From 995100eed188d946376cca0f7cd84c61cdfbdc25 Mon Sep 17 00:00:00 2001 From: David Garske Date: Wed, 10 Aug 2022 09:40:42 -0700 Subject: [PATCH] Fix for handling `WC_PENDING_E` from decrypt session ticket callback. ZD14420 --- examples/client/client.c | 6 +++--- examples/server/server.c | 6 +++--- src/tls13.c | 38 +++++++++++++++++++++++++------------- 3 files changed, 31 insertions(+), 19 deletions(-) diff --git a/examples/client/client.c b/examples/client/client.c index 8581a9c89..1d12aa6bf 100644 --- a/examples/client/client.c +++ b/examples/client/client.c @@ -616,9 +616,6 @@ static int ClientBenchmarkConnections(WOLFSSL_CTX* ctx, char* host, word16 port, do { err = 0; /* reset error */ ret = wolfSSL_connect(ssl); -#ifdef WOLFSSL_EARLY_DATA - EarlyDataStatus(ssl); -#endif if (ret != WOLFSSL_SUCCESS) { err = wolfSSL_get_error(ssl, 0); #ifdef WOLFSSL_ASYNC_CRYPT @@ -630,6 +627,9 @@ static int ClientBenchmarkConnections(WOLFSSL_CTX* ctx, char* host, word16 port, #endif } } while (err == WC_PENDING_E); + #ifdef WOLFSSL_EARLY_DATA + EarlyDataStatus(ssl); + #endif if (ret != WOLFSSL_SUCCESS) { err_sys("SSL_connect failed"); } diff --git a/examples/server/server.c b/examples/server/server.c index 324f1b68b..049986b97 100644 --- a/examples/server/server.c +++ b/examples/server/server.c @@ -3156,9 +3156,6 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) do { err = 0; /* reset error */ ret = SSL_accept(ssl); -#ifdef WOLFSSL_EARLY_DATA - EarlyDataStatus(ssl); -#endif if (ret != WOLFSSL_SUCCESS) { err = SSL_get_error(ssl, 0); #ifdef WOLFSSL_ASYNC_CRYPT @@ -3172,6 +3169,9 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) } #else ret = NonBlockingSSL_Accept(ssl); +#endif +#ifdef WOLFSSL_EARLY_DATA + EarlyDataStatus(ssl); #endif if (ret != WOLFSSL_SUCCESS) { err = SSL_get_error(ssl, 0); diff --git a/src/tls13.c b/src/tls13.c index 6cc96e638..e68887ae2 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -4472,7 +4472,8 @@ static int FindPsk(WOLFSSL* ssl, PreSharedKey* psk, byte* suite, int* err) * first Set to 1 if first in extension * returns 0 on success and otherwise failure. */ -static int DoPreSharedKeys(WOLFSSL* ssl, byte* suite, int* usingPSK, int* first) +static int DoPreSharedKeys(WOLFSSL* ssl, const byte* input, word32 inputSz, + byte* suite, int* usingPSK, int* first) { int ret = 0; TLSX* ext; @@ -4503,8 +4504,13 @@ static int DoPreSharedKeys(WOLFSSL* ssl, byte* suite, int* usingPSK, int* first) #ifdef HAVE_SESSION_TICKET /* Decode the identity. */ - if (DoClientTicket(ssl, current->identity, current->identityLen) - == WOLFSSL_TICKET_RET_OK) { + ret = DoClientTicket(ssl, current->identity, current->identityLen); + #ifdef WOLFSSL_ASYNC_CRYPT + if (ret == WC_PENDING_E) + return ret; + #endif + + if (ret == WOLFSSL_TICKET_RET_OK) { word32 now; sword64 diff; @@ -4573,6 +4579,12 @@ static int DoPreSharedKeys(WOLFSSL* ssl, byte* suite, int* usingPSK, int* first) ret = DeriveEarlySecret(ssl); if (ret != 0) return ret; + + /* Hash data up to binders for deriving binders in PSK extension. */ + ret = HashInput(ssl, input, inputSz); + if (ret < 0) + return ret; + /* Derive the binder key to use with HMAC. */ ret = DeriveBinderKeyResume(ssl, binderKey); if (ret != 0) @@ -4585,6 +4597,10 @@ static int DoPreSharedKeys(WOLFSSL* ssl, byte* suite, int* usingPSK, int* first) if (ret != 0) return ret; + ret = HashInput(ssl, input, inputSz); + if (ret < 0) + return ret; + /* Derive the binder key to use with HMAC. */ ret = DeriveBinderKey(ssl, binderKey); if (ret != 0) @@ -4692,11 +4708,6 @@ static int CheckPreSharedKeys(WOLFSSL* ssl, const byte* input, word32 helloSz, if (ret < 0) return ret; - /* Hash data up to binders for deriving binders in PSK extension. */ - ret = HashInput(ssl, input, helloSz - bindersLen); - if (ret < 0) - return ret; - /* Refine list for PSK processing. */ RefineSuites(ssl, clSuites); @@ -4707,8 +4718,8 @@ static int CheckPreSharedKeys(WOLFSSL* ssl, const byte* input, word32 helloSz, if (!ssl->options.useClientOrder) { /* Server order - server list has only common suites from refining. */ for (i = 0; !(*usingPSK) && i < ssl->suites->suiteSz; i += 2) { - ret = DoPreSharedKeys(ssl, ssl->suites->suites + i, usingPSK, - &first); + ret = DoPreSharedKeys(ssl, input, helloSz - bindersLen, + ssl->suites->suites + i, usingPSK, &first); if (ret != 0) { return ret; } @@ -4718,15 +4729,16 @@ static int CheckPreSharedKeys(WOLFSSL* ssl, const byte* input, word32 helloSz, /* Client order */ for (j = 0; !(*usingPSK) && j < clSuites->suiteSz; j += 2) { for (i = 0; !(*usingPSK) && i < ssl->suites->suiteSz; i += 2) { - ret = DoPreSharedKeys(ssl, ssl->suites->suites + i, usingPSK, - &first); + ret = DoPreSharedKeys(ssl, input, helloSz - bindersLen, + ssl->suites->suites + i, usingPSK, &first); if (ret != 0) return ret; } } } #else - ret = DoPreSharedKeys(ssl, suite, usingPSK, &first); + ret = DoPreSharedKeys(ssl, input, helloSz - bindersLen, suite, usingPSK, + &first); if (ret != 0) return ret; #endif