3 files changed, 22 insertions, 10 deletions

diff --git a/src/lib/libssl/tls13_internal.h b/src/lib/libssl/tls13_internal.h
index 1d7a7eb699..7288ca3448 100644
--- a/src/lib/libssl/tls13_internal.h
+++ b/src/lib/libssl/tls13_internal.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_internal.h,v 1.28 2019/04/05 20:23:38 tb Exp $ */
+/* $OpenBSD: tls13_internal.h,v 1.29 2019/11/17 00:10:47 beck Exp $ */
 /*
  * Copyright (c) 2018 Bob Beck <beck@openbsd.org>
  * Copyright (c) 2018 Theo Buehler <tb@openbsd.org>
@@ -38,7 +38,8 @@ __BEGIN_HIDDEN_DECLS
 #define TLS13_IO_USE_LEGACY     -4
 
 typedef void (*tls13_alert_cb)(uint8_t _alert_desc, void *_cb_arg);
-typedef int (*tls13_post_handshake_cb)(void *_cb_arg);
+typedef int (*tls13_post_handshake_recv_cb)(void *_cb_arg, CBS *cbs);
+typedef int (*tls13_post_handshake_sent_cb)(void *_cb_arg);
 typedef ssize_t (*tls13_read_cb)(void *_buf, size_t _buflen, void *_cb_arg);
 typedef ssize_t (*tls13_write_cb)(const void *_buf, size_t _buflen,
     void *_cb_arg);
@@ -107,7 +108,8 @@ struct tls13_record_layer;
 
 struct tls13_record_layer *tls13_record_layer_new(tls13_read_cb wire_read,
     tls13_write_cb wire_write, tls13_alert_cb alert_cb,
-    tls13_post_handshake_cb post_handshake_cb, void *cb_arg);
+    tls13_post_handshake_recv_cb post_handshake_recv_cb,
+    tls13_post_handshake_sent_cb post_handshake_sent_cb, void *cb_arg);
 void tls13_record_layer_free(struct tls13_record_layer *rl);
 void tls13_record_layer_set_aead(struct tls13_record_layer *rl,
     const EVP_AEAD *aead);
diff --git a/src/lib/libssl/tls13_lib.c b/src/lib/libssl/tls13_lib.c
index 81325cd86f..61ca3d4682 100644
--- a/src/lib/libssl/tls13_lib.c
+++ b/src/lib/libssl/tls13_lib.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: tls13_lib.c,v 1.11 2019/03/17 15:13:23 jsing Exp $ */
+/*      $OpenBSD: tls13_lib.c,v 1.12 2019/11/17 00:10:47 beck Exp $ */
 /*
  * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
  *
@@ -101,7 +101,7 @@ tls13_ctx_new(int mode)
         ctx->mode = mode;
 
         if ((ctx->rl = tls13_record_layer_new(tls13_legacy_wire_read_cb,
-            tls13_legacy_wire_write_cb, tls13_alert_received_cb, NULL,
+            tls13_legacy_wire_write_cb, tls13_alert_received_cb, NULL, NULL,
             ctx)) == NULL)
                 goto err;
 
diff --git a/src/lib/libssl/tls13_record_layer.c b/src/lib/libssl/tls13_record_layer.c
index 66e201fcbc..ff26b09d46 100644
--- a/src/lib/libssl/tls13_record_layer.c
+++ b/src/lib/libssl/tls13_record_layer.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_record_layer.c,v 1.9 2019/03/17 15:13:23 jsing Exp $ */
+/* $OpenBSD: tls13_record_layer.c,v 1.10 2019/11/17 00:10:47 beck Exp $ */
 /*
  * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
  *
@@ -58,7 +58,8 @@ struct tls13_record_layer {
 
         /* Record callbacks. */
         tls13_alert_cb alert_cb;
-        tls13_post_handshake_cb post_handshake_cb;
+        tls13_post_handshake_recv_cb post_handshake_recv_cb;
+        tls13_post_handshake_sent_cb post_handshake_sent_cb;
 
         /* Wire read/write callbacks. */
         tls13_read_cb wire_read;
@@ -92,7 +93,9 @@ tls13_record_layer_wrec_free(struct tls13_record_layer *rl)
 
 struct tls13_record_layer *
 tls13_record_layer_new(tls13_read_cb wire_read, tls13_write_cb wire_write,
-    tls13_alert_cb alert_cb, tls13_post_handshake_cb post_handshake_cb,
+    tls13_alert_cb alert_cb,
+    tls13_post_handshake_recv_cb post_handshake_recv_cb,
+    tls13_post_handshake_sent_cb post_handshake_sent_cb,
     void *cb_arg)
 {
         struct tls13_record_layer *rl;
@@ -103,7 +106,8 @@ tls13_record_layer_new(tls13_read_cb wire_read, tls13_write_cb wire_write,
         rl->wire_read = wire_read;
         rl->wire_write = wire_write;
         rl->alert_cb = alert_cb;
-        rl->post_handshake_cb = post_handshake_cb;
+        rl->post_handshake_recv_cb = post_handshake_recv_cb;
+        rl->post_handshake_sent_cb = post_handshake_sent_cb;
         rl->cb_arg = cb_arg;
 
         return rl;
@@ -691,8 +695,14 @@ tls13_record_layer_read(struct tls13_record_layer *rl, uint8_t content_type,
                  */
                 if (rl->rbuf_content_type == SSL3_RT_HANDSHAKE) {
                         if (rl->handshake_completed) {
-                                /* XXX - call callback, drop for now... */
+                                if (rl->post_handshake_recv_cb != NULL)
+                                        rl->post_handshake_recv_cb(
+                                            rl->cb_arg, &rl->rbuf_cbs);
                                 tls13_record_layer_rbuf_free(rl);
+                                /*
+                                 * XXX if handshake or alert queued
+                                 *  return POLLOUT
+                                 */
                                 return TLS13_IO_WANT_POLLIN;
                         }
                 }