Fixes for async and crypto callbacks

dgarske · dgarske · commit 0dffc8abffc4 · 2026-02-27T14:35:03.000-08:00
diff --git a/examples/async/async_client.c b/examples/async/async_client.c
@@ -286,6 +286,10 @@ int client_async_test(int argc, char** argv)
     }
 #endif
 #ifdef WOLF_CRYPTO_CB
+    /* Crypto callbacks require a valid devId. When no hardware async driver
+     * sets one (e.g. Cavium/Intel QA/SW), assign one explicitly. */
+    if (devId == INVALID_DEVID)
+        devId = 1;
     XMEMSET(&cryptoCbCtx, 0, sizeof(cryptoCbCtx));
     if (wc_CryptoCb_RegisterDevice(devId, AsyncTlsCryptoCb, &cryptoCbCtx) != 0) {
         fprintf(stderr, "ERROR: wc_CryptoCb_RegisterDevice failed\n");
@@ -497,6 +501,8 @@ int client_async_test(int argc, char** argv)
             }
             continue;
         }
+        fprintf(stderr, "ERROR: wolfSSL_write failed: %d (%s)\n",
+            err, wolfSSL_ERR_reason_error_string(err));
         goto out;
     }
 
@@ -529,6 +535,8 @@ int client_async_test(int argc, char** argv)
             }
             continue;
         }
+        fprintf(stderr, "ERROR: wolfSSL_read failed: %d (%s)\n",
+            err, wolfSSL_ERR_reason_error_string(err));
         goto out;
     }
 
diff --git a/examples/async/async_server.c b/examples/async/async_server.c
@@ -291,6 +291,10 @@ int server_async_test(int argc, char** argv)
     }
 #endif
 #ifdef WOLF_CRYPTO_CB
+    /* Crypto callbacks require a valid devId. When no hardware async driver
+     * sets one (e.g. Cavium/Intel QA/SW), assign one explicitly. */
+    if (devId == INVALID_DEVID)
+        devId = 1;
     XMEMSET(&cryptoCbCtx, 0, sizeof(cryptoCbCtx));
     if (wc_CryptoCb_RegisterDevice(devId, AsyncTlsCryptoCb, &cryptoCbCtx) != 0) {
         fprintf(stderr, "ERROR: wc_CryptoCb_RegisterDevice failed\n");
@@ -526,6 +530,8 @@ int server_async_test(int argc, char** argv)
                 }
                 continue;
             }
+            fprintf(stderr, "ERROR: wolfSSL_read failed: %d (%s)\n",
+                err, wolfSSL_ERR_reason_error_string(err));
             goto exit;
         }
 
diff --git a/examples/async/async_tls.c b/examples/async/async_tls.c
@@ -178,12 +178,17 @@ int AsyncTlsCryptoCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
 
     if (info->algo_type == WC_ALGO_TYPE_PK) {
 #ifdef WOLFSSL_ASYNC_CRYPT
-        /* Test pending response */
+        /* Simulate async pending for signing only.
+         * This matches a typical hardware crypto scenario (e.g., TPM) where
+         * only signing is offloaded to hardware. Keygen, verify, and ECDH
+         * are performed synchronously in software.
+         * Note: WOLFSSL_ASYNC_CRYPT + WOLF_CRYPTO_CB pending simulation
+         * requires operations whose TLS state machines properly handle retry
+         * via wolfSSL_AsyncPop. ECC keygen in TLSX_KeyShare_GenEccKey does
+         * not support this because the keygen call is inside the key
+         * allocation guard (kse->key == NULL) which is skipped on retry. */
         if (info->pk.type == WC_PK_TYPE_RSA ||
-            info->pk.type == WC_PK_TYPE_EC_KEYGEN ||
-            info->pk.type == WC_PK_TYPE_ECDSA_SIGN ||
-            info->pk.type == WC_PK_TYPE_ECDSA_VERIFY ||
-            info->pk.type == WC_PK_TYPE_ECDH)
+            info->pk.type == WC_PK_TYPE_ECDSA_SIGN)
         {
             if (myCtx->pendingCount++ < TEST_PEND_COUNT) return WC_PENDING_E;
             myCtx->pendingCount = 0;
diff --git a/src/internal.c b/src/internal.c
@@ -41789,7 +41789,10 @@ int wolfSSL_AsyncPop(WOLFSSL* ssl, byte* state)
              * the completion is not detected in the poll like Intel QAT or
              * Nitrox */
             ret = wolfEventQueue_Remove(&ssl->ctx->event_queue, event);
-
+            /* Clear async device so stale pending state from
+             * wolfSSL_AsyncInit does not confuse subsequent operations */
+            XMEMSET(&asyncDev->event, 0, sizeof(WOLF_EVENT));
+            ssl->asyncDev = NULL;
         }
     #endif
     }
diff --git a/wolfcrypt/src/async.c b/wolfcrypt/src/async.c
@@ -705,7 +705,11 @@ int wolfAsync_EventQueuePoll(WOLF_EVENT_QUEUE* queue, void* context_filter,
                             event->ret = wolfAsync_DoSw(asyncDev);
                         }
                 #elif defined(WOLF_CRYPTO_CB) || defined(HAVE_PK_CALLBACKS)
-                    /* Use crypto or PK callbacks */
+                    /* Crypto/PK callbacks manage their own retry state.
+                     * Leave event->ret as WC_PENDING_E so that
+                     * wolfSSL_AsyncPop can detect the pending state and
+                     * remove the event, allowing the operation to be
+                     * retried with a fresh callback invocation. */
 
                 #else
                     #warning No async crypt device defined!
diff --git a/wolfcrypt/src/cryptocb.c b/wolfcrypt/src/cryptocb.c
@@ -219,7 +219,7 @@ void wc_CryptoCb_InfoString(wc_CryptoInfo* info)
         printf("Crypto CB: %s %s (%d) (%p ctx)\n",
             GetAlgoTypeStr(info->algo_type),
             GetCipherTypeStr(info->cipher.type),
-            info->cipher.type, info->cipher.ctx);
+            info->cipher.type, (void*)info->cipher.ctx);
     }
 #endif /* !NO_AES || !NO_DES3 */
 #if !defined(NO_SHA) || !defined(NO_SHA256) || \
@@ -228,7 +228,7 @@ void wc_CryptoCb_InfoString(wc_CryptoInfo* info)
         printf("Crypto CB: %s %s (%d) (%p ctx) %s\n",
             GetAlgoTypeStr(info->algo_type),
             GetHashTypeStr(info->hash.type),
-            info->hash.type, info->hash.ctx,
+            info->hash.type, (void*)info->hash.ctx,
             (info->hash.in != NULL) ? "Update" : "Final");
     }
 #endif
@@ -237,7 +237,7 @@ void wc_CryptoCb_InfoString(wc_CryptoInfo* info)
         printf("Crypto CB: %s %s (%d) (%p ctx) %s\n",
             GetAlgoTypeStr(info->algo_type),
             GetHashTypeStr(info->hmac.macType),
-            info->hmac.macType, info->hmac.hmac,
+            info->hmac.macType, (void*)info->hmac.hmac,
             (info->hmac.in != NULL) ? "Update" : "Final");
     }
 #endif
@@ -246,7 +246,7 @@ void wc_CryptoCb_InfoString(wc_CryptoInfo* info)
         printf("Crypto CB: %s %s (%d) (%p ctx) %s %s %s\n",
             GetAlgoTypeStr(info->algo_type),
             GetCmacTypeStr(info->cmac.type),
-            info->cmac.type, info->cmac.cmac,
+            info->cmac.type, (void*)info->cmac.cmac,
             (info->cmac.key != NULL) ? "Init " : "",
             (info->cmac.in != NULL) ? "Update " : "",
             (info->cmac.out != NULL) ? "Final" : "");

Original file line number	Diff line number	Diff line change
`@@ -286,6 +286,10 @@ int client_async_test(int argc, char** argv)`
`286`	`286`	`}`
`287`	`287`	`#endif`
`288`	`288`	`#ifdef WOLF_CRYPTO_CB`
	`289`	`+ /* Crypto callbacks require a valid devId. When no hardware async driver`
	`290`	`+ * sets one (e.g. Cavium/Intel QA/SW), assign one explicitly. */`
	`291`	`+ if (devId == INVALID_DEVID)`
	`292`	`+ devId = 1;`
`289`	`293`	`XMEMSET(&cryptoCbCtx, 0, sizeof(cryptoCbCtx));`
`290`	`294`	`if (wc_CryptoCb_RegisterDevice(devId, AsyncTlsCryptoCb, &cryptoCbCtx) != 0) {`
`291`	`295`	`fprintf(stderr, "ERROR: wc_CryptoCb_RegisterDevice failed\n");`
`@@ -497,6 +501,8 @@ int client_async_test(int argc, char** argv)`
`497`	`501`	`}`
`498`	`502`	`continue;`
`499`	`503`	`}`
	`504`	`+ fprintf(stderr, "ERROR: wolfSSL_write failed: %d (%s)\n",`
	`505`	`+ err, wolfSSL_ERR_reason_error_string(err));`
`500`	`506`	`goto out;`
`501`	`507`	`}`
`502`	`508`
`@@ -529,6 +535,8 @@ int client_async_test(int argc, char** argv)`
`529`	`535`	`}`
`530`	`536`	`continue;`
`531`	`537`	`}`
	`538`	`+ fprintf(stderr, "ERROR: wolfSSL_read failed: %d (%s)\n",`
	`539`	`+ err, wolfSSL_ERR_reason_error_string(err));`
`532`	`540`	`goto out;`
`533`	`541`	`}`
`534`	`542`
Original file line number	Diff line number	Diff line change
`@@ -291,6 +291,10 @@ int server_async_test(int argc, char** argv)`
`291`	`291`	`}`
`292`	`292`	`#endif`
`293`	`293`	`#ifdef WOLF_CRYPTO_CB`
	`294`	`+ /* Crypto callbacks require a valid devId. When no hardware async driver`
	`295`	`+ * sets one (e.g. Cavium/Intel QA/SW), assign one explicitly. */`
	`296`	`+ if (devId == INVALID_DEVID)`
	`297`	`+ devId = 1;`
`294`	`298`	`XMEMSET(&cryptoCbCtx, 0, sizeof(cryptoCbCtx));`
`295`	`299`	`if (wc_CryptoCb_RegisterDevice(devId, AsyncTlsCryptoCb, &cryptoCbCtx) != 0) {`
`296`	`300`	`fprintf(stderr, "ERROR: wc_CryptoCb_RegisterDevice failed\n");`
`@@ -526,6 +530,8 @@ int server_async_test(int argc, char** argv)`
`526`	`530`	`}`
`527`	`531`	`continue;`
`528`	`532`	`}`
	`533`	`+ fprintf(stderr, "ERROR: wolfSSL_read failed: %d (%s)\n",`
	`534`	`+ err, wolfSSL_ERR_reason_error_string(err));`
`529`	`535`	`goto exit;`
`530`	`536`	`}`
`531`	`537`
Original file line number	Diff line number	Diff line change
`@@ -41789,7 +41789,10 @@ int wolfSSL_AsyncPop(WOLFSSL* ssl, byte* state)`
`41789`	`41789`	`* the completion is not detected in the poll like Intel QAT or`
`41790`	`41790`	`* Nitrox */`
`41791`	`41791`	`ret = wolfEventQueue_Remove(&ssl->ctx->event_queue, event);`
`41792`		`-`
	`41792`	`+ /* Clear async device so stale pending state from`
	`41793`	`+ * wolfSSL_AsyncInit does not confuse subsequent operations */`
	`41794`	`+ XMEMSET(&asyncDev->event, 0, sizeof(WOLF_EVENT));`
	`41795`	`+ ssl->asyncDev = NULL;`
`41793`	`41796`	`}`
`41794`	`41797`	`#endif`
`41795`	`41798`	`}`