Skip to content

wolfssl: preserve early-data handling across WANT_WRITE retries #9397

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
dgarske merged 12 commits into from
Dec 24, 2025
+356 −212
Merged

wolfssl: preserve early-data handling across WANT_WRITE retries #9397

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
12 commits
Select commit Hold shift + click to select a range
a1c8790
wolfssl: preserve early-data handling across WANT_WRITE retries
rizlik Nov 6, 2025
093d777
early_data: avoid resetting ssl->earlyData after WANT_WRITE retry
rizlik Dec 2, 2025
5728214
WOLFSSL_CHECK_ALERT_ON_ERR: ignore non fatal errors
rizlik Dec 4, 2025
609e30a
test: tls13_early_data: refactor splitEarlyData test option
rizlik Dec 2, 2025
8de68de
test: tls13_early_data: test WANT_WRITE in early data
rizlik Dec 2, 2025
950c074
test: fix typo in structure field
rizlik Dec 4, 2025
38d8eb6
address reviewer's comments
rizlik Dec 17, 2025
f4c48c1
fix: abide unused arguments when WOLFSSL_CHECK_ALER_ON_ERR is disabled
rizlik Dec 17, 2025
12c2cda
rename wolfSSL_MaybeCheckAlertOnErr in wolfMaybeCheckAlertOnErr
rizlik Dec 18, 2025
14b1247
use wolfssl internal prefix for MaybeCheckAlertOnErr
rizlik Dec 22, 2025
29d8fa7
tls13: fix indentation alignment
rizlik Dec 22, 2025
bafb8e5
use wolfssl_local_ as local functions prefix
rizlik Dec 23, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
42 changes: 31 additions & 11 deletions src/internal.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22292,17 +22292,6 @@ static int DoProcessReplyEx(WOLFSSL* ssl, int allowSocketErr)
return ssl->error;
}

/* If checking alert on error (allowSocketErr == 1) do not try and
* process alerts for async or ocsp non blocking */
#if defined(WOLFSSL_CHECK_ALERT_ON_ERR) && \
(defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLFSSL_NONBLOCK_OCSP))
if (allowSocketErr == 1 && \
(ssl->error == WC_NO_ERR_TRACE(WC_PENDING_E) ||
ssl->error == WC_NO_ERR_TRACE(OCSP_WANT_READ))) {
return ssl->error;
}
#endif

#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_ASYNC_CRYPT)
/* process any pending DTLS messages - this flow can happen with async */
if (ssl->dtls_rx_msg_list != NULL) {
Expand Down Expand Up @@ -42524,6 +42513,37 @@ int wolfSSL_TestAppleNativeCertValidation_AppendCA(WOLFSSL_CTX* ctx,

#endif /* defined(__APPLE__) && defined(WOLFSSL_SYS_CA_CERTS) */

/* Do not try to process error for async, non blocking io, and app_read */
void wolfssl_local_MaybeCheckAlertOnErr(WOLFSSL* ssl, int err)
{
#if defined(WOLFSSL_CHECK_ALERT_ON_ERR)
#if defined(WOLFSSL_ASYNC_CRYPT)
if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
return;
}
#endif
#if defined(WOLFSSL_NONBLOCK_OCSP)
if (err == WC_NO_ERR_TRACE(OCSP_WANT_READ)) {
return;
}
#endif
#if defined(WOLFSSL_EARLY_DATA)
if (err == WC_NO_ERR_TRACE(APP_DATA_READY)) {
return;
}
#endif
if (err == WC_NO_ERR_TRACE(WANT_WRITE) ||
err == WC_NO_ERR_TRACE(WANT_READ)) {
return;
}
/* check if an alert was sent */
ProcessReplyEx(ssl, 1);
#else
(void)ssl;
(void)err;
#endif /* WOLFSSL_CHECK_ALERT_ON_ERR */
}

#undef ERROR_OUT

#endif /* !WOLFCRYPT_ONLY */
57 changes: 14 additions & 43 deletions src/ssl.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10591,9 +10591,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
#endif
if (ssl->options.sendVerify) {
if ( (ssl->error = SendCertificate(ssl)) != 0) {
#ifdef WOLFSSL_CHECK_ALERT_ON_ERR
ProcessReplyEx(ssl, 1); /* See if an alert was sent. */
#endif
wolfssl_local_MaybeCheckAlertOnErr(ssl, ssl->error);
WOLFSSL_ERROR(ssl->error);
return WOLFSSL_FATAL_ERROR;
}
Expand All @@ -10612,9 +10610,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
#endif
if (!ssl->options.resuming) {
if ( (ssl->error = SendClientKeyExchange(ssl)) != 0) {
#ifdef WOLFSSL_CHECK_ALERT_ON_ERR
ProcessReplyEx(ssl, 1); /* See if an alert was sent. */
#endif
wolfssl_local_MaybeCheckAlertOnErr(ssl, ssl->error);
#ifdef WOLFSSL_EXTRA_ALERTS
if (ssl->error == WC_NO_ERR_TRACE(NO_PEER_KEY) ||
ssl->error == WC_NO_ERR_TRACE(PSK_KEY_ERROR)) {
Expand Down Expand Up @@ -10643,9 +10639,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
#if !defined(NO_CERTS) && !defined(WOLFSSL_NO_CLIENT_AUTH)
if (ssl->options.sendVerify) {
if ( (ssl->error = SendCertificateVerify(ssl)) != 0) {
#ifdef WOLFSSL_CHECK_ALERT_ON_ERR
ProcessReplyEx(ssl, 1); /* See if an alert was sent. */
#endif
wolfssl_local_MaybeCheckAlertOnErr(ssl, ssl->error);
WOLFSSL_ERROR(ssl->error);
return WOLFSSL_FATAL_ERROR;
}
Expand All @@ -10658,9 +10652,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,

case FIRST_REPLY_THIRD :
if ( (ssl->error = SendChangeCipher(ssl)) != 0) {
#ifdef WOLFSSL_CHECK_ALERT_ON_ERR
ProcessReplyEx(ssl, 1); /* See if an alert was sent. */
#endif
wolfssl_local_MaybeCheckAlertOnErr(ssl, ssl->error);
WOLFSSL_ERROR(ssl->error);
return WOLFSSL_FATAL_ERROR;
}
Expand All @@ -10671,9 +10663,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,

case FIRST_REPLY_FOURTH :
if ( (ssl->error = SendFinished(ssl)) != 0) {
#ifdef WOLFSSL_CHECK_ALERT_ON_ERR
ProcessReplyEx(ssl, 1); /* See if an alert was sent. */
#endif
wolfssl_local_MaybeCheckAlertOnErr(ssl, ssl->error);
WOLFSSL_ERROR(ssl->error);
return WOLFSSL_FATAL_ERROR;
}
Expand Down Expand Up @@ -11051,9 +11041,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
return WOLFSSL_FATAL_ERROR;
}
if ( (ssl->error = SendServerHello(ssl)) != 0) {
#ifdef WOLFSSL_CHECK_ALERT_ON_ERR
ProcessReplyEx(ssl, 1); /* See if an alert was sent. */
#endif
wolfssl_local_MaybeCheckAlertOnErr(ssl, ssl->error);
WOLFSSL_ERROR(ssl->error);
return WOLFSSL_FATAL_ERROR;
}
Expand All @@ -11070,9 +11058,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
#ifndef NO_CERTS
if (!ssl->options.resuming)
if ( (ssl->error = SendCertificate(ssl)) != 0) {
#ifdef WOLFSSL_CHECK_ALERT_ON_ERR
ProcessReplyEx(ssl, 1); /* See if an alert was sent. */
#endif
wolfssl_local_MaybeCheckAlertOnErr(ssl, ssl->error);
WOLFSSL_ERROR(ssl->error);
return WOLFSSL_FATAL_ERROR;
}
Expand All @@ -11085,9 +11071,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
#ifndef NO_CERTS
if (!ssl->options.resuming)
if ( (ssl->error = SendCertificateStatus(ssl)) != 0) {
#ifdef WOLFSSL_CHECK_ALERT_ON_ERR
ProcessReplyEx(ssl, 1); /* See if an alert was sent. */
#endif
wolfssl_local_MaybeCheckAlertOnErr(ssl, ssl->error);
WOLFSSL_ERROR(ssl->error);
return WOLFSSL_FATAL_ERROR;
}
Expand All @@ -11104,9 +11088,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
#endif
if (!ssl->options.resuming)
if ( (ssl->error = SendServerKeyExchange(ssl)) != 0) {
#ifdef WOLFSSL_CHECK_ALERT_ON_ERR
ProcessReplyEx(ssl, 1); /* See if an alert was sent. */
#endif
wolfssl_local_MaybeCheckAlertOnErr(ssl, ssl->error);
WOLFSSL_ERROR(ssl->error);
return WOLFSSL_FATAL_ERROR;
}
Expand All @@ -11119,10 +11101,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
if (!ssl->options.resuming) {
if (ssl->options.verifyPeer) {
if ( (ssl->error = SendCertificateRequest(ssl)) != 0) {
#ifdef WOLFSSL_CHECK_ALERT_ON_ERR
/* See if an alert was sent. */
ProcessReplyEx(ssl, 1);
#endif
wolfssl_local_MaybeCheckAlertOnErr(ssl, ssl->error);
WOLFSSL_ERROR(ssl->error);
return WOLFSSL_FATAL_ERROR;
}
Expand All @@ -11140,9 +11119,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
case CERT_REQ_SENT :
if (!ssl->options.resuming)
if ( (ssl->error = SendServerHelloDone(ssl)) != 0) {
#ifdef WOLFSSL_CHECK_ALERT_ON_ERR
ProcessReplyEx(ssl, 1); /* See if an alert was sent. */
#endif
wolfssl_local_MaybeCheckAlertOnErr(ssl, ssl->error);
WOLFSSL_ERROR(ssl->error);
return WOLFSSL_FATAL_ERROR;
}
Expand Down Expand Up @@ -11181,9 +11158,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
#ifdef HAVE_SESSION_TICKET
if (ssl->options.createTicket && !ssl->options.noTicketTls12) {
if ( (ssl->error = SendTicket(ssl)) != 0) {
#ifdef WOLFSSL_CHECK_ALERT_ON_ERR
ProcessReplyEx(ssl, 1); /* See if an alert was sent. */
#endif
wolfssl_local_MaybeCheckAlertOnErr(ssl, ssl->error);
WOLFSSL_MSG("Thought we need ticket but failed");
WOLFSSL_ERROR(ssl->error);
return WOLFSSL_FATAL_ERROR;
Expand All @@ -11202,9 +11177,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
}

if ( (ssl->error = SendChangeCipher(ssl)) != 0) {
#ifdef WOLFSSL_CHECK_ALERT_ON_ERR
ProcessReplyEx(ssl, 1); /* See if an alert was sent. */
#endif
wolfssl_local_MaybeCheckAlertOnErr(ssl, ssl->error);
WOLFSSL_ERROR(ssl->error);
return WOLFSSL_FATAL_ERROR;
}
Expand All @@ -11214,9 +11187,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,

case CHANGE_CIPHER_SENT :
if ( (ssl->error = SendFinished(ssl)) != 0) {
#ifdef WOLFSSL_CHECK_ALERT_ON_ERR
ProcessReplyEx(ssl, 1); /* See if an alert was sent. */
#endif
wolfssl_local_MaybeCheckAlertOnErr(ssl, ssl->error);
WOLFSSL_ERROR(ssl->error);
return WOLFSSL_FATAL_ERROR;
}
Expand Down
66 changes: 40 additions & 26 deletions src/tls13.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13396,24 +13396,26 @@ int wolfSSL_connect_TLSv13(WOLFSSL* ssl)

ssl->options.connectState = CLIENT_HELLO_SENT;
WOLFSSL_MSG("TLSv13 connect state: CLIENT_HELLO_SENT");
FALL_THROUGH;

case CLIENT_HELLO_SENT:
#ifdef WOLFSSL_EARLY_DATA
if (ssl->earlyData != no_early_data) {
if (ssl->earlyData != no_early_data &&
ssl->options.handShakeState != CLIENT_HELLO_COMPLETE) {
#if defined(WOLFSSL_TLS13_MIDDLEBOX_COMPAT)
if (!ssl->options.dtls && ssl->options.tls13MiddleBoxCompat) {
if ((ssl->error = SendChangeCipher(ssl)) != 0) {
WOLFSSL_ERROR(ssl->error);
return WOLFSSL_FATAL_ERROR;
if (!ssl->options.dtls &&
ssl->options.tls13MiddleBoxCompat) {
if ((ssl->error = SendChangeCipher(ssl)) != 0) {
WOLFSSL_ERROR(ssl->error);
return WOLFSSL_FATAL_ERROR;
}
ssl->options.sentChangeCipher = 1;
}
ssl->options.sentChangeCipher = 1;
}
#endif
ssl->options.handShakeState = CLIENT_HELLO_COMPLETE;
return WOLFSSL_SUCCESS;
ssl->options.handShakeState = CLIENT_HELLO_COMPLETE;
return WOLFSSL_SUCCESS;
}
#endif
FALL_THROUGH;

case CLIENT_HELLO_SENT:
/* Get the response/s from the server. */
while (ssl->options.serverState <
SERVER_HELLOVERIFYREQUEST_COMPLETE) {
Expand Down Expand Up @@ -13546,9 +13548,7 @@ int wolfSSL_connect_TLSv13(WOLFSSL* ssl)
if (!ssl->options.resuming && ssl->options.sendVerify) {
ssl->error = SendTls13Certificate(ssl);
if (ssl->error != 0) {
#ifdef WOLFSSL_CHECK_ALERT_ON_ERR
ProcessReplyEx(ssl, 1); /* See if an alert was sent. */
#endif
wolfssl_local_MaybeCheckAlertOnErr(ssl, ssl->error);
WOLFSSL_ERROR(ssl->error);
return WOLFSSL_FATAL_ERROR;
}
Expand All @@ -13568,9 +13568,7 @@ int wolfSSL_connect_TLSv13(WOLFSSL* ssl)
if (!ssl->options.resuming && ssl->options.sendVerify) {
ssl->error = SendTls13CertificateVerify(ssl);
if (ssl->error != 0) {
#ifdef WOLFSSL_CHECK_ALERT_ON_ERR
ProcessReplyEx(ssl, 1); /* See if an alert was sent. */
#endif
wolfssl_local_MaybeCheckAlertOnErr(ssl, ssl->error);
WOLFSSL_ERROR(ssl->error);
return WOLFSSL_FATAL_ERROR;
}
Expand All @@ -13584,9 +13582,7 @@ int wolfSSL_connect_TLSv13(WOLFSSL* ssl)

case FIRST_REPLY_FOURTH:
if ((ssl->error = SendTls13Finished(ssl)) != 0) {
#ifdef WOLFSSL_CHECK_ALERT_ON_ERR
ProcessReplyEx(ssl, 1); /* See if an alert was sent. */
#endif
wolfssl_local_MaybeCheckAlertOnErr(ssl, ssl->error);
WOLFSSL_ERROR(ssl->error);
return WOLFSSL_FATAL_ERROR;
}
Expand Down Expand Up @@ -14736,15 +14732,16 @@ int wolfSSL_accept_TLSv13(WOLFSSL* ssl)

ssl->options.acceptState = TLS13_ACCEPT_FINISHED_SENT;
WOLFSSL_MSG("accept state ACCEPT_FINISHED_SENT");
FALL_THROUGH;

case TLS13_ACCEPT_FINISHED_SENT:
#ifdef WOLFSSL_EARLY_DATA
if (ssl->earlyData != no_early_data) {
if (ssl->earlyData != no_early_data &&
ssl->options.handShakeState != SERVER_FINISHED_COMPLETE) {
ssl->options.handShakeState = SERVER_FINISHED_COMPLETE;
return WOLFSSL_SUCCESS;
}
#endif
FALL_THROUGH;

case TLS13_ACCEPT_FINISHED_SENT :
#ifdef HAVE_SESSION_TICKET
#ifdef WOLFSSL_TLS13_TICKET_BEFORE_FINISHED
if (!ssl->options.verifyPeer && !ssl->options.noTicketTls13 &&
Expand Down Expand Up @@ -15064,7 +15061,10 @@ int wolfSSL_read_early_data(WOLFSSL* ssl, void* data, int sz, int* outSz)
return SIDE_ERROR;

if (ssl->options.handShakeState == NULL_STATE) {
if (ssl->error != WC_NO_ERR_TRACE(WC_PENDING_E))
/* the server flight can return WANT_WRITE and we re-enter here after
* setting ssl->earlyData = process_early_data, set earlyData to
* expecting_early_data just once */
if (ssl->earlyData < expecting_early_data)
ssl->earlyData = expecting_early_data;
/* this used to be: ret = wolfSSL_accept_TLSv13(ssl);
* However, wolfSSL_accept_TLSv13() expects a certificate to
Expand Down Expand Up @@ -15096,6 +15096,20 @@ int wolfSSL_read_early_data(WOLFSSL* ssl, void* data, int sz, int* outSz)
#endif /* WOLFSSL_DTLS13 */
}
}
#ifdef WOLFSSL_DTLS13
else if (ssl->buffers.outputBuffer.length > 0 &&
ssl->options.dtls && ssl->dtls13SendingAckOrRtx) {
ret = SendBuffered(ssl);
if (ret == 0) {
ssl->dtls13SendingAckOrRtx = 0;
}
else {
ssl->error = ret;
WOLFSSL_ERROR(ssl->error);
return WOLFSSL_FATAL_ERROR;
}
}
#endif /* WOLFSSL_DTLS13 */
else
ret = 0;
#else
Expand Down
Loading