Use WOLFSSL_ASYNC_IO for WOLFSSL_NONBLOCK_OCSP

- Enable ssl->async to store function arguments for non-blocking OCSP - Remove ssl->nonblockarg
2025-07-30 18:57:27 +02:00 · 2022-05-17 19:08:03 +02:00
parent c151dcec50
commit 733fe1a8d3
4 changed files with 19 additions and 23 deletions
--- a/src/internal.c
+++ b/src/internal.c
@ -11983,11 +11983,9 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
                     word32 totalSz)
 {
    int ret = 0;
-#ifdef WOLFSSL_ASYNC_CRYPT
+#if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLFSSL_NONBLOCK_OCSP)
    ProcPeerCertArgs* args = (ProcPeerCertArgs*)ssl->async.args;
    WOLFSSL_ASSERT_SIZEOF_GE(ssl->async.args, *args);
-#elif defined(WOLFSSL_NONBLOCK_OCSP)
-    ProcPeerCertArgs* args = ssl->nonblockarg;
 #elif defined(WOLFSSL_SMALL_STACK)
    ProcPeerCertArgs* args = NULL;
 #else
@ -11998,6 +11996,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,

    WOLFSSL_ENTER("ProcessPeerCerts");

+#if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLFSSL_ASYNC_CRYPT)
 #ifdef WOLFSSL_ASYNC_CRYPT
    ret = wolfSSL_AsyncPop(ssl, &ssl->options.asyncState);
    if (ret != WC_NOT_PENDING_E) {
@ -12006,15 +12005,13 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
            goto exit_ppc;
    }
    else
-#elif defined(WOLFSSL_NONBLOCK_OCSP)
-    if (args == NULL) {
-        args = (ProcPeerCertArgs*)XMALLOC(
-            sizeof(ProcPeerCertArgs), ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
-        if (args == NULL) {
-            ERROR_OUT(MEMORY_E, exit_ppc);
+#endif
+#ifdef WOLFSSL_NONBLOCK_OCSP
+    if (ssl->error == OCSP_WANT_READ) {
+        /* Re-entry after non-blocking OCSP */
    }
-    }
-    if (ssl->nonblockarg == NULL) /* new args */
+    else
+#endif
 #elif defined(WOLFSSL_SMALL_STACK)
    args = (ProcPeerCertArgs*)XMALLOC(
        sizeof(ProcPeerCertArgs), ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
@ -12029,10 +12026,8 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
        XMEMSET(args, 0, sizeof(ProcPeerCertArgs));
        args->idx = *inOutIdx;
        args->begin = *inOutIdx;
-    #ifdef WOLFSSL_ASYNC_CRYPT
+    #if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLFSSL_NONBLOCK_OCSP)
        ssl->async.freeArgs = FreeProcPeerCertArgs;
-    #elif defined(WOLFSSL_NONBLOCK_OCSP)
-        ssl->nonblockarg = args;
    #endif
    }

@ -13360,9 +13355,6 @@ exit_ppc:
 #endif /* WOLFSSL_ASYNC_CRYPT || WOLFSSL_NONBLOCK_OCSP || WOLFSSL_SMALL_STACK */

 #if defined(WOLFSSL_ASYNC_CRYPT)
-#elif defined(WOLFSSL_NONBLOCK_OCSP)
-    XFREE(args, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
-    ssl->nonblockarg = NULL;
 #elif defined(WOLFSSL_SMALL_STACK)
    XFREE(args, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
@ -27776,7 +27768,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
    /* handle generation of server_key_exchange (12) */
    int SendServerKeyExchange(WOLFSSL* ssl)
    {
-        int ret;
+        int ret = 0;
    #ifdef WOLFSSL_ASYNC_IO
        SskeArgs* args = (SskeArgs*)ssl->async.args;
        WOLFSSL_ASSERT_SIZEOF_GE(ssl->async.args, *args);
--- a/src/tls13.c
+++ b/src/tls13.c
@ -8467,7 +8467,7 @@ int DoTls13HandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx,
 #endif /* NO_WOLFSSL_SERVER */
    }

-#if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLFSSL_NONBLOCK_OCSP)
+#if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLFSSL_ASYNC_IO)
    /* if async, offset index so this msg will be processed again */
    if ((ret == WC_PENDING_E || ret == OCSP_WANT_READ) && *inOutIdx > 0) {
        *inOutIdx -= HANDSHAKE_HEADER_SZ;
--- a/wolfssl/internal.h
+++ b/wolfssl/internal.h
@ -1746,7 +1746,7 @@ WOLFSSL_LOCAL int GetPrivateKeySigSize(WOLFSSL* ssl);
 #endif
 WOLFSSL_LOCAL void FreeKeyExchange(WOLFSSL* ssl);
 WOLFSSL_LOCAL void FreeSuites(WOLFSSL* ssl);
-WOLFSSL_LOCAL int  ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, word32 size);
+WOLFSSL_LOCAL int  ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, word32 totalSz);
 WOLFSSL_LOCAL int  MatchDomainName(const char* pattern, int len, const char* str);
 #ifndef NO_CERTS
 WOLFSSL_LOCAL int  CheckForAltNames(DecodedCert* dCert, const char* domain, int* checkCN);
@ -4301,8 +4301,6 @@ struct WOLFSSL {
    /* Message building context should be stored here for functions that expect
     * to encounter encryption blocking or fragment the message. */
    struct WOLFSSL_ASYNC async;
-#elif defined(WOLFSSL_NONBLOCK_OCSP)
-    void*           nonblockarg;        /* dynamic arg for handling non-block resume */
 #endif
    void*           hsKey;              /* Handshake key (RsaKey or ecc_key) allocated from heap */
    word32          hsType;             /* Type of Handshake key (hsKey) */
--- a/wolfssl/wolfcrypt/settings.h
+++ b/wolfssl/wolfcrypt/settings.h
@ -2707,7 +2707,13 @@ extern void uITRON4_free(void *p) ;
    #define NO_RC4
 #endif

-#if !defined(WOLFSSL_NO_ASYNC_IO) || defined(WOLFSSL_ASYNC_CRYPT)
+#if !defined(WOLFSSL_NO_ASYNC_IO) || defined(WOLFSSL_ASYNC_CRYPT) || \
+     defined(WOLFSSL_NONBLOCK_OCSP)
+    /* Enable asynchronous support in TLS functions to support one or more of
+     * the following:
+     * - re-entry after a network blocking return
+     * - re-entry after OCSP blocking return
+     * - asynchronous cryptography */
    #undef WOLFSSL_ASYNC_IO
    #define WOLFSSL_ASYNC_IO
 #endif