Fix for asynchronous TLS v1.3 issue where connect or accept state is incorrectly advanced when there is data to queued to send.

2025-07-29 18:27:29 +02:00 · 2020-04-08 07:26:21 -07:00
parent ebcf86070d
commit 5e5af8e93a
2 changed files with 28 additions and 4 deletions
--- a/src/ssl.c
+++ b/src/ssl.c
@ -12182,7 +12182,13 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
        }
        #endif

-        if (ssl->buffers.outputBuffer.length > 0) {
+        if (ssl->buffers.outputBuffer.length > 0
+        #ifdef WOLFSSL_ASYNC_CRYPT
+            /* do not send buffered or advance state if last error was an 
+                async pending operation */
+            && ssl->error != WC_PENDING_E
+        #endif
+        ) {
            if ( (ssl->error = SendBuffered(ssl)) == 0) {
                /* fragOffset is non-zero when sending fragments. On the last
                 * fragment, fragOffset is zero again, and the state can be
@ -12580,7 +12586,13 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
        }
    #endif

-        if (ssl->buffers.outputBuffer.length > 0) {
+        if (ssl->buffers.outputBuffer.length > 0
+        #ifdef WOLFSSL_ASYNC_CRYPT
+            /* do not send buffered or advance state if last error was an 
+                async pending operation */
+            && ssl->error != WC_PENDING_E
+        #endif
+        ) {
            if ( (ssl->error = SendBuffered(ssl)) == 0) {
                /* fragOffset is non-zero when sending fragments. On the last
                 * fragment, fragOffset is zero again, and the state can be
--- a/src/tls13.c
+++ b/src/tls13.c
@ -7870,7 +7870,13 @@ int wolfSSL_connect_TLSv13(WOLFSSL* ssl)
        return WOLFSSL_FATAL_ERROR;
    }

-    if (ssl->buffers.outputBuffer.length > 0) {
+    if (ssl->buffers.outputBuffer.length > 0
+    #ifdef WOLFSSL_ASYNC_CRYPT
+        /* do not send buffered or advance state if last error was an 
+            async pending operation */
+        && ssl->error != WC_PENDING_E
+    #endif
+    ) {
        if ((ssl->error = SendBuffered(ssl)) == 0) {
            /* fragOffset is non-zero when sending fragments. On the last
             * fragment, fragOffset is zero again, and the state can be
@ -8592,7 +8598,13 @@ int wolfSSL_accept_TLSv13(WOLFSSL* ssl)
    }
 #endif

-    if (ssl->buffers.outputBuffer.length > 0) {
+    if (ssl->buffers.outputBuffer.length > 0
+    #ifdef WOLFSSL_ASYNC_CRYPT
+        /* do not send buffered or advance state if last error was an 
+            async pending operation */
+        && ssl->error != WC_PENDING_E
+    #endif
+    ) {
        if ((ssl->error = SendBuffered(ssl)) == 0) {
            /* fragOffset is non-zero when sending fragments. On the last
             * fragment, fragOffset is zero again, and the state can be