From 1c3c89eb43ed63ad1a3337428d3a22a31cd649b7 Mon Sep 17 00:00:00 2001
From: Harshit Malpani <harshit.malpani@espressif.com>
Date: Mon, 17 Jul 2023 13:24:40 +0530
Subject: [PATCH] fix(esp-tls): Retry reads if using session tickets with TLS
 1.3

Fixed the error that occurred while performing OTA upgrades over
TLS 1.3 connection. After handshake is completed, post-handshake message
is received and internal state is changed. While performing mbedtls_ssl_read(),
it checks handshake state and if it is not MBEDTLS_SSL_HANDSHAKE_OVER,
mbedtls_ssl_handshake is called again.
---
 components/esp-tls/esp_tls_mbedtls.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/components/esp-tls/esp_tls_mbedtls.c b/components/esp-tls/esp_tls_mbedtls.c
index 32e85b8871..4a68a638c9 100644
--- a/components/esp-tls/esp_tls_mbedtls.c
+++ b/components/esp-tls/esp_tls_mbedtls.c
@@ -230,7 +230,10 @@ ssize_t esp_mbedtls_read(esp_tls_t *tls, char *data, size_t datalen)
 
     ssize_t ret = mbedtls_ssl_read(&tls->ssl, (unsigned char *)data, datalen);
 #if CONFIG_MBEDTLS_SSL_PROTO_TLS1_3 && CONFIG_MBEDTLS_CLIENT_SSL_SESSION_TICKETS
-    while (ret == MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET) {
+    // If a post-handshake message is received, connection state is changed to `MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET`
+    // Call mbedtls_ssl_read() till state is `MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET` or return code is `MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET`
+    // to process session tickets in TLS 1.3 connection
+    while (ret == MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET || tls->ssl.MBEDTLS_PRIVATE(state) == MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET) {
         ESP_LOGD(TAG, "got session ticket in TLS 1.3 connection, retry read");
         ret = mbedtls_ssl_read(&tls->ssl, (unsigned char *)data, datalen);
     }