tls: block decryption when a rekey is pending

#define TLS_CRYPTO_INFO_READY(info)	((info)->cipher_type)

#define TLS_HANDSHAKE_KEYUPDATE		24	/* rfc8446 B.3: Key update */

#define TLS_AAD_SPACE_SIZE		13

#define TLS_MAX_IV_SIZE			16

	u8 async_capable:1;

	u8 zc_capable:1;

	u8 reader_contended:1;

	bool key_update_pending;

	struct tls_strparser strp;

	int ret = 0;

	long timeo;

	/* a rekey is pending, let userspace deal with it */

	if (unlikely(ctx->key_update_pending))

		return -EKEYEXPIRED;

	timeo = sock_rcvtimeo(sk, nonblock);

	while (!tls_strp_msg_ready(ctx)) {

	return 1;

}

static int tls_check_pending_rekey(struct tls_context *ctx, struct sk_buff *skb)

{

	const struct strp_msg *rxm = strp_msg(skb);

	const struct tls_msg *tlm = tls_msg(skb);

	char hs_type;

	int err;

	if (likely(tlm->control != TLS_RECORD_TYPE_HANDSHAKE))

		return 0;

	if (rxm->full_len < 1)

		return 0;

	err = skb_copy_bits(skb, rxm->offset, &hs_type, 1);

	if (err < 0) {

		DEBUG_NET_WARN_ON_ONCE(1);

		return err;

	}

	if (hs_type == TLS_HANDSHAKE_KEYUPDATE) {

		struct tls_sw_context_rx *rx_ctx = ctx->priv_ctx_rx;

		WRITE_ONCE(rx_ctx->key_update_pending, true);

	}

	return 0;

}

static int tls_rx_one_record(struct sock *sk, struct msghdr *msg,

			     struct tls_decrypt_arg *darg)

{

	rxm->full_len -= prot->overhead_size;

	tls_advance_record_sn(sk, prot, &tls_ctx->rx);

	return 0;

	return tls_check_pending_rekey(tls_ctx, darg->skb);

}

int decrypt_skb(struct sock *sk, struct scatterlist *sgout)

		crypto_info = &ctx->crypto_recv.info;

		cctx = &ctx->rx;

		aead = &sw_ctx_rx->aead_recv;

		sw_ctx_rx->key_update_pending = false;

	}

	cipher_desc = get_cipher_desc(crypto_info->cipher_type);