From 5ade360d9e834805e40b61edd31b6999a8ccf18a Mon Sep 17 00:00:00 2001
From: David Garske <david@wolfssl.com>
Date: Tue, 28 Jun 2022 12:38:57 -0700
Subject: [PATCH 1/3] Fix to avoid using `WC_HW_WAIT_E` for sniffer. ZD14398

---
 src/sniffer.c                         | 2 +-
 sslSniffer/sslSnifferTest/snifftest.c | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/sniffer.c b/src/sniffer.c
index d4c0e5d13..f0e1730d0 100644
--- a/src/sniffer.c
+++ b/src/sniffer.c
@@ -5718,7 +5718,7 @@ static int CheckSequence(IpInfo* ipInfo, TcpInfo* tcpInfo,
     if (session->sslServer->error == WC_PENDING_E &&
         session->pendSeq != tcpInfo->sequence) {
         /* this stream is processing, queue packet */
-        return WC_HW_WAIT_E;
+        return WC_PENDING_E;
     }
 #endif
 
diff --git a/sslSniffer/sslSnifferTest/snifftest.c b/sslSniffer/sslSnifferTest/snifftest.c
index 9c4d20286..3c66a66be 100644
--- a/sslSniffer/sslSnifferTest/snifftest.c
+++ b/sslSniffer/sslSnifferTest/snifftest.c
@@ -867,9 +867,9 @@ int main(int argc, char** argv)
             ret = ssl_DecodePacketAsync(chain, chainSz, isChain, &data, err,
                 &sslInfo, NULL);
 
-            /* WC_PENDING_E: Hardware is processing */
-            /* WC_HW_WAIT_E: Hardware is already processing stream */
-            if (ret == WC_PENDING_E || ret == WC_HW_WAIT_E) {
+            /* WC_PENDING_E: Hardware is processing or stream is blocked
+             *               (waiting on WC_PENDING_E) */
+            if (ret == WC_PENDING_E) {
                 /* add to queue, for later processing */
             #ifdef DEBUG_SNIFFER
                 printf("Steam is pending, queue packet %d\n", packetNumber);

From e49f07694e3b8692a5a758b50c9fa7faebdb14ed Mon Sep 17 00:00:00 2001
From: David Garske <david@wolfssl.com>
Date: Tue, 28 Jun 2022 12:54:25 -0700
Subject: [PATCH 2/3] Fix for sniffer possible malloc of zero size causing a
 `-fsanitize=address` leak report.

---
 src/sniffer.c | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/src/sniffer.c b/src/sniffer.c
index f0e1730d0..2658c5b72 100644
--- a/src/sniffer.c
+++ b/src/sniffer.c
@@ -3994,12 +3994,14 @@ static int ProcessClientHello(const byte* input, int* sslBytes,
             }
             /* cache key share data till server_hello */
             session->cliKeyShareSz = ksLen;
-            session->cliKeyShare = (byte*)XMALLOC(ksLen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-            if (session->cliKeyShare == NULL) {
-                SetError(MEMORY_STR, error, session, FATAL_ERROR_STATE);
-                break;
+            if (ksLen > 0) {
+                session->cliKeyShare = (byte*)XMALLOC(ksLen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+                if (session->cliKeyShare == NULL) {
+                    SetError(MEMORY_STR, error, session, FATAL_ERROR_STATE);
+                    break;
+                }
+                XMEMCPY(session->cliKeyShare, &input[2], ksLen);
             }
-            XMEMCPY(session->cliKeyShare, &input[2], ksLen);
             break;
         }
         #ifdef HAVE_SESSION_TICKET

From d76c46a96f35b0c331e863ea3721b2995de2797c Mon Sep 17 00:00:00 2001
From: David Garske <david@wolfssl.com>
Date: Tue, 28 Jun 2022 14:37:10 -0700
Subject: [PATCH 3/3] Fix for sniffer async issue with TLS v1.3.

---
 src/sniffer.c                         | 6 +++++-
 src/tls.c                             | 2 +-
 sslSniffer/sslSnifferTest/snifftest.c | 2 +-
 3 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/src/sniffer.c b/src/sniffer.c
index 2658c5b72..71bc3175e 100644
--- a/src/sniffer.c
+++ b/src/sniffer.c
@@ -4398,7 +4398,11 @@ static int DoHandShake(const byte* input, int* sslBytes,
 #endif
 
 #ifdef WOLFSSL_TLS13
-    if (type != client_hello && type != server_hello) {
+    if (type != client_hello && type != server_hello
+    #ifdef WOLFSSL_ASYNC_CRYPT
+        && session->sslServer->error != WC_PENDING_E
+    #endif
+    ) {
         /* For resumption the hash is before / after client_hello PSK binder */
         /* hash the packet including header */
         /* TLS v1.3 requires the hash for the handshake and transfer key derivation */
diff --git a/src/tls.c b/src/tls.c
index 3d1db0414..b712a43d1 100644
--- a/src/tls.c
+++ b/src/tls.c
@@ -158,7 +158,7 @@ int BuildTlsHandshakeHash(WOLFSSL* ssl, byte* hash, word32* hashLen)
 
     *hashLen = hashSz;
 #ifdef WOLFSSL_CHECK_MEM_ZERO
-     wc_MemZero_Add("TLS hasndshake hash", hash, hashSz);
+     wc_MemZero_Add("TLS handshake hash", hash, hashSz);
 #endif
 
     if (ret != 0)
diff --git a/sslSniffer/sslSnifferTest/snifftest.c b/sslSniffer/sslSnifferTest/snifftest.c
index 3c66a66be..aaadee048 100644
--- a/sslSniffer/sslSnifferTest/snifftest.c
+++ b/sslSniffer/sslSnifferTest/snifftest.c
@@ -827,7 +827,7 @@ int main(int argc, char** argv)
             /* grab next pcap packet */
             packetNumber++;
             packet = pcap_next(pcap, &header);
-        #ifdef QAT_DEBUG
+        #if defined(WOLFSSL_ASYNC_CRYPT) && defined(DEBUG_SNIFFER)
             printf("Packet Number: %d\n", packetNumber);
         #endif
         }