP_MD *hash;