wolfssl: preserve early-data handling across WANT_WRITE retries

The early-data logic setups "early" exits in Accept/Connect state machine so
that the data exchanged during the handshake can be delivered to the
caller.

After the caller process the data, it usually calls Accept/Connect again
to cotinue the handshake.

Under non-blocking I/O there is the chance that these early exits are
skipped, this commit fixes that.

Server-side accept (TLS 1.3/DTLS 1.3) could skip the early-data shortcut
whenever sending the Finished flight first hit WANT_WRITE: when Accept
is called again and the data is eventually flushed into the I/O layer
the accept state is advanced past TLS13_ACCEPT_FINISHED_SENT, so the
next wolfSSL_accept() call skipped the block that marks
SERVER_FINISHED_COMPLETE and lets the application drain 0-RTT data. By
keeping the FALL_THROUGH into TLS13_ACCEPT_FINISHED_SENT and only
returning early while that handshake flag is still unset, we revisit the
shortcut immediately after the buffered flight is delivered, preserving
the intentional behaviour even under non-blocking I/O.

On the client, the same pattern showed up after SendTls13ClientHello()
buffered due to WANT_WRITE: after flushing, the connect state is already
CLIENT_HELLO_SENT so the early-data exit is no longer executed. We now
fall through into the CLIENT_HELLO_SENT case and only short-circuit once
per handshake, ensuring the reply-processing loop still executes on the
retry.

Author: rizlik

src/tls13.c

@@ -13396,8 +13396,12 @@ int wolfSSL_connect_TLSv13(WOLFSSL* ssl)
 
             ssl->options.connectState = CLIENT_HELLO_SENT;
             WOLFSSL_MSG("TLSv13 connect state: CLIENT_HELLO_SENT");
+            FALL_THROUGH;
+
+        case CLIENT_HELLO_SENT:
     #ifdef WOLFSSL_EARLY_DATA
-            if (ssl->earlyData != no_early_data) {
+            if (ssl->earlyData != no_early_data &&
+                ssl->options.handShakeState != CLIENT_HELLO_COMPLETE) {
         #if defined(WOLFSSL_TLS13_MIDDLEBOX_COMPAT)
                 if (!ssl->options.dtls && ssl->options.tls13MiddleBoxCompat) {
                     if ((ssl->error = SendChangeCipher(ssl)) != 0) {
@@ -13411,9 +13415,6 @@ int wolfSSL_connect_TLSv13(WOLFSSL* ssl)
             return WOLFSSL_SUCCESS;
             }
     #endif
-            FALL_THROUGH;
-
-        case CLIENT_HELLO_SENT:
             /* Get the response/s from the server. */
             while (ssl->options.serverState <
                     SERVER_HELLOVERIFYREQUEST_COMPLETE) {
@@ -14736,15 +14737,16 @@ int wolfSSL_accept_TLSv13(WOLFSSL* ssl)
 
             ssl->options.acceptState = TLS13_ACCEPT_FINISHED_SENT;
             WOLFSSL_MSG("accept state ACCEPT_FINISHED_SENT");
+            FALL_THROUGH;
+
+        case TLS13_ACCEPT_FINISHED_SENT:
 #ifdef WOLFSSL_EARLY_DATA
-            if (ssl->earlyData != no_early_data) {
+            if (ssl->earlyData != no_early_data &&
+                    ssl->options.handShakeState != SERVER_FINISHED_COMPLETE) {
                 ssl->options.handShakeState = SERVER_FINISHED_COMPLETE;
                 return WOLFSSL_SUCCESS;
             }
 #endif
-            FALL_THROUGH;
-
-        case TLS13_ACCEPT_FINISHED_SENT :
 #ifdef HAVE_SESSION_TICKET
     #ifdef WOLFSSL_TLS13_TICKET_BEFORE_FINISHED
             if (!ssl->options.verifyPeer && !ssl->options.noTicketTls13 &&