Merge pull request #5455 from dgarske/zd14420

Fix for handling `WC_PENDING_E` from decrypt session ticket callback
2025-07-29 18:27:29 +02:00 · 2022-08-12 08:20:57 +10:00
parent 499b9c4f35 995100eed1
commit 2b38ba0300
3 changed files with 31 additions and 19 deletions
--- a/examples/client/client.c
+++ b/examples/client/client.c
@ -616,9 +616,6 @@ static int ClientBenchmarkConnections(WOLFSSL_CTX* ctx, char* host, word16 port,
            do {
                err = 0; /* reset error */
                ret = wolfSSL_connect(ssl);
-#ifdef WOLFSSL_EARLY_DATA
-                EarlyDataStatus(ssl);
-#endif
                if (ret != WOLFSSL_SUCCESS) {
                    err = wolfSSL_get_error(ssl, 0);
                #ifdef WOLFSSL_ASYNC_CRYPT
@ -630,6 +627,9 @@ static int ClientBenchmarkConnections(WOLFSSL_CTX* ctx, char* host, word16 port,
                #endif
                }
            } while (err == WC_PENDING_E);
+        #ifdef WOLFSSL_EARLY_DATA
+            EarlyDataStatus(ssl);
+        #endif
            if (ret != WOLFSSL_SUCCESS) {
                err_sys("SSL_connect failed");
            }
--- a/examples/server/server.c
+++ b/examples/server/server.c
@ -3156,9 +3156,6 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
            do {
                err = 0; /* reset error */
                ret = SSL_accept(ssl);
-#ifdef WOLFSSL_EARLY_DATA
-                EarlyDataStatus(ssl);
-#endif
                if (ret != WOLFSSL_SUCCESS) {
                    err = SSL_get_error(ssl, 0);
                #ifdef WOLFSSL_ASYNC_CRYPT
@ -3172,6 +3169,9 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
        }
 #else
        ret = NonBlockingSSL_Accept(ssl);
+#endif
+#ifdef WOLFSSL_EARLY_DATA
+        EarlyDataStatus(ssl);
 #endif
        if (ret != WOLFSSL_SUCCESS) {
            err = SSL_get_error(ssl, 0);
--- a/src/tls13.c
+++ b/src/tls13.c
@ -4577,7 +4577,8 @@ static int FindPsk(WOLFSSL* ssl, PreSharedKey* psk, byte* suite, int* err)
 * first       Set to 1 if first in extension
 * returns 0 on success and otherwise failure.
 */
-static int DoPreSharedKeys(WOLFSSL* ssl, byte* suite, int* usingPSK, int* first)
+static int DoPreSharedKeys(WOLFSSL* ssl, const byte* input, word32 inputSz,
+    byte* suite, int* usingPSK, int* first)
 {
    int           ret = 0;
    TLSX*         ext;
@ -4608,8 +4609,13 @@ static int DoPreSharedKeys(WOLFSSL* ssl, byte* suite, int* usingPSK, int* first)

    #ifdef HAVE_SESSION_TICKET
        /* Decode the identity. */
-        if (DoClientTicket(ssl, current->identity, current->identityLen)
-                                                     == WOLFSSL_TICKET_RET_OK) {
+        ret = DoClientTicket(ssl, current->identity, current->identityLen);
+        #ifdef WOLFSSL_ASYNC_CRYPT
+        if (ret == WC_PENDING_E)
+            return ret;
+        #endif
+
+        if (ret == WOLFSSL_TICKET_RET_OK) {
            word32  now;
            sword64 diff;

@ -4678,6 +4684,12 @@ static int DoPreSharedKeys(WOLFSSL* ssl, byte* suite, int* usingPSK, int* first)
            ret = DeriveEarlySecret(ssl);
            if (ret != 0)
                return ret;
+
+            /* Hash data up to binders for deriving binders in PSK extension. */
+            ret = HashInput(ssl, input, inputSz);
+            if (ret < 0)
+                return ret;
+
            /* Derive the binder key to use with HMAC. */
            ret = DeriveBinderKeyResume(ssl, binderKey);
            if (ret != 0)
@ -4690,6 +4702,10 @@ static int DoPreSharedKeys(WOLFSSL* ssl, byte* suite, int* usingPSK, int* first)
            if (ret != 0)
                return ret;

+            ret = HashInput(ssl, input, inputSz);
+            if (ret < 0)
+                return ret;
+
            /* Derive the binder key to use with HMAC. */
            ret = DeriveBinderKey(ssl, binderKey);
            if (ret != 0)
@ -4801,11 +4817,6 @@ static int CheckPreSharedKeys(WOLFSSL* ssl, const byte* input, word32 helloSz,
    if (ret < 0)
        return ret;

-    /* Hash data up to binders for deriving binders in PSK extension. */
-    ret = HashInput(ssl, input,  helloSz - bindersLen);
-    if (ret < 0)
-        return ret;
-
    /* Refine list for PSK processing. */
    RefineSuites(ssl, clSuites);

@ -4816,8 +4827,8 @@ static int CheckPreSharedKeys(WOLFSSL* ssl, const byte* input, word32 helloSz,
    if (!ssl->options.useClientOrder) {
        /* Server order - server list has only common suites from refining. */
        for (i = 0; !(*usingPSK) && i < ssl->suites->suiteSz; i += 2) {
-            ret = DoPreSharedKeys(ssl, ssl->suites->suites + i, usingPSK,
-                                                                        &first);
+            ret = DoPreSharedKeys(ssl, input, helloSz - bindersLen,
+                ssl->suites->suites + i, usingPSK, &first);
            if (ret != 0) {
                return ret;
            }
@ -4827,15 +4838,16 @@ static int CheckPreSharedKeys(WOLFSSL* ssl, const byte* input, word32 helloSz,
        /* Client order */
        for (j = 0; !(*usingPSK) && j < clSuites->suiteSz; j += 2) {
            for (i = 0; !(*usingPSK) && i < ssl->suites->suiteSz; i += 2) {
-            ret = DoPreSharedKeys(ssl, ssl->suites->suites + i, usingPSK,
-                                                                        &first);
+            ret = DoPreSharedKeys(ssl, input, helloSz - bindersLen,
+                ssl->suites->suites + i, usingPSK, &first);
                if (ret != 0)
                    return ret;
            }
        }
    }
 #else
-    ret = DoPreSharedKeys(ssl, suite, usingPSK, &first);
+    ret = DoPreSharedKeys(ssl, input, helloSz - bindersLen, suite, usingPSK,
+        &first);
    if (ret != 0)
        return ret;
 #endif