From 2959902a10e6b554362bea659b1d8f4570f386b5 Mon Sep 17 00:00:00 2001
From: Sean Parkinson <sean@wolfssl.com>
Date: Wed, 14 Jul 2021 09:33:43 +1000
Subject: [PATCH] TLS 1.3: ability to turn peek change off

Allow post-handshake peeking for handshaking messages to be disabled.
Not all customers want to handle this.
Clear WOLFSSL_ERROR_WANT_READ error on entry to ReceiveData which was
set when peeking found handshake message.
---
 src/internal.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/src/internal.c b/src/internal.c
index 76b927c04..01ee28a8d 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -60,6 +60,11 @@
  *     Default callback will not request creation of new ticket on successful
  *     decryption.
  *     Server only.
+ * WOLFSSL_TLS13_NO_PEEK_HANDSHAKE_DONE
+ *     Once a normal TLS 1.3 handshake is complete, a session ticket message
+ *     may be received by a client. To support detecting this, peek will
+ *     return WOLFSSL_ERROR_WANT_READ.
+ *     This define turns off this behaviour.
  */
 
 
@@ -19099,7 +19104,7 @@ int ReceiveData(WOLFSSL* ssl, byte* output, int sz, int peek)
     WOLFSSL_ENTER("ReceiveData()");
 
     /* reset error state */
-    if (ssl->error == WANT_READ) {
+    if (ssl->error == WANT_READ || ssl->error == WOLFSSL_ERROR_WANT_READ) {
         ssl->error = 0;
     }
 
@@ -19209,6 +19214,7 @@ startScr:
                 }
             }
         #endif
+#ifndef WOLFSSL_TLS13_NO_PEEK_HANDSHAKE_DONE
     #ifdef WOLFSSL_TLS13
         if (IsAtLeastTLSv1_3(ssl->version) && ssl->options.handShakeDone &&
                                          ssl->curRL.type == handshake && peek) {
@@ -19219,6 +19225,7 @@ startScr:
             }
         }
     #endif
+#endif
     }
 
     size = min(sz, (int)ssl->buffers.clearOutputBuffer.length);