From eb56b652ca9f01952a0e0e9349d678847092ebdd Mon Sep 17 00:00:00 2001
From: David Garske <david@wolfssl.com>
Date: Fri, 22 Oct 2021 16:28:46 -0700
Subject: [PATCH] Fix for async TLS v1.3 with multiple `WC_PENDING_E` on
 client_hello and server_hello processing. Fix for not aligned NUMA.

---
 src/internal.c                              |  8 ++++----
 src/tls13.c                                 | 12 +++++++++---
 wolfcrypt/src/port/intel/quickassist_sync.c |  4 ++++
 3 files changed, 17 insertions(+), 7 deletions(-)

diff --git a/src/internal.c b/src/internal.c
index ffd559292..7ad58fe44 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -12020,8 +12020,8 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
                             args->dCertInit = 0;
                             /* once again */
                             ret = ProcessPeerCertParse(ssl, args, CERT_TYPE,
-                            !ssl->options.verifyNone ? VERIFY : NO_VERIFY,
-                            &subjectHash, &alreadySigner);
+                                !ssl->options.verifyNone ? VERIFY : NO_VERIFY,
+                                &subjectHash, &alreadySigner);
                         } else
                             ret = ASN_NO_SIGNER_E;
                     }
@@ -12235,8 +12235,8 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
                             args->dCertInit = 0;
                             /* once again */
                             ret = ProcessPeerCertParse(ssl, args, CERT_TYPE,
-                            !ssl->options.verifyNone ? VERIFY : NO_VERIFY,
-                            &subjectHash, &alreadySigner);
+                                !ssl->options.verifyNone ? VERIFY : NO_VERIFY,
+                                &subjectHash, &alreadySigner);
                         } else
                             ret = ASN_NO_SIGNER_E;
                     }
diff --git a/src/tls13.c b/src/tls13.c
index b3327ba30..70d9f6cce 100644
--- a/src/tls13.c
+++ b/src/tls13.c
@@ -3276,8 +3276,13 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
     ret = wolfSSL_AsyncPop(ssl, &ssl->options.asyncState);
     if (ret != WC_NOT_PENDING_E) {
         /* Check for error */
-        if (ret < 0)
+        if (ret < 0) {
+            if (ret == WC_PENDING_E) {
+                /* Mark message as not received so it can process again */
+                ssl->msgsReceived.got_server_hello--;
+            }
             return ret;
+        }
     }
     else
 #endif
@@ -4533,8 +4538,9 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
     ret = wolfSSL_AsyncPop(ssl, &ssl->options.asyncState);
     if (ret != WC_NOT_PENDING_E) {
         /* Check for error */
-        if (ret < 0)
-            return ret;
+        if (ret < 0) {
+            goto exit_dch;
+        }
     }
     else
 #endif
diff --git a/wolfcrypt/src/port/intel/quickassist_sync.c b/wolfcrypt/src/port/intel/quickassist_sync.c
index 14a45dc99..1cb780310 100644
--- a/wolfcrypt/src/port/intel/quickassist_sync.c
+++ b/wolfcrypt/src/port/intel/quickassist_sync.c
@@ -1783,6 +1783,10 @@ void* wc_CryptoCb_IntelQaRealloc(void *ptr, size_t size, void* heap, int type
             if (newIsNuma == 0 && ptrIsNuma == 0) {
                 allocNew = 1;
             }
+            /* confirm input is aligned, otherwise allocate new */
+            else if (((size_t)ptr % WOLF_HEADER_ALIGN) != 0) {
+                allocNew = 1;
+            }
             /* if matching NUMA type and size fits, use existing */
             else if (newIsNuma == ptrIsNuma && header->size >= size) {