diff --git a/examples/client/client.c b/examples/client/client.c index bd2f2d14c..da82d3fc8 100644 --- a/examples/client/client.c +++ b/examples/client/client.c @@ -40,6 +40,7 @@ #include #include +#include #ifndef NO_WOLFSSL_CLIENT @@ -99,31 +100,41 @@ static int NonBlockingSSL_Connect(WOLFSSL* ssl) error = wolfSSL_get_error(ssl, 0); sockfd = (SOCKET_T)wolfSSL_get_fd(ssl); - while (ret != WOLFSSL_SUCCESS && (error == WOLFSSL_ERROR_WANT_READ || - error == WOLFSSL_ERROR_WANT_WRITE || - error == WC_PENDING_E)) { + while (ret != WOLFSSL_SUCCESS && + (error == WOLFSSL_ERROR_WANT_READ || error == WOLFSSL_ERROR_WANT_WRITE + #ifdef WOLFSSL_ASYNC_CRYPT + || error == WC_PENDING_E + #endif + #ifdef WOLFSSL_NONBLOCK_OCSP + || error == OCSP_WANT_READ + #endif + )) { int currTimeout = 1; - + if (error == WOLFSSL_ERROR_WANT_READ) printf("... client would read block\n"); else if (error == WOLFSSL_ERROR_WANT_WRITE) printf("... client would write block\n"); + #ifdef WOLFSSL_ASYNC_CRYPT - else if (error == WC_PENDING_E) { + if (error == WC_PENDING_E) { ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW); if (ret < 0) break; } + else #endif - - if (error != WC_PENDING_E) { + { #ifdef WOLFSSL_DTLS currTimeout = wolfSSL_dtls_get_current_timeout(ssl); #endif select_ret = tcp_select(sockfd, currTimeout); } - if ((select_ret == TEST_RECV_READY) || - (select_ret == TEST_ERROR_READY) || error == WC_PENDING_E) { + if ((select_ret == TEST_RECV_READY) || (select_ret == TEST_ERROR_READY) + #ifdef WOLFSSL_ASYNC_CRYPT + || error == WC_PENDING_E + #endif + ) { #ifndef WOLFSSL_CALLBACKS ret = wolfSSL_connect(ssl); #else @@ -635,7 +646,11 @@ static void ClientRead(WOLFSSL* ssl, char* reply, int replyLen, int mustRead) err_sys("SSL_read failed"); } } - } while (err == WC_PENDING_E || (mustRead && err == WOLFSSL_ERROR_WANT_READ)); + } while ((mustRead && err == WOLFSSL_ERROR_WANT_READ) + #ifdef WOLFSSL_ASYNC_CRYPT + || err == WC_PENDING_E + #endif + ); if (ret > 0) { reply[ret] = 0; printf("%s\n", reply); diff --git a/examples/server/server.c b/examples/server/server.c index 8f20ab8cb..39d444a12 100644 --- a/examples/server/server.c +++ b/examples/server/server.c @@ -126,9 +126,12 @@ static int NonBlockingSSL_Accept(SSL* ssl) SOCKET_T sockfd = (SOCKET_T)CyaSSL_get_fd(ssl); int select_ret = 0; - while (ret != WOLFSSL_SUCCESS && (error == WOLFSSL_ERROR_WANT_READ || - error == WOLFSSL_ERROR_WANT_WRITE || - error == WC_PENDING_E)) { + while (ret != WOLFSSL_SUCCESS && + (error == WOLFSSL_ERROR_WANT_READ || error == WOLFSSL_ERROR_WANT_WRITE + #ifdef WOLFSSL_ASYNC_CRYPT + || error == WC_PENDING_E + #endif + )) { int currTimeout = 1; if (error == WOLFSSL_ERROR_WANT_READ) { @@ -137,22 +140,26 @@ static int NonBlockingSSL_Accept(SSL* ssl) else if (error == WOLFSSL_ERROR_WANT_WRITE) { /* printf("... server would write block\n"); */ } + #ifdef WOLFSSL_ASYNC_CRYPT - else if (error == WC_PENDING_E) { + if (error == WC_PENDING_E) { ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW); if (ret < 0) break; } + else #endif - - if (error != WC_PENDING_E) { + { #ifdef CYASSL_DTLS currTimeout = CyaSSL_dtls_get_current_timeout(ssl); #endif select_ret = tcp_select(sockfd, currTimeout); } - if ((select_ret == TEST_RECV_READY) || - (select_ret == TEST_ERROR_READY) || error == WC_PENDING_E) { + if ((select_ret == TEST_RECV_READY) || (select_ret == TEST_ERROR_READY) + #ifdef WOLFSSL_ASYNC_CRYPT + || error == WC_PENDING_E + #endif + ) { #ifndef CYASSL_CALLBACKS ret = SSL_accept(ssl); #else @@ -217,7 +224,7 @@ int ServerEchoData(SSL* ssl, int clientfd, int echoData, int throughput) else #endif if (err != WOLFSSL_ERROR_WANT_READ && - err != WOLFSSL_ERROR_ZERO_RETURN) { + err != WOLFSSL_ERROR_ZERO_RETURN) { printf("SSL_read echo error %d\n", err); err_sys_ex(runWithErrors, "SSL_read failed"); } diff --git a/scripts/ocsp.test b/scripts/ocsp.test index 2f3d329cd..6bfc6d33f 100755 --- a/scripts/ocsp.test +++ b/scripts/ocsp.test @@ -13,7 +13,7 @@ RESULT=$? [ $RESULT -ne 0 ] && exit 0 # client test against the server -./examples/client/client -X -C -h $server -p 443 -A $ca -g -o +./examples/client/client -X -C -h $server -p 443 -A $ca -g -o -N RESULT=$? [ $RESULT -ne 0 ] && echo -e "\n\nClient connection failed" && exit 1 diff --git a/src/internal.c b/src/internal.c index c8e74fe46..fcd30468f 100644 --- a/src/internal.c +++ b/src/internal.c @@ -8069,9 +8069,6 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, ret = ParseCertRelative(args->dCert, CERT_TYPE, 0, ssl->ctx->cm); - if (ret != 0 && ret != WC_PENDING_E) - goto exit_ppc; - #ifdef WOLFSSL_ASYNC_CRYPT if (ret == WC_PENDING_E) { ret = wolfSSL_AsyncPush(ssl, @@ -8079,6 +8076,8 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, goto exit_ppc; } #endif + if (ret != 0) + goto exit_ppc; #ifndef NO_SKID if (args->dCert->extAuthKeyIdSet) { @@ -8137,9 +8136,6 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, ret = ParseCertRelative(args->dCert, CERT_TYPE, 0, ssl->ctx->cm); - if (ret != 0 && ret != WC_PENDING_E) { - goto exit_ppc; - } #ifdef WOLFSSL_ASYNC_CRYPT if (ret == WC_PENDING_E) { ret = wolfSSL_AsyncPush(ssl, @@ -8147,6 +8143,9 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, goto exit_ppc; } #endif + if (ret != 0) { + goto exit_ppc; + } #ifndef NO_SKID subjectHash = args->dCert->extSubjKeyId; @@ -9935,8 +9934,14 @@ static int DoHandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx, /* Also, skip hashing the client_hello message here for DTLS. It will be * hashed later if the DTLS cookie is correct. */ if (type != hello_request && - !(IsDtlsNotSctpMode(ssl) && type == client_hello) && - ssl->error != WC_PENDING_E) { + !(IsDtlsNotSctpMode(ssl) && type == client_hello) + #ifdef WOLFSSL_ASYNC_CRYPT + && ssl->error != WC_PENDING_E + #endif + #ifdef WOLFSSL_NONBLOCK_OCSP + && ssl->error != OCSP_WANT_READ + #endif + ) { ret = HashInput(ssl, input + *inOutIdx, size); if (ret != 0) return ret; } @@ -10064,11 +10069,6 @@ static int DoHandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx, } #endif } -#ifdef WOLFSSL_NONBLOCK_OCSP - if (ret == OCSP_WANT_READ) { - ret = WANT_READ; /* treat as normal WANT_READ for non-block handling */ - } -#endif #endif /* WOLFSSL_ASYNC_CRYPT || WOLFSSL_NONBLOCK_OCSP */ WOLFSSL_LEAVE("DoHandShakeMsgType()", ret); @@ -10427,10 +10427,12 @@ static int DtlsMsgDrain(WOLFSSL* ssl) ssl->keys.dtls_expected_peer_handshake_number++; ret = DoHandShakeMsgType(ssl, item->msg, &idx, item->type, item->sz, item->sz); + #ifdef WOLFSSL_ASYNC_CRYPT if (ret == WC_PENDING_E) { ssl->keys.dtls_expected_peer_handshake_number--; break; } + #endif ssl->dtls_rx_msg_list = item->next; DtlsMsgDelete(item, ssl->heap); item = ssl->dtls_rx_msg_list; @@ -12046,8 +12048,14 @@ int ProcessReply(WOLFSSL* ssl) atomicUser = 1; #endif - if (ssl->error != 0 && ssl->error != WANT_READ && - ssl->error != WANT_WRITE && ssl->error != WC_PENDING_E) { + if (ssl->error != 0 && ssl->error != WANT_READ && ssl->error != WANT_WRITE + #ifdef WOLFSSL_ASYNC_CRYPT + && ssl->error != WC_PENDING_E + #endif + #ifdef WOLFSSL_NONBLOCK_OCSP + && ssl->error != OCSP_WANT_READ + #endif + ) { WOLFSSL_MSG("ProcessReply retry in error state, not allowed"); return ssl->error; } @@ -14198,8 +14206,13 @@ int SendData(WOLFSSL* ssl, const void* data, int sz) ret, dtlsExtra = 0; - if (ssl->error == WANT_WRITE || ssl->error == WC_PENDING_E) + if (ssl->error == WANT_WRITE + #ifdef WOLFSSL_ASYNC_CRYPT + || ssl->error == WC_PENDING_E + #endif + ) { ssl->error = 0; + } #ifdef WOLFSSL_DTLS if (ssl->options.dtls) { @@ -14223,10 +14236,12 @@ int SendData(WOLFSSL* ssl, const void* data, int sz) int err; WOLFSSL_MSG("handshake not complete, trying to finish"); if ( (err = wolfSSL_negotiate(ssl)) != WOLFSSL_SUCCESS) { + #ifdef WOLFSSL_ASYNC_CRYPT /* if async would block return WANT_WRITE */ if (ssl->error == WC_PENDING_E) { return WOLFSSL_CBIO_ERR_WANT_WRITE; } + #endif return err; } } @@ -14353,7 +14368,11 @@ int ReceiveData(WOLFSSL* ssl, byte* output, int sz, int peek) WOLFSSL_ENTER("ReceiveData()"); /* reset error state */ - if (ssl->error == WANT_READ || ssl->error == WC_PENDING_E) { + if (ssl->error == WANT_READ + #ifdef WOLFSSL_ASYNC_CRYPT + || ssl->error == WC_PENDING_E + #endif + ) { ssl->error = 0; } diff --git a/src/ssl.c b/src/ssl.c index 20f403fd0..9fb00175d 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -1725,8 +1725,11 @@ static int wolfSSL_read_internal(WOLFSSL* ssl, void* data, int sz, int peek) #ifdef HAVE_WRITE_DUP if (ssl->dupWrite) { - if (ssl->error != 0 && ssl->error != WANT_READ && - ssl->error != WC_PENDING_E) { + if (ssl->error != 0 && ssl->error != WANT_READ + #ifdef WOLFSSL_ASYNC_CRYPT + && ssl->error != WC_PENDING_E + #endif + ) { int notifyErr; WOLFSSL_MSG("Notifying write side of fatal read error"); @@ -7787,7 +7790,7 @@ static int wolfSSL_EVP_Digest(unsigned char* in, int inSz, unsigned char* out, if (XSTRNCMP("SHA384", evp, 6) == 0) { hash = WC_HASH_TYPE_SHA384; } - else + else #endif #ifdef WOLFSSL_SHA512 if (XSTRNCMP("SHA512", evp, 6) == 0) { @@ -15217,7 +15220,7 @@ WOLFSSL_X509* wolfSSL_X509_d2i(WOLFSSL_X509** x509, const byte* in, int len) return newX509; } -#endif /* KEEP_PEER_CERT || SESSION_CERTS || OPENSSL_EXTRA || +#endif /* KEEP_PEER_CERT || SESSION_CERTS || OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ #if defined(KEEP_PEER_CERT) || defined(SESSION_CERTS)