[tls] Keep cipherstream window open until TLS negotiation is complete

When performing a SAN boot, the plainstream window size will be zero
(since this is the mechanism used internally to indicate that no data
should be fetched via the initial request).  This zero value currently
propagates to the advertised TCP window size, which prevents the TLS
negotiation from completing.

Fix by ensuring that the cipherstream window is held open until TLS
negotiation is complete, and only then falling back to passing through
the plainstream window size.

Reported-by: John Wigley <johnwigley#ipxe@acorna.co.uk>
Tested-by: John Wigley <johnwigley#ipxe@acorna.co.uk>
Signed-off-by: Michael Brown <mcb30@ipxe.org>

src/net/tls.c

@@ -2328,6 +2328,21 @@ static int tls_newdata_process_data ( struct tls_session *tls ) {
 	return 0;
 }
 
+/**
+ * Check flow control window
+ *
+ * @v tls		TLS session
+ * @ret len		Length of window
+ */
+static size_t tls_cipherstream_window ( struct tls_session *tls ) {
+
+	/* Open window until we are ready to accept data */
+	if ( ! tls_ready ( tls ) )
+		return -1UL;
+
+	return xfer_window ( &tls->plainstream );
+}
+
 /**
  * Receive new ciphertext
  *
@@ -2390,6 +2405,7 @@ static int tls_cipherstream_deliver ( struct tls_session *tls,
 static struct interface_operation tls_cipherstream_ops[] = {
 	INTF_OP ( xfer_deliver, struct tls_session *,
 		  tls_cipherstream_deliver ),
+	INTF_OP ( xfer_window, struct tls_session *, tls_cipherstream_window ),
 	INTF_OP ( xfer_window_changed, struct tls_session *, tls_tx_resume ),
 	INTF_OP ( intf_close, struct tls_session *, tls_close ),
 };