From 4591e5635bfc58cc5e82356b6560a4215a6a5061 Mon Sep 17 00:00:00 2001 From: Hayden Roche Date: Thu, 15 Sep 2022 11:29:39 -0700 Subject: [PATCH] Handle WC_PENDING_E from ticketEncCb in DoClientTicket properly. ticketEncCb can return WC_PENDING_E. If it does in DoClientTicket, we need to propagate this up to the calling function (e.g. DoPreSharedKeys), rather than treating it as a failure. I tested this by running the following experiment ./examples/server/server -v 4 -r & ./examples/client/client -v 4 -r and adding the following async simulation code to wc_ChaCha20Poly1305_Decrypt: #ifdef WOLFSSL_ASYNC_CRYPT static int testAsync = 0; if ((testAsync++ % 2) == 0) { return WC_PENDING_E; } #endif Prior to these changes, you can see that the WC_PENDING_E will not be handled properly in DoClientTicket (using gdb). A full TLS handshake proceeds from there. With this commit, running the same experiment shows the pending error being handled properly. --- src/internal.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/src/internal.c b/src/internal.c index f9a8cdabc..9583818a0 100644 --- a/src/internal.c +++ b/src/internal.c @@ -34008,9 +34008,16 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, et->enc_ticket, inLen, &outLen, ssl->ctx->ticketEncCtx); } - if (ret != WOLFSSL_TICKET_RET_OK && ret != WOLFSSL_TICKET_RET_CREATE) { - WOLFSSL_ERROR_VERBOSE(BAD_TICKET_KEY_CB_SZ); - return WOLFSSL_TICKET_RET_REJECT; + if (ret != WOLFSSL_TICKET_RET_OK) { + #ifdef WOLFSSL_ASYNC_CRYPT + if (ret == WC_PENDING_E) { + return ret; + } + #endif /* WOLFSSL_ASYNC_CRYPT */ + if (ret != WOLFSSL_TICKET_RET_CREATE) { + WOLFSSL_ERROR_VERBOSE(BAD_TICKET_KEY_CB_SZ); + return WOLFSSL_TICKET_RET_REJECT; + } } if (outLen > (int)inLen || outLen < (int)sizeof(InternalTicket)) { WOLFSSL_MSG("Bad user ticket decrypt len");