TLS v1.3: Support a stateful ticket and test HAVE_EXT_CACHE (#5960)

* Add TLSv1.3 stateful support Fix internal and external session cache * session cache fixes * Refactor - implement wolfSSL_CTX_flush_sessions - use wolfSSL_CTX_flush_sessions to make test_wolfSSL_CTX_add_session_ext deterministic - add dtls to test_wolfSSL_CTX_add_session_ext - DoClientTicket_ex does not modify ssl object - only call session remove callback on: - timeout - session is being overwritten/removed from the cache * Session fixes - restore bogus ID on session duplicate - don't evict on overwrite - use memmove instead on memcpy as `ssl->session == session` is possible - ignore ClientSession parameter in AddSessionToCache on NO_SESSION_CACHE_REF - use sessionID when altSessionID not present * Session fixes - DoClientTicketFinalize: always copy in the ID as teh altSessionID - don't overwrite ex_data when overwriting cacheSession and cacheSession owns it * Callback wants to retain a copy * wolfSSL_GetSessionClient: ssl->ctx->get_sess_cb does not apply here * test_wolfSSL_CTX_add_session_ext gate expected results on WOLFSSL_DTLS_NO_HVR_ON_RESUME * TlsSessionIdIsValid: copy return can't be ignored * Silence unused parameter * test_wolfSSL_CTX_add_session_ext: handle async case * Gate wolfSSL_SSL_CTX_remove_session on NO_SESSION_CACHE * ssl.c: style fixes * Add twcase_get_sessionCb_cleanup to free external cache * Remove hard tab * Correct build error in wolfSSL_CTX_flush_sessions * Jenkins fixes: - altSessionID only available with WOLFSSL_TICKET_HAVE_ID - slim out psk_sess_free_cb_ctx * Stateful dtls case has 2 accesses. Stateless just one. * Add version numbering to hostap logs * Import internal.h for test_wolfSSL_SESSION_get_ex_new_index * wolfSSL_SetSession: don't check SslSessionCacheOff for session setting * wolfSSL_SetSession: fully set expired session for OpenSSL compatibility * wolfSSL_SetSession: check if setting same object * AddSession: always populate the session object to allow re-use * Add logging to wolfSSL_NewSession and wolfSSL_FreeSession * Always setup session object * Check if session has been setup before setting it * Print errors in async test * Make SetupSession available outside NO_SESSION_CACHE * Review comments * Fix ticBuf leak and TlsSessionIdIsValid logic * Fix unmatched curly brackets * TlsSessionIdIsValid: always need to check copy var * TlsResumptionIsValid: set resume to FALSE default * wolfSSL_SetSession: remove now variable since only used in one place * Move internalCacheLookupOff into HAVE_EXT_CACHE block --------- Co-authored-by: Juliusz Sosinowicz <juliusz@wolfssl.com>
2023-04-21 06:46:08 -07:00
parent 9230d9cfe3
commit 1106e5ff0e
11 changed files with 1241 additions and 343 deletions
--- a/.github/workflows/async.yml
+++ b/.github/workflows/async.yml
@@ -23,3 +23,9 @@ jobs:
          ./configure ${{ matrix.config }}
          make check

+      - name: Print errors 
+        if: ${{ failure() }}
+        run: |
+          if [ -f test-suite.log ] ; then
+            cat test-suite.log
+          fi
--- a/.github/workflows/hostap.yml
+++ b/.github/workflows/hostap.yml
@@ -99,6 +99,15 @@ jobs:
          ${{ toJSON(matrix) }}
          EOF

+      - name: Print computed job run ID
+        run: |
+          SHA_SUM=$(sha256sum << 'END_OF_HEREDOC' | cut -d " " -f 1
+          ${{ toJSON(github) }}
+          END_OF_HEREDOC
+          )
+          echo "our_job_run_id=$SHA_SUM" >> $GITHUB_ENV
+          echo Our job run ID is $SHA_SUM
+
      - name: Checkout wolfSSL
        uses: actions/checkout@v3
        with:
@@ -264,7 +273,7 @@ jobs:
        if: ${{ failure() && steps.testing.outcome == 'failure' }}
        uses: actions/upload-artifact@v3
        with:
-          name: hostap-logs
+          name: hostap-logs-${{ env.our_job_run_id }}
          path: hostap/tests/hwsim/logs.zip
          retention-days: 5

--- a/.github/workflows/os-check.yml
+++ b/.github/workflows/os-check.yml
@@ -15,6 +15,10 @@ jobs:
          '--enable-all --enable-asn=template',
          '--enable-all --enable-asn=original',
          '--enable-harden-tls',
+          '--enable-tls13 --enable-session-ticket --enable-dtls --enable-dtls13
+           --enable-opensslextra --enable-sessioncerts 
+           CPPFLAGS=''-DWOLFSSL_DTLS_NO_HVR_ON_RESUME -DHAVE_EXT_CACHE 
+           -DWOLFSSL_TICKET_HAVE_ID -DHAVE_EX_DATA -DSESSION_CACHE_DYNAMIC_MEM'' ',
        ]
    name: make check
    runs-on: ${{ matrix.os }}