wolfssl: preserve early-data handling across WANT_WRITE retries

[rizlik]

Server-side accept (TLS 1.3/DTLS 1.3) could lose the early-data shortcut whenever sending the Finished flight first hit WANT_WRITE. The buffered data advanced acceptState past TLS13_ACCEPT_FINISHED_SENT as soon as it flushed, so the next wolfSSL_accept() call skipped the block that marks SERVER_FINISHED_COMPLETE and lets the application drain 0-RTT data. By keeping the FALL_THROUGH into TLS13_ACCEPT_FINISHED_SENT and only returning early while that handshake flag is still unset, we revisit the shortcut immediately after the buffered flight is delivered, preserving the intentional behaviour even under non-blocking I/O.

On the client, the same pattern showed up after SendTls13ClientHello() buffered due to WANT_WRITE: after flushing, the connect state is already CLIENT_HELLO_SENT so the early-data exit is no longer executed. We now fall through into the CLIENT_HELLO_SENT case and only short-circuit once per handshake, ensuring the reply-processing loop still executes on the retry.

[rizlik]

retest this please

[rizlik]

retest this please

[rizlik]

retest this please

[rizlik]

retest this please

RequestAbortedException

[devin-ai-integration]

🛟 Devin Lifeguard found 2 likely issues in this PR

• no-void-functions snippet: Change wolfSSL_maybeCheckAlertOnErr to return an int (e.g. 0 on success or a negative error code) and update all call sites to check and propagate this return value instead of ignoring potential failures.
• check-all-return-codes snippet: Capture the return value from ProcessReplyEx(), check it for an error (e.g., int rc = ProcessReplyEx(ssl, 1); if (rc != 0) ssl->error = rc;), or explicitly document with a cast to void if the result is intentionally ignored.

@rizlik
please take a look at the above issues which Devin flagged. Devin will not fix these issues automatically.

[Copilot]

Pull request overview

This PR fixes a critical bug in TLS 1.3 and DTLS 1.3 early-data handling where the ability to drain 0-RTT data was lost when handshake flights hit WANT_WRITE under non-blocking I/O. The fix restructures the handshake state machines to preserve early-data shortcuts across WANT_WRITE retries by using FALL_THROUGH and additional handShakeState checks. Additionally, it refactors error-checking code by introducing wolfSSL_maybeCheckAlertOnErr() to centralize the logic for conditionally processing alerts.

Key changes:

• Modified client and server handshake state machines to preserve early-data behavior across WANT_WRITE retries by adding FALL_THROUGH and handShakeState guard conditions
• Introduced wolfSSL_maybeCheckAlertOnErr() helper to replace direct ProcessReplyEx(ssl, 1) calls with proper filtering of non-blocking I/O states
• Enhanced test coverage with mock WANT_WRITE scenarios to validate the fix

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 4 comments.

Show a summary per file

File	Description
wolfssl/internal.h	Adds declaration for new wolfSSL_maybeCheckAlertOnErr() helper function
src/tls13.c	Restructures client/server handshake state machines with FALL_THROUGH to preserve early-data shortcuts; updates wolfSSL_read_early_data() to handle WANT_WRITE retries; replaces ProcessReplyEx() calls with wolfSSL_maybeCheckAlertOnErr()
src/ssl.c	Replaces multiple ProcessReplyEx(ssl, 1) calls with wolfSSL_maybeCheckAlertOnErr() throughout TLS 1.2 handshake code
src/internal.c	Implements wolfSSL_maybeCheckAlertOnErr() helper that filters non-blocking I/O and async states before checking alerts
tests/api/test_tls13.c	Adds retry helper functions and mock WANT_WRITE callback to test early-data handling under simulated non-blocking I/O conditions; expands test matrix to cover split early data and WANT_WRITE scenarios

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[dgarske]

Tests pass with real async / quickassist.

[rizlik]

retest this please

[rizlik]

retest this please:

AgentOfflineException exception:

[rizlik]

retest this please.

AgentOfflineException

[rizlik]

retest this please

[rizlik]

retest this please

[julek-wolfssl]

lgtm

[dgarske]

Jenkins retest this please. FIPS 140-3 history lost already