3 files changed, 30 insertions, 9 deletions

diff --git a/src/lib/libssl/tls13_client.c b/src/lib/libssl/tls13_client.c
index b842cbd39c..4ec29ea956 100644
--- a/src/lib/libssl/tls13_client.c
+++ b/src/lib/libssl/tls13_client.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_client.c,v 1.21 2020/01/21 03:40:05 beck Exp $ */
+/* $OpenBSD: tls13_client.c,v 1.22 2020/01/21 12:08:04 jsing Exp $ */
 /*
  * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
  *
@@ -115,14 +115,28 @@ tls13_use_legacy_client(struct tls13_ctx *ctx)
         if (s->bbio != s->wbio)
                 s->wbio = BIO_push(s->bbio, s->wbio);
 
-        if (!tls13_handshake_msg_content(ctx->hs_msg, &cbs))
-                goto err;
+        /* Stash any unprocessed data from the last record. */
+        tls13_record_layer_rbuf(ctx->rl, &cbs);
+        if (CBS_len(&cbs) > 0) {
+                if (!CBS_write_bytes(&cbs,
+                    S3I(s)->rbuf.buf + SSL3_RT_HEADER_LENGTH,
+                    S3I(s)->rbuf.len - SSL3_RT_HEADER_LENGTH, NULL))
+                        goto err;
 
-        if (!BUF_MEM_grow_clean(s->internal->init_buf, CBS_len(&cbs) + 4))
-                goto err;
+                S3I(s)->rbuf.offset = SSL3_RT_HEADER_LENGTH;
+                S3I(s)->rbuf.left = CBS_len(&cbs);
+                S3I(s)->rrec.type = SSL3_RT_HANDSHAKE;
+                S3I(s)->rrec.length = CBS_len(&cbs);
+                s->internal->rstate = SSL_ST_READ_BODY;
+                s->internal->packet = S3I(s)->rbuf.buf;
+                s->internal->packet_length = SSL3_RT_HEADER_LENGTH;
+                s->internal->mac_packet = 1;
+        }
 
-        if (!CBS_write_bytes(&cbs, s->internal->init_buf->data + 4,
-            s->internal->init_buf->length - 4, NULL))
+        /* Stash the current handshake message. */
+        tls13_handshake_msg_data(ctx->hs_msg, &cbs);
+        if (!CBS_write_bytes(&cbs, s->internal->init_buf->data,
+            s->internal->init_buf->length, NULL))
                 goto err;
 
         S3I(s)->tmp.reuse_message = 1;
diff --git a/src/lib/libssl/tls13_internal.h b/src/lib/libssl/tls13_internal.h
index 530ace41af..3ee73782ec 100644
--- a/src/lib/libssl/tls13_internal.h
+++ b/src/lib/libssl/tls13_internal.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_internal.h,v 1.38 2020/01/21 03:40:05 beck Exp $ */
+/* $OpenBSD: tls13_internal.h,v 1.39 2020/01/21 12:08:04 jsing Exp $ */
 /*
  * Copyright (c) 2018 Bob Beck <beck@openbsd.org>
  * Copyright (c) 2018 Theo Buehler <tb@openbsd.org>
@@ -116,6 +116,7 @@ struct tls13_record_layer *tls13_record_layer_new(tls13_read_cb wire_read,
     tls13_phh_recv_cb phh_recv_cb,
     tls13_phh_sent_cb phh_sent_cb, void *cb_arg);
 void tls13_record_layer_free(struct tls13_record_layer *rl);
+void tls13_record_layer_rbuf(struct tls13_record_layer *rl, CBS *cbs);
 void tls13_record_layer_set_aead(struct tls13_record_layer *rl,
     const EVP_AEAD *aead);
 void tls13_record_layer_set_hash(struct tls13_record_layer *rl,
diff --git a/src/lib/libssl/tls13_record_layer.c b/src/lib/libssl/tls13_record_layer.c
index e1007b3f7b..a6b00a83b3 100644
--- a/src/lib/libssl/tls13_record_layer.c
+++ b/src/lib/libssl/tls13_record_layer.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_record_layer.c,v 1.17 2020/01/20 22:04:17 beck Exp $ */
+/* $OpenBSD: tls13_record_layer.c,v 1.18 2020/01/21 12:08:04 jsing Exp $ */
 /*
  * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
  *
@@ -154,6 +154,12 @@ tls13_record_layer_free(struct tls13_record_layer *rl)
         freezero(rl, sizeof(struct tls13_record_layer));
 }
 
+void
+tls13_record_layer_rbuf(struct tls13_record_layer *rl, CBS *cbs)
+{
+        CBS_dup(&rl->rbuf_cbs, cbs);
+}
+
 static int
 tls13_record_layer_inc_seq_num(uint8_t *seq_num)
 {