Provide the option to retry or return after post-handshake messages.

In TLSv1.3 post-handshake handshake messages are used for key updates and session tickets. These are in-band and mean that when the upper layer goes to read application data, we can end up reading and having to process handshake messages - this option changes whether we retry and read the next TLS record, or if we return, signalling that we want more data to be available. ok beck@ inoguchi@ tb@
author: jsing <> 2020-05-23 11:57:41 +0000
committer: jsing <> 2020-05-23 11:57:41 +0000
commit: ba81b98a6b238835898cb6995088954757b1c215 (patch)
tree: 9da31ab6ebed3c08f9ad15eb52125befdd8d966a /src
parent: d518a43fe83cbe2b6d24c2351a50bead43c85026 (diff)
download: openbsd-ba81b98a6b238835898cb6995088954757b1c215.tar.gz
openbsd-ba81b98a6b238835898cb6995088954757b1c215.tar.bz2
openbsd-ba81b98a6b238835898cb6995088954757b1c215.zip
2 files changed, 16 insertions, 4 deletions
diff --git a/src/lib/libssl/tls13_internal.h b/src/lib/libssl/tls13_internal.h
index 7e188981f4..770c18d6ad 100644
--- a/src/lib/libssl/tls13_internal.h
+++ b/src/lib/libssl/tls13_internal.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_internal.h,v 1.81 2020/05/19 01:30:34 beck Exp $ */
+/* $OpenBSD: tls13_internal.h,v 1.82 2020/05/23 11:57:41 jsing Exp $ */
 /*
 * Copyright (c) 2018 Bob Beck <beck@openbsd.org>
 * Copyright (c) 2018 Theo Buehler <tb@openbsd.org>
@@ -198,6 +198,7 @@ void tls13_record_layer_set_hash(struct tls13_record_layer *rl,
    const EVP_MD *hash);
 void tls13_record_layer_set_legacy_version(struct tls13_record_layer *rl,
    uint16_t version);
+void tls13_record_layer_set_retry_after_phh(struct tls13_record_layer *rl, int retry);
 void tls13_record_layer_handshake_completed(struct tls13_record_layer *rl);
 int tls13_record_layer_set_read_traffic_key(struct tls13_record_layer *rl,
    struct tls13_secret *read_key);
diff --git a/src/lib/libssl/tls13_record_layer.c b/src/lib/libssl/tls13_record_layer.c
index 2188d517a8..658a6d6a9e 100644
--- a/src/lib/libssl/tls13_record_layer.c
+++ b/src/lib/libssl/tls13_record_layer.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_record_layer.c,v 1.44 2020/05/20 14:58:33 beck Exp $ */
+/* $OpenBSD: tls13_record_layer.c,v 1.45 2020/05/23 11:57:41 jsing Exp $ */
 /*
 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
 *
@@ -34,6 +34,7 @@ struct tls13_record_layer {
        int handshake_completed;
        int legacy_alerts_allowed;
        int phh;
+        int phh_retry;
        /*
         * Read and/or write channels are closed due to an alert being
@@ -233,6 +234,12 @@ tls13_record_layer_handshake_completed(struct tls13_record_layer *rl)
        rl->handshake_completed = 1;
 }
+void
+tls13_record_layer_set_retry_after_phh(struct tls13_record_layer *rl, int retry)
+{
+        rl->phh_retry = retry;
+}
 static ssize_t
 tls13_record_layer_process_alert(struct tls13_record_layer *rl)
 {
@@ -930,8 +937,12 @@ tls13_record_layer_read_internal(struct tls13_record_layer *rl,
                                 */
                                rl->phh = 0;
-                                if (ret == TLS13_IO_SUCCESS)
+                                if (ret == TLS13_IO_SUCCESS) {
-                                        return TLS13_IO_WANT_RETRY;
+                                        if (rl->phh_retry)
+                                                return TLS13_IO_WANT_RETRY;
+                                        return TLS13_IO_WANT_POLLIN;
+                                }
                                return ret;
                        }
author	jsing <>	2020-05-23 11:57:41 +0000
committer	jsing <>	2020-05-23 11:57:41 +0000
commit	ba81b98a6b238835898cb6995088954757b1c215 (patch)
tree	9da31ab6ebed3c08f9ad15eb52125befdd8d966a /src
parent	d518a43fe83cbe2b6d24c2351a50bead43c85026 (diff)
download	openbsd-ba81b98a6b238835898cb6995088954757b1c215.tar.gz openbsd-ba81b98a6b238835898cb6995088954757b1c215.tar.bz2 openbsd-ba81b98a6b238835898cb6995088954757b1c215.zip