Fix for async TLS v1.3 with multiple WC_PENDING_E on client_hello and server_hello processing. Fix for not aligned NUMA.

src/tls13.c

@@ -3276,9 +3276,14 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
     ret = wolfSSL_AsyncPop(ssl, &ssl->options.asyncState);
     if (ret != WC_NOT_PENDING_E) {
         /* Check for error */
-        if (ret < 0)
+        if (ret < 0) {
+            if (ret == WC_PENDING_E) {
+                /* Mark message as not received so it can process again */
+                ssl->msgsReceived.got_server_hello--;
+            }
             return ret;
         }
+    }
     else
 #endif
     {
@@ -4533,8 +4538,9 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
     ret = wolfSSL_AsyncPop(ssl, &ssl->options.asyncState);
     if (ret != WC_NOT_PENDING_E) {
         /* Check for error */
-        if (ret < 0)
+        if (ret < 0) {
-            return ret;
+            goto exit_dch;
+        }
     }
     else
 #endif

wolfcrypt/src/port/intel/quickassist_sync.c

@@ -1783,6 +1783,10 @@ void* wc_CryptoCb_IntelQaRealloc(void *ptr, size_t size, void* heap, int type
             if (newIsNuma == 0 && ptrIsNuma == 0) {
                 allocNew = 1;
             }
+            /* confirm input is aligned, otherwise allocate new */
+            else if (((size_t)ptr % WOLF_HEADER_ALIGN) != 0) {
+                allocNew = 1;
+            }
             /* if matching NUMA type and size fits, use existing */
             else if (newIsNuma == ptrIsNuma && header->size >= size) {