diff --git a/src/ssl.c b/src/ssl.c index b2aa70d4c..10829f653 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -17137,7 +17137,7 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out, ssl->options.acceptState = ACCEPT_BEGIN; ssl->options.handShakeState = NULL_STATE; ssl->options.handShakeDone = 0; - /* ssl->options.processReply = doProcessInit; */ + ssl->options.processReply = 0; /* doProcessInit */ ssl->keys.encryptionOn = 0; XMEMSET(&ssl->msgsReceived, 0, sizeof(ssl->msgsReceived)); diff --git a/src/tls13.c b/src/tls13.c index 3f831afeb..3b639d332 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -7187,7 +7187,7 @@ int DoTls13HandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx, return ret; if ((ret = DeriveTls13Keys(ssl, handshake_key, - ENCRYPT_AND_DECRYPT_SIDE, 1)) != 0) { + ENCRYPT_AND_DECRYPT_SIDE, 1)) != 0) { return ret; } #ifdef WOLFSSL_EARLY_DATA @@ -7204,13 +7204,13 @@ int DoTls13HandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx, return ret; #ifdef WOLFSSL_EARLY_DATA if ((ret = DeriveTls13Keys(ssl, traffic_key, - ENCRYPT_AND_DECRYPT_SIDE, - ssl->earlyData == no_early_data)) != 0) { + ENCRYPT_AND_DECRYPT_SIDE, + ssl->earlyData == no_early_data)) != 0) { return ret; } #else if ((ret = DeriveTls13Keys(ssl, traffic_key, - ENCRYPT_AND_DECRYPT_SIDE, 1)) != 0) { + ENCRYPT_AND_DECRYPT_SIDE, 1)) != 0) { return ret; } #endif @@ -7222,9 +7222,13 @@ int DoTls13HandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx, ssl->options.clientState = CLIENT_HELLO_COMPLETE; ssl->options.connectState = FIRST_REPLY_DONE; ssl->options.handShakeState = CLIENT_HELLO_COMPLETE; + ssl->options.processReply = 0; /* doProcessInit */ - if (wolfSSL_connect_TLSv13(ssl) != SSL_SUCCESS) - ret = POST_HAND_AUTH_ERROR; + if (wolfSSL_connect_TLSv13(ssl) != WOLFSSL_SUCCESS) { + ret = ssl->error; + if (ret != WC_PENDING_E) + ret = POST_HAND_AUTH_ERROR; + } } #endif }