Merge pull request #6632 from jpbland1/ocsp-want-read-error

OCSP_WANT_READ mishandled re-run
wolfSSL · Jul 25, 2023 · c0b4cde · c0b4cde
2 parents 1285ae7 + 2e4b651
commit c0b4cde
Show file tree

Hide file tree

Showing 4 changed files with 12 additions and 5 deletions.
diff --git a/.github/workflows/async.yml b/.github/workflows/async.yml
@@ -10,7 +10,8 @@ jobs:
  config: [
  # Add new configs here
  '--enable-asynccrypt --enable-all --enable-dtls13',
- '--enable-asynccrypt-sw',
+ '--enable-asynccrypt-sw --enable-ocspstapling --enable-ocspstapling2',
+ '--enable-ocsp CFLAGS="-DTEST_NONBLOCK_CERTS"',
  ]
  name: make check
  runs-on: ubuntu-latest

diff --git a/examples/client/client.c b/examples/client/client.c
@@ -223,6 +223,9 @@ static int NonBlockingSSL_Connect(WOLFSSL* ssl)
  #ifdef WOLFSSL_ASYNC_CRYPT
  || error == WC_PENDING_E
  #endif
+ #ifdef WOLFSSL_NONBLOCK_OCSP
+ || error == OCSP_WANT_READ
+ #endif
  ) {
  #ifndef WOLFSSL_CALLBACKS
  ret = wolfSSL_connect(ssl);

diff --git a/src/internal.c b/src/internal.c
@@ -16501,6 +16501,9 @@ int SendFatalAlertOnly(WOLFSSL *ssl, int error)
  case WANT_WRITE:
  case WANT_READ:
  case ZERO_RETURN:
+#ifdef WOLFSSL_NONBLOCK_OCSP
+ case OCSP_WANT_READ:
+#endif
 #ifdef WOLFSSL_ASYNC_CRYPT
  case WC_PENDING_E:
 #endif

diff --git a/src/tls13.c b/src/tls13.c
@@ -11479,12 +11479,12 @@ int DoTls13HandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx,
  * == 0) */
  *inOutIdx -= HANDSHAKE_HEADER_SZ;
  }
-#endif
 
- /* reset error */
- if (ret == 0 && ssl->error == WC_PENDING_E)
+ /* make sure async error is cleared */
+ if (ret == 0 && (ssl->error == WC_PENDING_E || ssl->error == OCSP_WANT_READ)) {
  ssl->error = 0;
-
+ }
+#endif
  if (ret == 0 && type != client_hello && type != session_ticket &&
  type != key_update) {
  ret = HashInput(ssl, input + inIdx, size);