stunnel 5.61 support #4807
stunnel 5.61 support #4807
Conversation
julek-wolfssl
force-pushed
the
stunnel-5.61
branch
from
083c95f to
6874a8d
Compare
src/ssl.c
Outdated
| *pkcs12 = NULL; | ||
| if (mem != NULL && localPkcs12 != NULL) { | ||
| if (wolfSSL_BIO_read(bio, mem, (int)memSz) == memSz) { | ||
| ret = wc_d2i_PKCS12(mem, memSz, localPkcs12); |
There was a problem hiding this comment.
src/ssl.c:63445:38: error: implicit conversion loses integer precision: 'long' to 'word32' (aka 'unsigned int') [-Werror,-Wshorten-64-to-32]
ret = wc_d2i_PKCS12(mem, memSz, localPkcs12);
~~~~~~~~~~~~~ ^~~~~
There was a problem hiding this comment.
Fixed as part of the Jenkins fixes.
|
Also need to add new session fields to i2d and d2i api. |
src/ssl.c
Outdated
| @@ -12459,7 +12460,7 @@ WOLFSSL_SESSION* wolfSSL_get_session(WOLFSSL* ssl) | |||
| { | |||
| WOLFSSL_ENTER("SSL_get_session"); | |||
| if (ssl) | |||
| return wolfSSL_GetSession(ssl, NULL, 1); | |||
| return &ssl->session; | |||
There was a problem hiding this comment.
This doesn't work. wolfSSL_get_session is called... WOLFSSL object can be free'd between resumption.
There was a problem hiding this comment.
That is correct because wolfSSL_get_session should return a reference to the working session (that is what SSL_get_session does). Users who want to retain a copy of the session should always use wolfSSL_get1_session as that will guarantee either an incremented refCount of a duplicated object.
There was a problem hiding this comment.
This will break existing compatibility. Did you consider making the WOLFSSL_SESSION in WOLFSSL a pointer and allocating from heap? It would not increase memory use, since the WOLFSSL object is already allocated from the heap.
There was a problem hiding this comment.
This will break existing compatibility.
While true, the assumption is that a pointer directly to the cache entry is just as unsafe. The client user has no way of knowing if the session didn't change before setting it in a new SSL object. We could make wolfSSL_get_session and wolfSSL_get1_session do the same thing but that will cause leaks since wolfSSL_get_session is meant to return a reference to the SSL object's working session.
Did you consider making the WOLFSSL_SESSION in WOLFSSL a pointer and allocating from heap?
This is an interesting idea. It should be fairly easy to do. The only issue would be that the heap is further fragmented. Do you think I should pursue this direction?
There was a problem hiding this comment.
Yes please. You'll have to track that the allocated WOLFSSL_SESSION was retrieved and assume to not free it on wolfSSL_free. I think the session_ref stuff already does something similar, which could all be cleaned up and combined.
There was a problem hiding this comment.
Do you mean that the session should point into the cache? I was thinking it would be allocated on wolfSSL_new and free'd on wolfSSL_free. A user could retain the object by either calling wolfSSL_get1_session or the up_ref API.
There was a problem hiding this comment.
Got it. I'll try to get it done tomorrow.
Out of these three, I think API compatibility is the only concern. Memory use will not be increased because |
julek-wolfssl
force-pushed
the
stunnel-5.61
branch
13 times, most recently
from
e007ecc to
794fe43
Compare
julek-wolfssl
force-pushed
the
stunnel-5.61
branch
from
794fe43 to
58ff372
Compare
| @@ -6683,10 +6683,10 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup) | |||
| void FreeArrays(WOLFSSL* ssl, int keep) | |||
| { | |||
| if (ssl->arrays) { | |||
| if (keep) { | |||
| if (keep && !IsAtLeastTLSv1_3(ssl->version)) { | |||
There was a problem hiding this comment.
Since ssl->session is a pointer now, please also add NULL check before trying to touch it.
| @@ -8983,7 +8972,8 @@ static int wolfSSLReceive(WOLFSSL* ssl, byte* buf, word32 sz) | |||
| return -1; | |||
|
|
|||
| case WOLFSSL_CBIO_ERR_WANT_READ: /* want read, would block */ | |||
| if (ssl->ctx->autoRetry) | |||
| if (ssl->ctx->autoRetry && !ssl->options.handShakeDone && | |||
There was a problem hiding this comment.
Good fix here... This is probably one that needs to be merged soon.
src/internal.c
Outdated
| @@ -20201,7 +20193,11 @@ const char* wolfSSL_ERR_reason_error_string(unsigned long e) | |||
| return "wrong client/server type"; | |||
|
|
|||
| case NO_PEER_CERT : | |||
| #ifndef OPENSSL_EXTRA | |||
There was a problem hiding this comment.
It is fine with me if you change NO_PEER_CERT and BAD_BINDER for all build cases (not just OPENSSL_EXTRA). But consider adding comment that openssl compatibility expects this specific text.
There was a problem hiding this comment.
One fixed value with comment to explain compatibility.
src/internal.c
Outdated
| @@ -29955,6 +29942,15 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, | |||
| #endif | |||
|
|
|||
| ret = MatchSuite(ssl, &clSuites); | |||
| #ifdef OPENSSL_EXTRA | |||
| /* Give user last chance to provide a cert for cipher selection */ | |||
There was a problem hiding this comment.
This section is a very good change. If someone has setup a certificate callback with wolfSSL_CTX_set_cert_cb then they have the option to load different certificate and the call below to try MatchSuite again will adjust.
I'd prefer this logic to be cleaned up and only called if ssl->ctx->certSetupCb is set. I do realize it is also checked in CertSetupCbWrapper, but the return code logic from it doesn't report error for it. I want to make sure a future change doesn't cause an issue here.
Also does ret = MatchSuite(ssl, &clSuites); above at 29944 still need called before or would it make sense to just always call after the CertSetupCbWrapper?
There was a problem hiding this comment.
I was thinking that the callback could be dependent on the cipher chosen but that doesn't make sense since the certificate selection will heavily influence the ciphersuite. Changing to one call after the cert callback.
| @@ -30513,6 +30504,9 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, | |||
| #ifdef WOLFSSL_EARLY_DATA | |||
| word32 maxEarlyDataSz; /* Max size of early data */ | |||
| #endif | |||
| #endif | |||
| #ifdef WOLFSSL_TICKET_HAVE_ID | |||
| byte id[ID_LEN]; | |||
There was a problem hiding this comment.
Added 32 bytes here should be fine, since the total ticket size is still under the SESSION_TICKET_LEN=256 default.
There was a problem hiding this comment.
So do you think this should be added permanently for all configurations with the session cache enabled?
src/internal.c
Outdated
| XFREE(ssl->session.ticket, ssl->heap, DYNAMIC_TYPE_SESSION_TICK); | ||
| ssl->session.ticket = ssl->session._staticTicket; | ||
| ssl->session.ticketLenAlloc = 0; | ||
| if (ssl->session->ticketLenAlloc > 0) { |
There was a problem hiding this comment.
Please add a ssl->session != NULL check to this function. I simulated free'ing the ssl->session in FreeHandshakeResources as a test...
There was a problem hiding this comment.
The ssl->session member is allocated when the WOLFSSL object is created and free'ed only on wolfSSL_free. It is used extensively everywhere. Other members aren't tested for either like ssl->arrays or ssl->suites. I'm not sure if this is really necessary. Are you sure?
$ grep -r -P --include='*.[ch]' '\-\>session\-\>' | wc -l
233
| ssl->session.cipherSuite = ssl->options.cipherSuite; | ||
| ssl->session.ticketSeen = now; | ||
| ssl->session.ticketAdd = ageAdd; | ||
| ssl->session->timeout = lifetime; |
There was a problem hiding this comment.
Same.. please add an ssl->session != NULL check in DoTls13NewSessionTicket
| session->sessionIDSz = ID_LEN; | ||
| (void)error; | ||
|
|
||
| WOLFSSL_ENTER("AddSession"); |
There was a problem hiding this comment.
Please add check for ssl->session == NULL.
julek-wolfssl
force-pushed
the
stunnel-5.61
branch
from
58ff372 to
2ee15ea
Compare
julek-wolfssl
force-pushed
the
stunnel-5.61
branch
2 times, most recently
from
13d17c6 to
d01baed
Compare
|
Jenkins failure due to aborted test. |
| test_wolfSSL_CTX_add_session_server_ctx == NULL) { | ||
| AssertNotNull(test_wolfSSL_CTX_add_session_server_ctx | ||
| = wolfSSL_get_SSL_CTX(ssl)); | ||
| AssertIntEQ(wolfSSL_CTX_up_ref(wolfSSL_get_SSL_CTX(ssl)), |
There was a problem hiding this comment.
Building with ./configure CFLAGS="-DWOLFSSL_TICKET_HAVE_ID -DHAVE_EXT_CACHE" && make gives error because wolfSSL_CTX_up_ref is not available. You might consider making that API public when session cache is enabled, not just on compatibility layer?
There was a problem hiding this comment.
I made wolfSSL_CTX_up_ref always available. As I explain in the commit message:
wolfSSL_CTX_up_refis a small and potentially useful API for users so it doesn't need to be restricted only to the compatibility layer. The reference counting mechanisms are always available anyway. This just exposes the functionality to the user.
- New/Implemented API - `SSL_has_pending` - `wolfSSL_CertManagerLoadCRLFile` - `wolfSSL_LoadCRLFile` - `wolfSSL_CTX_LoadCRLFile` - `wolfSSL_CTX_add_session` - Calling chain certificate API (for example `wolfSSL_CTX_use_certificate_chain_file`) no longer requires an actual chain certificate PEM file to be passed in as input. `ProcessUserChain` error in `ProcessBuffer` is ignored if it returns that it didn't find a chain. - Add `WOLFSSL_TICKET_HAVE_ID` macro. When defined tickets will include the original session ID that can be used to lookup the session in internal cache. This is useful for fetching information about the peer that doesn't get sent in a resumption (such as the peer's certificate chain). - Add `ssl->ticketSessionID` field because `ssl->session.sessionID` is used to return the "bogus" session ID sent by the client in TLS 1.3 - `OPENSSL_COMPATIBLE_DEFAULTS` changes - Define `WOLFSSL_TRUST_PEER_CERT` and certificates added as CA's will also be loaded as trusted peer certificates - Define `WOLFSSL_TLS13_MIDDLEBOX_COMPAT` - Seperate `internalCacheOff` and `internalCacheLookupOff` options to govern session addition and lookup - `VerifyServerSuite` now determines if RSA is available by checking for it directly and not assuming it as the default if static ECC is not available - `WOLFSSL_SESSION` changes - `ssl->extSession` added to return a dynamic session when internalCacheOff is set - `ssl->session.refPtr` made dynamic and gets free'd in `SSL_ResourceFree` - If `SSL_MODE_AUTO_RETRY` is set then retry should only occur during a handshake - `WOLFSSL_TRUST_PEER_CERT` code now always uses `cert->subjectHash` for the `cm->tpTable` table row selection - Change some error message names to line up with OpenSSL equivalents - Run `MatchSuite` again if certificate setup callback installed and successful - Refactor clearing `ASN_NO_PEM_HEADER` off the error queue into a macro - `wolfSSL_get_peer_certificate` now returns a duplicated object meaning that the caller needs to free the returned object - Allign `wolfSSL_CRYPTO_set_mem_functions` callbacks with OpenSSL API - `wolfSSL_d2i_PKCS12_bio` now consumes the input BIO. It now supports all supported BIO's instead of only memory BIO. - stunnel specific - Always return a session object even if we don't have a session in cache. This allows stunnel to save information in the session external data that will be transfered to new connections if the session is reused - When allocating a dynamic session, always do `wolfSSL_SESSION_set_ex_data(session, 0, (void *)(-1)`. This is to mimic the new index callback set in `SSL_SESSION_get_ex_new_index`. - Fix comment in `wolfSSL_AES_cbc_encrypt` - Trusted peer certificate suite tests need to have CRL disabled since we don't have the issuer certificate in the CA store if the certificates are only added as trusted peer certificates. tested
- Adding and getting sessions to and from the local cache is now atomic. - The new internal `wolfSSL_GetSessionFromCache` requires a destination object to be supplied when retrieving from the cache so that items can be retrieved independently from the cache. For most existing calls, the destination is `ssl->session`. -`PREALLOC_SESSION_TICKET_LEN` defines how much memory is temporarily allocated for the ticket if it doesn't fit in the static session buffer.
- Refactor session cache access into `AddSessionToCache` and `wolfSSL_GetSessionFromCache`
- Move test to `HAVE_IO_TESTS_DEPENDENCIES`
- Implement `wolfSSL_trust_peer_cert`
- have{cipher} options weren't being set with only RSA enabled
Before this pull request, `wolfSSL_get_session` always returned a pointer to the internal session cache. The user can't tell if the underlying session hasn't changed before it calls `wolfSSL_set_session` on it. This PR adds a define `NO_SESSION_CACHE_REF` (for now only defined with `OPENSSL_COMPATIBLE_DEFAULTS`) that makes wolfSSL only return a pointer to `ssl->session`. The issue is that this makes the pointer returned non-persistent ie: it gets free'd with the `WOLFSSL` object. This commit leverages the lightweight `ClientCache` to "increase" the size of the session cache. The hash of the session ID is checked to make sure that the underlying session hasn't changed.
- Make `InternalTicket` memory alignment independent
`wolfSSL_CTX_up_ref` is a small and potentially useful API for users so it doesn't need to be restricted only to the compatibility layer. The reference counting mechanisms are always available anyway. This just exposes the functionality to the user.
julek-wolfssl
force-pushed
the
stunnel-5.61
branch
from
4609207 to
fb943a2
Compare
Reported in ZD13606
* Adds stateful handling of DH shared secret computation in `SetupKeys`. * Improved the decrypt handling to use internal functions and avoid generating alerts on failures. * Fix for sniffer resume due to missing `sessionIDSz` broken in wolfSSL#4807. * Fix sniffer test cases to split resume (session_ticket) tests. * Add `snifftest` list of build features so test script can gate running resume test.
* Adds stateful handling of DH shared secret computation in `SetupKeys`. * Improved the decrypt handling to use internal functions and avoid generating alerts on failures. * Fix for sniffer resume due to missing `sessionIDSz` broken in wolfSSL#4807. * Fix sniffer test cases to split resume (session_ticket) tests. * Add `snifftest` list of build features so test script can gate running resume test.
SSL_has_pendingwolfSSL_CertManagerLoadCRLFilewolfSSL_LoadCRLFilewolfSSL_CTX_LoadCRLFilewolfSSL_CTX_add_sessionwolfSSL_GetSessionFromCacherequires a destination object to be supplied when retrieving from the cache so that items can be retrieved independently from the cache. For most existing calls, the destination isssl->session.PREALLOC_SESSION_TICKET_LENdefines how much memory is temporarily allocated for the ticket if it doesn't fit in the static session buffer.wolfSSL_get_sessionalways returned a pointer to the internal session cache. The user can't tell if the underlying session hasn't changed before it callswolfSSL_set_sessionon it. This PR adds a defineNO_SESSION_CACHE_REF(for now only defined withOPENSSL_COMPATIBLE_DEFAULTS) that makes wolfSSL only return a pointer tossl->session. The issue is that this makes the pointer returned non-persistent ie: it gets free'd with theWOLFSSLobject. This pull request leverages the lightweightClientCacheto "increase" the size of the session cache. The hash of the session ID is checked to make sure that the underlying session hasn't changed.wolfSSL_CTX_use_certificate_chain_file) no longer requires an actual chain certificate PEM file to be passed in as input.ProcessUserChainerror inProcessBufferis ignored if it returns that it didn't find a chain.WOLFSSL_TICKET_HAVE_IDmacro. When defined tickets will include the original session ID that can be used to lookup the session in internal cache. This is useful for fetching information about the peer that doesn't get sent in a resumption (such as the peer's certificate chain).ssl->session->altSessionIDfield becausessl->session.sessionIDis used to return the "bogus" session ID sent by the client in TLS 1.3 and when using tickets in TLS <= 1.2OPENSSL_COMPATIBLE_DEFAULTSchangesWOLFSSL_TRUST_PEER_CERTand certificates added as CA's will also be loaded as trusted peer certificatesinternalCacheOffandinternalCacheLookupOffoptions to govern session addition and lookupVerifyServerSuitenow determines if RSA is available by checking for it directly and not assuming it as the default if static ECC is not availableWOLFSSL_SESSIONchangesssl->session->altSessionIDadded to return a dynamic session when internalCacheOff is setssl->session.refPtrremoved in favor of makingssl->sessiona seperate heap allocated object that can be returned to the userSSL_MODE_AUTO_RETRYis set then retry should only occur during a handshake with a limitWOLFSSL_TRUST_PEER_CERTcode now always usescert->subjectHashfor thecm->tpTabletable row selectionMatchSuiteASN_NO_PEM_HEADERoff the error queue into a macrowolfSSL_get_peer_certificatenow returns a duplicated object meaning that the caller needs to free the returned objectwolfSSL_CRYPTO_set_mem_functionscallbacks with OpenSSL APIwolfSSL_d2i_PKCS12_bionow consumes the input BIO. It now supports all supported BIO's instead of only memory BIO.wolfSSL_SESSION_set_ex_data(session, 0, (void *)(-1). This is to mimic the new index callback set inSSL_SESSION_get_ex_new_index.wolfSSL_AES_cbc_encrypt