Merge pull request #4906 from julek-wolfssl/ZD13606-master

Fix issues reported in ZD13606
2025-07-30 02:37:28 +02:00 · 2022-03-03 21:27:22 +10:00
parent dad2332a95 c7c3ee00bb
commit 63e4ba5854
5 changed files with 22 additions and 11 deletions
--- a/src/bio.c
+++ b/src/bio.c
@ -134,6 +134,11 @@ static int wolfSSL_BIO_MEMORY_read(WOLFSSL_BIO* bio, void* buf, int len)
    return sz;
 }

+int wolfSSL_BIO_method_type(const WOLFSSL_BIO *b)
+{
+    return b != NULL ? b->type : (int)WOLFSSL_BIO_UNDEF;
+}
+
 #ifndef WOLFCRYPT_ONLY
 /* Helper function to read from WOLFSSL_BIO_SSL type
 *
@ -1739,8 +1744,6 @@ long wolfSSL_BIO_set_nbio(WOLFSSL_BIO* bio, long on)
    return WOLFSSL_SUCCESS;
 }

-
-
 /* creates a new custom WOLFSSL_BIO_METHOD */
 WOLFSSL_BIO_METHOD *wolfSSL_BIO_meth_new(int type, const char *name)
 {
--- a/src/internal.c
+++ b/src/internal.c
@ -30765,7 +30765,10 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
                                    et->enc_ticket, inLen, &outLen,
                                    ssl->ctx->ticketEncCtx);
        }
-        if (ret == WOLFSSL_TICKET_RET_FATAL || ret < 0) return ret;
+        if (ret == WOLFSSL_TICKET_RET_FATAL)
+            ret = WOLFSSL_TICKET_RET_REJECT;
+        if (ret < 0)
+            return ret;
        if (outLen > (int)inLen || outLen < (int)sizeof(InternalTicket)) {
            WOLFSSL_MSG("Bad user ticket decrypt len");
            return BAD_TICKET_KEY_CB_SZ;
--- a/src/wolfio.c
+++ b/src/wolfio.c
@ -169,15 +169,17 @@ int BioReceive(WOLFSSL* ssl, char* buf, int sz, void* ctx)

    recvd = wolfSSL_BIO_read(ssl->biord, buf, sz);
    if (recvd <= 0) {
-        if (wolfSSL_BIO_supports_pending(ssl->biord) &&
+        if (/* ssl->biowr->wrIdx is checked for Bind9 */
+            wolfSSL_BIO_method_type(ssl->biowr) == WOLFSSL_BIO_BIO &&
+            wolfSSL_BIO_wpending(ssl->biowr) != 0 &&
+            /* Not sure this pending check is necessary but let's double
+             * check that the read BIO is empty before we signal a write
+             * need */
+            wolfSSL_BIO_supports_pending(ssl->biord) &&
            wolfSSL_BIO_ctrl_pending(ssl->biord) == 0) {
-            if (ssl->biowr->type == WOLFSSL_BIO_BIO &&
-                    ssl->biowr->wrIdx != 0) {
-                /* Let's signal to the app layer that we have
-                 * data pending that needs to be sent. */
-                return WOLFSSL_CBIO_ERR_WANT_WRITE;
-            }
-            return WOLFSSL_CBIO_ERR_WANT_READ;
+            /* Let's signal to the app layer that we have
+             * data pending that needs to be sent. */
+            return WOLFSSL_CBIO_ERR_WANT_WRITE;
        }
        else if (ssl->biord->type == WOLFSSL_BIO_SOCKET) {
            if (recvd == 0) {
--- a/wolfssl/openssl/ssl.h
+++ b/wolfssl/openssl/ssl.h
@ -764,6 +764,7 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
 #define BIO_do_handshake                wolfSSL_BIO_do_handshake
 #define BIO_ssl_shutdown                wolfSSL_BIO_ssl_shutdown
 #define SSL_set_bio                     wolfSSL_set_bio
+#define BIO_method_type                 wolfSSL_BIO_method_type
 #define BIO_set_ssl                     wolfSSL_BIO_set_ssl
 #define BIO_get_ssl                     wolfSSL_BIO_get_ssl
 #define BIO_new_ssl_connect             wolfSSL_BIO_new_ssl_connect
--- a/wolfssl/ssl.h
+++ b/wolfssl/ssl.h
@ -446,6 +446,7 @@ struct WOLFSSL_X509_PUBKEY {
 };

 enum BIO_TYPE {
+    WOLFSSL_BIO_UNDEF  = 0,
    WOLFSSL_BIO_BUFFER = 1,
    WOLFSSL_BIO_SOCKET = 2,
    WOLFSSL_BIO_SSL    = 3,
@ -1609,6 +1610,7 @@ WOLFSSL_API long wolfSSL_BIO_set_fd(WOLFSSL_BIO* b, int fd, int flag);
 #endif
 WOLFSSL_API int wolfSSL_BIO_set_close(WOLFSSL_BIO *b, long flag);
 WOLFSSL_API void wolfSSL_set_bio(WOLFSSL* ssl, WOLFSSL_BIO* rd, WOLFSSL_BIO* wr);
+WOLFSSL_API int wolfSSL_BIO_method_type(const WOLFSSL_BIO *b);

 #ifndef NO_FILESYSTEM
 WOLFSSL_API WOLFSSL_BIO_METHOD *wolfSSL_BIO_s_file(void);