Rebase fixes

src/crl.c

@@ -1446,7 +1446,7 @@ int LoadCRL(WOLFSSL_CRL* crl, const char* path, int type, int monitor)
         pathLen = (word32)XSTRLEN(path);
         pathBuf = (char*)XMALLOC(pathLen+1, crl->heap,DYNAMIC_TYPE_CRL_MONITOR);
         if (pathBuf) {
-            XSTRNCPY(pathBuf, path, pathLen+1);
+            XMEMCPY(pathBuf, path, pathLen+1);
 
             if (type == WOLFSSL_FILETYPE_PEM) {
                 /* free old path before setting a new one */

src/dtls.c

@@ -492,7 +492,7 @@ static void FindPskSuiteFromExt(const WOLFSSL* ssl, TLSX* extensions,
                         break;
                 }
                 if (ret == WOLFSSL_TICKET_RET_OK) {
-                    if (DoClientTicketCheck(current, ssl->timeout,
+                    if (DoClientTicketCheck(ssl, current, ssl->timeout,
                             suites->suites + i) != 0) {
                         continue;
                     }

src/internal.c

@@ -6691,6 +6691,8 @@ int ReinitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
     (void)ctx;
 
     ssl->options.shutdownDone = 0;
+    if (ssl->session != NULL)
+        ssl->session->side = (byte)ssl->options.side;
 
     return ret;
 }
@@ -34652,8 +34654,8 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
     }
 
     /* Return 0 when check successful. <0 on failure. */
-    int DoClientTicketCheck(const PreSharedKey* psk, sword64 timeout,
-            const byte* suite)
+    int DoClientTicketCheck(const WOLFSSL* ssl, const PreSharedKey* psk,
+            sword64 timeout, const byte* suite)
     {
         word32 ticketAdd;
 #ifdef WOLFSSL_32BIT_MILLI_TIME
@@ -34702,13 +34704,15 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
         if (diff < -1000 || diff - MAX_TICKET_AGE_DIFF * 1000 > 1000)
             return -1;
 
-#ifndef WOLFSSL_PSK_ONE_ID
+#if !defined(WOLFSSL_PSK_ONE_ID) && !defined(WOLFSSL_PRIORITIZE_PSK)
         /* Check whether resumption is possible based on suites in SSL and
          * ciphersuite in ticket.
          */
+        (void)ssl;
         if (XMEMCMP(suite, psk->it->suite, SUITE_LEN) != 0)
             return -1;
 #else
+        (void)suite;
         if (!FindSuiteSSL(ssl, psk->it->suite))
             return -1;
 #endif

src/ssl.c

@@ -15035,8 +15035,8 @@ int wolfSSL_SetSession(WOLFSSL* ssl, WOLFSSL_SESSION* session)
     }
     else {
 #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_ERROR_CODE_OPENSSL)
-        WOLFSSL_MSG("Session is expired but return success for \
-                              OpenSSL compatibility");
+        WOLFSSL_MSG("Session is expired but return success for "
+                    "OpenSSL compatibility");
         ret = WOLFSSL_SUCCESS;
 #else
         ret = WOLFSSL_FAILURE;  /* session timed out */

src/tls13.c

@@ -3242,14 +3242,14 @@ exit_buildmsg:
 
 #if !defined(NO_WOLFSSL_CLIENT) || (!defined(NO_WOLFSSL_SERVER) && \
     (defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)) && \
-    defined(WOLFSSL_PSK_ONE_ID)) \
+    (defined(WOLFSSL_PSK_ONE_ID) || defined(WOLFSSL_PRIORITIZE_PSK)))
 /* Find the cipher suite in the suites set in the SSL.
  *
  * ssl    SSL/TLS object.
  * suite  Cipher suite to look for.
  * returns 1 when suite is found in SSL/TLS object's list and 0 otherwise.
  */
-static int FindSuiteSSL(const WOLFSSL* ssl, byte* suite)
+int FindSuiteSSL(const WOLFSSL* ssl, byte* suite)
 {
     word16 i;
     const Suites* suites = WOLFSSL_SUITES(ssl);
@@ -5676,10 +5676,8 @@ static int DoPreSharedKeys(WOLFSSL* ssl, const byte* input, word32 inputSz,
         #endif
 
         if (ret == WOLFSSL_TICKET_RET_OK) {
-            if (DoClientTicketCheck(current, ssl->timeout, suite) != 0) {
-                current = current->next;
+            if (DoClientTicketCheck(ssl, current, ssl->timeout, suite) != 0)
                 continue;
-            }
 
             DoClientTicketFinalize(ssl, current->it);
 

tests/api.c

@@ -62845,7 +62845,8 @@ static int test_wolfSSL_CRL_CERT_REVOKED_alert(void)
 #if defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET) \
     && defined(HAVE_IO_TESTS_DEPENDENCIES) && defined(HAVE_AESGCM) && \
     !defined(NO_SHA256) && defined(WOLFSSL_AES_128) && \
-    defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256)
+    defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256) && \
+    !defined(WOLFSSL_NO_DEF_TICKET_ENC_CB)
 
 static WOLFSSL_CTX* test_TLS_13_ticket_different_ciphers_ctx = NULL;
 static WOLFSSL_SESSION* test_TLS_13_ticket_different_ciphers_session = NULL;

wolfssl/internal.h

@@ -5651,8 +5651,8 @@ WOLFSSL_LOCAL int SendTicket(WOLFSSL* ssl);
 WOLFSSL_LOCAL int DoDecryptTicket(const WOLFSSL* ssl, const byte* input,
         word32 len, InternalTicket **it);
 /* Return 0 when check successful. <0 on failure. */
-WOLFSSL_LOCAL int DoClientTicketCheck(const PreSharedKey* psk, sword64 timeout,
-        const byte* suite);
+WOLFSSL_LOCAL int DoClientTicketCheck(const WOLFSSL* ssl,
+        const PreSharedKey* psk, sword64 timeout, const byte* suite);
 WOLFSSL_LOCAL void DoClientTicketFinalize(WOLFSSL* ssl, InternalTicket* it);
 WOLFSSL_LOCAL void CleanupClientTickets(PreSharedKey* psk);
 WOLFSSL_LOCAL int DoClientTicket(WOLFSSL* ssl, const byte* input, word32 len);
@@ -5892,10 +5892,11 @@ WOLFSSL_LOCAL int cipherExtraData(WOLFSSL* ssl);
     WOLFSSL_LOCAL sword64 TimeNowInMilliseconds(void);
 #endif
 
-    WOLFSSL_LOCAL int FindSuiteMac(WOLFSSL* ssl, byte* suite);
 #endif
 WOLFSSL_LOCAL word32  LowResTimer(void);
 
+WOLFSSL_LOCAL int FindSuiteSSL(const WOLFSSL* ssl, byte* suite);
+
 #ifndef NO_CERTS
     WOLFSSL_LOCAL void InitX509Name(WOLFSSL_X509_NAME* name, int dynamicFlag,
                                     void* heap);