From f63430dd5282614d9e3c2d61db5810458a5ba144 Mon Sep 17 00:00:00 2001 From: Kareem Date: Fri, 2 Jun 2023 15:06:22 -0700 Subject: [PATCH 1/8] Add memcached support. memcached support: add required functions/defines. Fix running unit test when defining DEBUG_WOLFSSL_VERBOSE without OPENSSL_EXTRA. Break out session_id_context APIs into separate option WOLFSSL_SESSION_ID_CTX, so they can be used without OPENSSL_EXTRA. Make wolfSSL_ERR_get_error and wolfSSL_CTX_set_mode available for memcached. Add --enable-memcached. --- configure.ac | 17 ++++- src/internal.c | 4 +- src/ssl.c | 132 +++++++++++++++++++++-------------- tests/api.c | 10 ++- wolfssl/internal.h | 16 +++-- wolfssl/openssl/ssl.h | 3 + wolfssl/ssl.h | 4 ++ wolfssl/wolfcrypt/settings.h | 3 + 8 files changed, 128 insertions(+), 61 deletions(-) diff --git a/configure.ac b/configure.ac index a1d29d849ee..b1508ef809b 100644 --- a/configure.ac +++ b/configure.ac @@ -1484,6 +1484,7 @@ AC_ARG_ENABLE([mcast], # strongSwan (--enable-strongswan) # OpenLDAP (--enable-openldap) # hitch (--enable-hitch) +# memcached (--enable-memcached) # Bind DNS compatibility Build AC_ARG_ENABLE([bind], @@ -1694,6 +1695,13 @@ AC_ARG_ENABLE([hitch], [ ENABLED_HITCH=no ] ) +# memcached support +AC_ARG_ENABLE([memcached], + [AS_HELP_STRING([--enable-memcached],[Enable memcached support (default: disabled)])], + [ ENABLED_MEMCACHED=$enableval ], + [ ENABLED_MEMCACHED=no ] + ) + # OpenSSL Coexist AC_ARG_ENABLE([opensslcoexist], [AS_HELP_STRING([--enable-opensslcoexist],[Enable coexistence of wolfssl/openssl (default: disabled)])], @@ -6156,6 +6164,12 @@ then AM_CFLAGS="$AM_CFLAGS -DOPENSSL_COMPATIBLE_DEFAULTS -DWOLFSSL_CIPHER_INTERNALNAME" fi +if test "$ENABLED_MEMCACHED" = "yes" +then + AM_CFLAGS="$AM_CFLAGS -DDEBUG_WOLFSSL_VERBOSE -DWOLFSSL_SESSION_ID_CTX" + AM_CFLAGS="$AM_CFLAGS -DHAVE_EXT_CACHE -DHAVE_MEMCACHED" +fi + if test "$ENABLED_NGINX" = "yes"|| test "x$ENABLED_HAPROXY" = "xyes" || test "x$ENABLED_LIGHTY" = "xyes" then @@ -8416,7 +8430,7 @@ then AM_CFLAGS="$AM_CFLAGS -DOPENSSL_EXTRA -DWOLFSSL_ALWAYS_VERIFY_CB" AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_VERIFY_CB_ALL_CERTS -DWOLFSSL_EXTRA_ALERTS" AM_CFLAGS="$AM_CFLAGS -DHAVE_EXT_CACHE -DWOLFSSL_FORCE_CACHE_ON_TICKET" - AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AKID_NAME -DHAVE_CTS" + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AKID_NAME -DHAVE_CTS -DWOLFSSL_SESSION_ID_CTX" fi if test "$ENABLED_OPENSSLEXTRA" = "x509small" @@ -9388,6 +9402,7 @@ echo " * chrony: $ENABLED_CHRONY" echo " * strongSwan: $ENABLED_STRONGSWAN" echo " * OpenLDAP: $ENABLED_OPENLDAP" echo " * hitch: $ENABLED_HITCH" +echo " * memcached: $ENABLED_MEMCACHED" echo " * ERROR_STRINGS: $ENABLED_ERROR_STRINGS" echo " * DTLS: $ENABLED_DTLS" echo " * DTLS v1.3: $ENABLED_DTLS13" diff --git a/src/internal.c b/src/internal.c index 234eddd2f2c..dc2d2103efd 100644 --- a/src/internal.c +++ b/src/internal.c @@ -7307,10 +7307,12 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup) ssl->alert_history.last_tx.code = -1; ssl->alert_history.last_tx.level = -1; -#ifdef OPENSSL_EXTRA +#ifdef WOLFSSL_SESSION_ID_CTX /* copy over application session context ID */ ssl->sessionCtxSz = ctx->sessionCtxSz; XMEMCPY(ssl->sessionCtx, ctx->sessionCtx, ctx->sessionCtxSz); +#endif +#ifdef OPENSSL_EXTRA ssl->cbioFlag = ctx->cbioFlag; ssl->protoMsgCb = ctx->protoMsgCb; diff --git a/src/ssl.c b/src/ssl.c index ac26e582f73..2226059d0c6 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -13192,7 +13192,7 @@ void SetupSession(WOLFSSL* ssl) if (!IsAtLeastTLSv1_3(ssl->version) && ssl->arrays != NULL) XMEMCPY(session->masterSecret, ssl->arrays->masterSecret, SECRET_LEN); session->haveEMS = ssl->options.haveEMS; -#ifdef OPENSSL_EXTRA +#ifdef WOLFSSL_SESSION_ID_CTX /* If using compatibility layer then check for and copy over session context * id. */ if (ssl->sessionCtxSz > 0 && ssl->sessionCtxSz < ID_LEN) { @@ -13970,7 +13970,7 @@ int wolfSSL_SetSession(WOLFSSL* ssl, WOLFSSL_SESSION* session) if (ret != WOLFSSL_SUCCESS) return ret; -#ifdef OPENSSL_EXTRA +#ifdef WOLFSSL_SESSION_ID_CTX /* check for application context id */ if (ssl->sessionCtxSz > 0) { if (XMEMCMP(ssl->sessionCtx, ssl->session->sessionCtx, ssl->sessionCtxSz)) { @@ -13979,7 +13979,7 @@ int wolfSSL_SetSession(WOLFSSL* ssl, WOLFSSL_SESSION* session) return WOLFSSL_FAILURE; } } -#endif /* OPENSSL_EXTRA */ +#endif /* WOLFSSL_SESSION_ID_CTX */ if (LowResTimer() >= (ssl->session->bornOn + ssl->session->timeout)) { #if !defined(OPENSSL_EXTRA) || !defined(WOLFSSL_ERROR_CODE_OPENSSL) @@ -16820,7 +16820,20 @@ int wolfSSL_set_compression(WOLFSSL* ssl) #endif /* WOLFSSL_ENCRYPTED_KEYS */ +#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) || defined(HAVE_MEMCACHED) + unsigned long wolfSSL_ERR_get_error(void) + { + WOLFSSL_ENTER("wolfSSL_ERR_get_error"); +#ifdef WOLFSSL_HAVE_ERROR_QUEUE + return wc_GetErrorNodeErr(); +#else + return (unsigned long)(0 - NOT_COMPILED_IN); +#endif + } +#endif + #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) + int wolfSSL_num_locks(void) { return 0; @@ -16862,16 +16875,6 @@ int wolfSSL_set_compression(WOLFSSL* ssl) inner_idCb = f; } - unsigned long wolfSSL_ERR_get_error(void) - { - WOLFSSL_ENTER("wolfSSL_ERR_get_error"); -#ifdef WOLFSSL_HAVE_ERROR_QUEUE - return wc_GetErrorNodeErr(); -#else - return (unsigned long)(0 - NOT_COMPILED_IN); -#endif - } - #ifdef WOLFSSL_HAVE_ERROR_QUEUE #ifndef NO_BIO /* print out and clear all errors */ @@ -19064,7 +19067,7 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out, #endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */ -#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) +#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) || defined(HAVE_MEMCACHED) long wolfSSL_CTX_set_mode(WOLFSSL_CTX* ctx, long mode) { /* WOLFSSL_MODE_ACCEPT_MOVING_WRITE_BUFFER is wolfSSL default mode */ @@ -19120,39 +19123,7 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out, } #endif -#ifdef OPENSSL_EXTRA - - #ifndef NO_WOLFSSL_STUB - long wolfSSL_SSL_get_mode(WOLFSSL* ssl) - { - /* TODO: */ - (void)ssl; - WOLFSSL_STUB("SSL_get_mode"); - return 0; - } - #endif - - #ifndef NO_WOLFSSL_STUB - long wolfSSL_CTX_get_mode(WOLFSSL_CTX* ctx) - { - /* TODO: */ - (void)ctx; - WOLFSSL_STUB("SSL_CTX_get_mode"); - return 0; - } - #endif - - #ifndef NO_WOLFSSL_STUB - void wolfSSL_CTX_set_default_read_ahead(WOLFSSL_CTX* ctx, int m) - { - /* TODO: maybe? */ - (void)ctx; - (void)m; - WOLFSSL_STUB("SSL_CTX_set_default_read_ahead"); - } - #endif - - +#ifdef WOLFSSL_SESSION_ID_CTX /* Storing app session context id, this value is inherited by WOLFSSL * objects created from WOLFSSL_CTX. Any session that is imported with a * different session context id will be rejected. @@ -19203,6 +19174,39 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out, return WOLFSSL_SUCCESS; } +#endif + +#ifdef OPENSSL_EXTRA + + #ifndef NO_WOLFSSL_STUB + long wolfSSL_SSL_get_mode(WOLFSSL* ssl) + { + /* TODO: */ + (void)ssl; + WOLFSSL_STUB("SSL_get_mode"); + return 0; + } + #endif + + #ifndef NO_WOLFSSL_STUB + long wolfSSL_CTX_get_mode(WOLFSSL_CTX* ctx) + { + /* TODO: */ + (void)ctx; + WOLFSSL_STUB("SSL_CTX_get_mode"); + return 0; + } + #endif + + #ifndef NO_WOLFSSL_STUB + void wolfSSL_CTX_set_default_read_ahead(WOLFSSL_CTX* ctx, int m) + { + /* TODO: maybe? */ + (void)ctx; + (void)m; + WOLFSSL_STUB("SSL_CTX_set_default_read_ahead"); + } + #endif long wolfSSL_CTX_sess_get_cache_size(WOLFSSL_CTX* ctx) @@ -21873,6 +21877,18 @@ void wolfSSL_CTX_set_info_callback(WOLFSSL_CTX* ctx, } } +void wolfSSL_set_info_callback(WOLFSSL* ssl, + void (*f)(const WOLFSSL* ssl, int type, int val)) +{ + WOLFSSL_ENTER("wolfSSL_set_info_callback"); + if (ssl == NULL) { + WOLFSSL_MSG("Bad function argument"); + } + else { + ssl->CBIS = f; + } +} + unsigned long wolfSSL_ERR_peek_error(void) { @@ -24324,7 +24340,7 @@ int wolfSSL_i2d_SSL_SESSION(WOLFSSL_SESSION* sess, unsigned char** p) /* ServerID len | ServerID */ size += OPAQUE16_LEN + sess->idLen; #endif -#ifdef OPENSSL_EXTRA +#ifdef WOLFSSL_SESSION_ID_CTX /* session context ID len | session context ID */ size += OPAQUE8_LEN + sess->sessionCtxSz; #endif @@ -24404,7 +24420,7 @@ int wolfSSL_i2d_SSL_SESSION(WOLFSSL_SESSION* sess, unsigned char** p) XMEMCPY(data + idx, sess->serverID, sess->idLen); idx += sess->idLen; #endif -#ifdef OPENSSL_EXTRA +#ifdef WOLFSSL_SESSION_ID_CTX data[idx++] = sess->sessionCtxSz; XMEMCPY(data + idx, sess->sessionCtx, sess->sessionCtxSz); idx += sess->sessionCtxSz; @@ -24584,7 +24600,7 @@ WOLFSSL_SESSION* wolfSSL_d2i_SSL_SESSION(WOLFSSL_SESSION** sess, } XMEMCPY(s->serverID, data + idx, s->idLen); idx += s->idLen; #endif -#ifdef OPENSSL_EXTRA +#ifdef WOLFSSL_SESSION_ID_CTX /* byte for length of session context ID */ if (i - idx < OPAQUE8_LEN) { ret = BUFFER_ERROR; @@ -30111,7 +30127,7 @@ WOLFSSL_CTX* wolfSSL_set_SSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx) ssl->options.haveDilithiumSig = ctx->haveDilithiumSig; #endif -#ifdef OPENSSL_EXTRA +#ifdef WOLFSSL_SESSION_ID_CTX /* copy over application session context ID */ ssl->sessionCtxSz = ctx->sessionCtxSz; XMEMCPY(ssl->sessionCtx, ctx->sessionCtx, ctx->sessionCtxSz); @@ -31717,6 +31733,20 @@ int wolfSSL_SSL_in_init(WOLFSSL *ssl) return ssl->options.handShakeState != HANDSHAKE_DONE; } +int wolfSSL_SSL_in_before(const WOLFSSL *ssl) +{ + WOLFSSL_ENTER("wolfSSL_SSL_in_before"); + + if (ssl == NULL) + return WOLFSSL_FAILURE; + + if (ssl->options.side == WOLFSSL_CLIENT_END) { + return ssl->options.connectState == CONNECT_BEGIN; + } + return ssl->options.acceptState == ACCEPT_BEGIN || + ssl->options.acceptState == TLS13_ACCEPT_BEGIN; +} + int wolfSSL_SSL_in_connect_init(WOLFSSL* ssl) { WOLFSSL_ENTER("wolfSSL_SSL_in_connect_init"); diff --git a/tests/api.c b/tests/api.c index 77dff94b4a4..72a53750c68 100644 --- a/tests/api.c +++ b/tests/api.c @@ -38908,7 +38908,7 @@ static int test_wolfSSL_ERR_put_error(void) static int test_wolfSSL_ERR_get_error_order(void) { EXPECT_DECLS; -#ifdef WOLFSSL_HAVE_ERROR_QUEUE +#if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) /* Empty the queue. */ wolfSSL_ERR_clear_error(); @@ -38919,7 +38919,7 @@ static int test_wolfSSL_ERR_get_error_order(void) ExpectIntEQ(wolfSSL_ERR_get_error(), -ASN_NO_SIGNER_E); ExpectIntEQ(wolfSSL_ERR_peek_error(), -ASN_SELF_SIGNED_E); ExpectIntEQ(wolfSSL_ERR_get_error(), -ASN_SELF_SIGNED_E); -#endif /* WOLFSSL_HAVE_ERROR_QUEUE */ +#endif /* OPENSSL_EXTRA && !WOLFCRYPT_ONLY */ return EXPECT_RESULT(); } @@ -41401,6 +41401,7 @@ static int test_wolfSSL_SESSION(void) #endif ExpectIntEQ(wolfSSL_SSL_SESSION_set_timeout(sess, 500), SSL_SUCCESS); +#ifdef WOLFSSL_SESSION_ID_CTX /* fail case with miss match session context IDs (use compatibility API) */ ExpectIntEQ(SSL_set_session_id_context(ssl, context, contextSz), SSL_SUCCESS); @@ -41413,6 +41414,7 @@ static int test_wolfSSL_SESSION(void) SSL_SUCCESS); ExpectNotNull(ssl = wolfSSL_new(ctx)); ExpectIntEQ(wolfSSL_set_session(ssl, sess), SSL_FAILURE); +#endif #endif /* OPENSSL_EXTRA */ wolfSSL_free(ssl); @@ -59363,7 +59365,9 @@ static int test_wolfSSL_set_SSL_CTX(void) ExpectNotNull(ssl = wolfSSL_new(ctx2)); ExpectIntNE((wolfSSL_get_options(ssl) & WOLFSSL_OP_NO_TLSv1_3), 0); #ifdef WOLFSSL_INT_H +#ifdef WOLFSSL_SESSION_ID_CTX ExpectIntEQ(XMEMCMP(ssl->sessionCtx, session_id2, 4), 0); +#endif ExpectTrue(ssl->buffers.certificate == ctx2->certificate); ExpectTrue(ssl->buffers.certChain == ctx2->certChain); #endif @@ -59385,7 +59389,9 @@ static int test_wolfSSL_set_SSL_CTX(void) #ifdef WOLFSSL_INT_H ExpectTrue(ssl->buffers.certificate == ctx1->certificate); ExpectTrue(ssl->buffers.certChain == ctx1->certChain); +#ifdef WOLFSSL_SESSION_ID_CTX ExpectIntEQ(XMEMCMP(ssl->sessionCtx, session_id1, 4), 0); +#endif #endif wolfSSL_free(ssl); diff --git a/wolfssl/internal.h b/wolfssl/internal.h index afa75acebce..a3e3140f297 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -3622,11 +3622,13 @@ struct WOLFSSL_CTX { #if defined(OPENSSL_EXTRA) || defined(HAVE_CURL) word32 disabledCurves; /* curves disabled by user */ #endif -#ifdef OPENSSL_EXTRA +#ifdef WOLFSSL_SESSION_ID_CTX byte sessionCtx[ID_LEN]; /* app session context ID */ + byte sessionCtxSz; +#endif +#ifdef OPENSSL_EXTRA const unsigned char *alpn_cli_protos;/* ALPN client protocol list */ unsigned int alpn_cli_protos_len; - byte sessionCtxSz; byte cbioFlag; /* WOLFSSL_CBIO_RECV/SEND: CBIORecv/Send is set */ CallbackInfoState* CBIS; /* used to get info about SSL state */ WOLFSSL_X509_VERIFY_PARAM* param; /* verification parameters*/ @@ -4278,10 +4280,10 @@ struct WOLFSSL_SESSION { word16 idLen; /* serverID length */ byte serverID[SERVER_ID_LEN]; /* for easier client lookup */ #endif -#ifdef OPENSSL_EXTRA +#ifdef WOLFSSL_SESSION_ID_CTX byte sessionCtxSz; /* sessionCtx length */ byte sessionCtx[ID_LEN]; /* app specific context id */ -#endif /* OPENSSL_EXTRA */ +#endif /* WOLFSSL_SESSION_ID_CTX */ #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) byte peerVerifyRet; /* cert verify error */ #endif @@ -5412,13 +5414,16 @@ struct WOLFSSL { CipherSpecs specs; Keys keys; Options options; +#ifdef WOLFSSL_SESSION_ID_CTX + byte sessionCtx[ID_LEN]; /* app session context ID */ + byte sessionCtxSz; /* size of sessionCtx stored */ +#endif #ifdef OPENSSL_EXTRA CallbackInfoState* CBIS; /* used to get info about SSL state */ int cbmode; /* read or write on info callback */ int cbtype; /* event type in info callback */ WOLFSSL_BIO* biord; /* socket bio read to free/close */ WOLFSSL_BIO* biowr; /* socket bio write to free/close */ - byte sessionCtx[ID_LEN]; /* app session context ID */ WOLFSSL_X509_VERIFY_PARAM* param; /* verification parameters*/ #endif #if defined(OPENSSL_EXTRA) || defined(HAVE_CURL) @@ -5429,7 +5434,6 @@ struct WOLFSSL { #endif #ifdef OPENSSL_EXTRA byte readAhead; - byte sessionCtxSz; /* size of sessionCtx stored */ #ifdef HAVE_PK_CALLBACKS void* loggingCtx; /* logging callback argument */ #endif diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index 694a5fd57f1..a7cdc658061 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -925,6 +925,7 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #define SSL_CTX_set_timeout(ctx, to) \ wolfSSL_CTX_set_timeout(ctx, (unsigned int)(to)) #define SSL_CTX_set_info_callback wolfSSL_CTX_set_info_callback +#define SSL_set_info_callback wolfSSL_set_info_callback #define SSL_CTX_set_alpn_protos wolfSSL_CTX_set_alpn_protos #define SSL_CTX_keylog_cb_func wolfSSL_CTX_keylog_cb_func @@ -1550,6 +1551,7 @@ typedef WOLFSSL_SRTP_PROTECTION_PROFILE SRTP_PROTECTION_PROFILE; #define SSL_OP_SINGLE_DH_USE WOLFSSL_OP_SINGLE_DH_USE #define SSL_OP_SINGLE_ECDH_USE WOLFSSL_OP_SINGLE_ECDH_USE #define SSL_OP_CIPHER_SERVER_PREFERENCE WOLFSSL_OP_CIPHER_SERVER_PREFERENCE +#define SSL_OP_NO_RENEGOTIATION WOLFSSL_OP_NO_RENEGOTIATION #define OPENSSL_config wolfSSL_OPENSSL_config #define OPENSSL_memdup wolfSSL_OPENSSL_memdup @@ -1561,6 +1563,7 @@ typedef WOLFSSL_SRTP_PROTECTION_PROFILE SRTP_PROTECTION_PROFILE; #define SSL_get_wbio wolfSSL_SSL_get_wbio #define SSL_do_handshake wolfSSL_SSL_do_handshake #define SSL_in_init wolfSSL_SSL_in_init +#define SSL_in_before wolfSSL_SSL_in_before #define SSL_in_connect_init wolfSSL_SSL_in_connect_init #define SSL_get0_session wolfSSL_SSL_get0_session #define SSL_CTX_set_tlsext_ticket_key_cb wolfSSL_CTX_set_tlsext_ticket_key_cb diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index b7c6f960a19..befc289673b 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -2160,6 +2160,8 @@ WOLFSSL_API void *wolfSSL_CTX_get_default_passwd_cb_userdata(WOLFSSL_CTX *ctx); WOLFSSL_API void wolfSSL_CTX_set_info_callback(WOLFSSL_CTX* ctx, void (*f)(const WOLFSSL* ssl, int type, int val)); +WOLFSSL_API void wolfSSL_set_info_callback(WOLFSSL* ssl, + void (*f)(const WOLFSSL* ssl, int type, int val)); WOLFSSL_API unsigned long wolfSSL_ERR_peek_error(void); WOLFSSL_API int wolfSSL_GET_REASON(int); @@ -2282,6 +2284,7 @@ enum { WOLFSSL_OP_NO_COMPRESSION = 0x10000000, WOLFSSL_OP_NO_TLSv1_3 = 0x20000000, WOLFSSL_OP_NO_SSLv2 = 0x40000000, + WOLFSSL_OP_NO_RENEGOTIATION = 0x80000000, WOLFSSL_OP_ALL = (WOLFSSL_OP_MICROSOFT_SESS_ID_BUG | WOLFSSL_OP_NETSCAPE_CHALLENGE_BUG @@ -4923,6 +4926,7 @@ WOLFSSL_API int wolfSSL_SSL_in_init(const WOLFSSL* ssl); #else WOLFSSL_API int wolfSSL_SSL_in_init(WOLFSSL* ssl); #endif +WOLFSSL_API int wolfSSL_SSL_in_before(const WOLFSSL* ssl); WOLFSSL_API int wolfSSL_SSL_in_connect_init(WOLFSSL* ssl); #ifndef NO_SESSION_CACHE diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index 6a804c656b4..a4c515d7354 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -2695,6 +2695,9 @@ extern void uITRON4_free(void *p) ; #ifdef OPENSSL_EXTRA #undef OPENSSL_EXTRA_X509_SMALL #define OPENSSL_EXTRA_X509_SMALL + + #undef WOLFSSL_SESSION_ID_CTX + #define WOLFSSL_SESSION_ID_CTX #endif /* OPENSSL_EXTRA */ /* support for converting DER to PEM */ From 7c7944c254dbbb665454d6e6b12338545f3e5562 Mon Sep 17 00:00:00 2001 From: Kareem Date: Mon, 5 Jun 2023 10:39:58 -0700 Subject: [PATCH 2/8] Include required defines for memcached. --- wolfssl/ssl.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index befc289673b..31b44917ff3 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -2300,7 +2300,7 @@ enum { }; #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \ - defined(HAVE_WEBSERVER) + defined(HAVE_WEBSERVER) || defined(HAVE_MEMCACHED) /* for compatibility these must be macros */ #define SSL_OP_MICROSOFT_SESS_ID_BUG WOLFSSL_OP_MICROSOFT_SESS_ID_BUG From ea5caa9f0db4952c4445a0ca697a772b58d9e672 Mon Sep 17 00:00:00 2001 From: Kareem Date: Fri, 23 Jun 2023 15:30:26 -0700 Subject: [PATCH 3/8] Revert unit test fix, no longer needed. --- tests/api.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/api.c b/tests/api.c index 72a53750c68..e4fa4c04190 100644 --- a/tests/api.c +++ b/tests/api.c @@ -38908,7 +38908,7 @@ static int test_wolfSSL_ERR_put_error(void) static int test_wolfSSL_ERR_get_error_order(void) { EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) +#ifdef WOLFSSL_HAVE_ERROR_QUEUE /* Empty the queue. */ wolfSSL_ERR_clear_error(); @@ -38919,7 +38919,7 @@ static int test_wolfSSL_ERR_get_error_order(void) ExpectIntEQ(wolfSSL_ERR_get_error(), -ASN_NO_SIGNER_E); ExpectIntEQ(wolfSSL_ERR_peek_error(), -ASN_SELF_SIGNED_E); ExpectIntEQ(wolfSSL_ERR_get_error(), -ASN_SELF_SIGNED_E); -#endif /* OPENSSL_EXTRA && !WOLFCRYPT_ONLY */ +#endif /* WOLFSSL_HAVE_ERROR_QUEUE */ return EXPECT_RESULT(); } From 40d03087405240e9a7b3c2ab6b2b1e5647c7296a Mon Sep 17 00:00:00 2001 From: Kareem Date: Fri, 14 Jul 2023 17:12:20 -0700 Subject: [PATCH 4/8] Add Github actions test for memcached. Stop defining DEBUG_WOLFSSL_VERBOSE for memcached. --- .github/workflows/main.yml | 2 + .github/workflows/memcached.yml | 82 +++++++++++++++++++++++++++++++++ configure.ac | 2 +- tests/api.c | 4 +- wolfcrypt/src/logging.c | 5 +- wolfssl/wolfcrypt/logging.h | 7 +-- 6 files changed, 94 insertions(+), 8 deletions(-) create mode 100644 .github/workflows/memcached.yml diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index dd550a9c870..7f570aea729 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -36,6 +36,8 @@ jobs: uses: ./.github/workflows/curl.yml krb5: uses: ./.github/workflows/krb5.yml + memcached: + uses: ./.github/workflows/memcached.yml # TODO: Currently this test fails. Enable it once it becomes passing. # haproxy: # uses: ./.github/workflows/haproxy.yml diff --git a/.github/workflows/memcached.yml b/.github/workflows/memcached.yml new file mode 100644 index 00000000000..907f9ffc33b --- /dev/null +++ b/.github/workflows/memcached.yml @@ -0,0 +1,82 @@ +name: memcached Tests + +on: + workflow_call: + +jobs: + build_wolfssl: + name: Build wolfSSL + # Just to keep it the same as the testing target + runs-on: ubuntu-latest + steps: + - name: Build wolfSSL + uses: wolfSSL/actions-build-autotools-project@v1 + with: + path: wolfssl + configure: --enable-memcached + install: true + + - name: Upload built lib + uses: actions/upload-artifact@v3 + with: + name: wolf-install-memcached + path: build-dir + retention-days: 1 + + memcached_check: + strategy: + fail-fast: false + matrix: + # List of releases to test + include: + - ref: 1.6.19 + name: ${{ matrix.ref }} + runs-on: ubuntu-latest + needs: build_wolfssl + steps: + - name: Download lib + uses: actions/download-artifact@v3 + with: + name: wolf-install-memcached + path: build-dir + + - name: Checkout OSP + uses: actions/checkout@v3 + with: + # TODO: Change to upstream wolfssl/osp once merged + repository: kareem-wolfssl/osp + ref: memcached + path: osp + + - name: Install dependencies + run: | + export DEBIAN_FRONTEND=noninteractive + sudo apt-get update + sudo apt-get install -y libev-dev automake pkg-config make + + - name: Checkout memcached + uses: actions/checkout@v3 + with: + repository: memcached/memcached + ref: 1.6.19 + path: memcached + + - name: Configure and build memcached + run: | + cd $GITHUB_WORKSPACE/memcached/ + patch -p1 < $GITHUB_WORKSPACE/osp/memcached/memcached_1.6.19.patch + ./autogen.sh + ./configure --enable-wolfssl + make -j$(nproc) + + - name: Confirm memcached built with wolfSSL + working-directory: ./memcached + run: | + export LD_LIBRARY_PATH=$GITHUB_WORKSPACE/build-dir/lib:$LD_LIBRARY_PATH + ldd memcached | grep wolfssl + + - name: Run memcached tests + working-directory: ./memcached + run: | + export LD_LIBRARY_PATH=$GITHUB_WORKSPACE/build-dir/lib:$LD_LIBRARY_PATH + make -j$(nproc) test \ No newline at end of file diff --git a/configure.ac b/configure.ac index b1508ef809b..5eeef7916af 100644 --- a/configure.ac +++ b/configure.ac @@ -6166,7 +6166,7 @@ fi if test "$ENABLED_MEMCACHED" = "yes" then - AM_CFLAGS="$AM_CFLAGS -DDEBUG_WOLFSSL_VERBOSE -DWOLFSSL_SESSION_ID_CTX" + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SESSION_ID_CTX" AM_CFLAGS="$AM_CFLAGS -DHAVE_EXT_CACHE -DHAVE_MEMCACHED" fi diff --git a/tests/api.c b/tests/api.c index e4fa4c04190..44b00b31f6c 100644 --- a/tests/api.c +++ b/tests/api.c @@ -38908,7 +38908,7 @@ static int test_wolfSSL_ERR_put_error(void) static int test_wolfSSL_ERR_get_error_order(void) { EXPECT_DECLS; -#ifdef WOLFSSL_HAVE_ERROR_QUEUE +#if defined(WOLFSSL_HAVE_ERROR_QUEUE) && defined(OPENSSL_EXTRA) /* Empty the queue. */ wolfSSL_ERR_clear_error(); @@ -38919,7 +38919,7 @@ static int test_wolfSSL_ERR_get_error_order(void) ExpectIntEQ(wolfSSL_ERR_get_error(), -ASN_NO_SIGNER_E); ExpectIntEQ(wolfSSL_ERR_peek_error(), -ASN_SELF_SIGNED_E); ExpectIntEQ(wolfSSL_ERR_get_error(), -ASN_SELF_SIGNED_E); -#endif /* WOLFSSL_HAVE_ERROR_QUEUE */ +#endif /* WOLFSSL_HAVE_ERROR_QUEUE && OPENSSL_EXTRA */ return EXPECT_RESULT(); } diff --git a/wolfcrypt/src/logging.c b/wolfcrypt/src/logging.c index 080d9a678ff..d55a18bf8bb 100644 --- a/wolfcrypt/src/logging.c +++ b/wolfcrypt/src/logging.c @@ -430,7 +430,7 @@ WOLFSSL_API int WOLFSSL_IS_DEBUG_ON(void) #endif /* !WOLFSSL_DEBUG_ERRORS_ONLY */ #endif /* DEBUG_WOLFSSL */ -#if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE) +#if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE) || defined(HAVE_MEMCACHED) #ifdef WOLFSSL_HAVE_ERROR_QUEUE @@ -1450,7 +1450,8 @@ void wc_ERR_print_errors_fp(XFILE fp) #endif /* !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM) */ -#endif /* defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE) */ +#endif /* defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE) + || defined(HAVE_MEMCACHED) */ /* * When using OPENSSL_EXTRA or DEBUG_WOLFSSL_VERBOSE macro then WOLFSSL_ERROR is diff --git a/wolfssl/wolfcrypt/logging.h b/wolfssl/wolfcrypt/logging.h index 914667266ae..f7beefe9d4e 100644 --- a/wolfssl/wolfcrypt/logging.h +++ b/wolfssl/wolfcrypt/logging.h @@ -107,11 +107,12 @@ WOLFSSL_API void wolfSSL_Debugging_OFF(void); #if (defined(OPENSSL_EXTRA) && !defined(_WIN32) && \ - !defined(NO_ERROR_QUEUE)) || defined(DEBUG_WOLFSSL_VERBOSE) + !defined(NO_ERROR_QUEUE)) || defined(DEBUG_WOLFSSL_VERBOSE) \ + || defined(HAVE_MEMCACHED) #define WOLFSSL_HAVE_ERROR_QUEUE #endif -#if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE) +#if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE) || defined(HAVE_MEMCACHED) WOLFSSL_LOCAL int wc_LoggingInit(void); WOLFSSL_LOCAL int wc_LoggingCleanup(void); WOLFSSL_LOCAL int wc_AddErrorNode(int error, int line, char* buf, @@ -133,7 +134,7 @@ WOLFSSL_API void wolfSSL_Debugging_OFF(void); WOLFSSL_API void wc_ERR_print_errors_cb(int (*cb)(const char *str, size_t len, void *u), void *u); #endif -#endif /* OPENSSL_EXTRA || DEBUG_WOLFSSL_VERBOSE */ +#endif /* OPENSSL_EXTRA || DEBUG_WOLFSSL_VERBOSE || HAVE_MEMCACHED */ #ifdef WOLFSSL_FUNC_TIME /* WARNING: This code is only to be used for debugging performance. From 62bd108f1163f7094d62fc97f7d2e03f99cfed7c Mon Sep 17 00:00:00 2001 From: Kareem Date: Thu, 27 Jul 2023 15:35:19 -0700 Subject: [PATCH 5/8] Hopefully fix memcached test dependency --- .github/workflows/memcached.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/memcached.yml b/.github/workflows/memcached.yml index 907f9ffc33b..63b40c8a2e0 100644 --- a/.github/workflows/memcached.yml +++ b/.github/workflows/memcached.yml @@ -52,7 +52,7 @@ jobs: run: | export DEBIAN_FRONTEND=noninteractive sudo apt-get update - sudo apt-get install -y libev-dev automake pkg-config make + sudo apt-get install -y libevent-dev automake pkg-config make - name: Checkout memcached uses: actions/checkout@v3 From 791a435292783ceef300e6b24459a51b3629ed9c Mon Sep 17 00:00:00 2001 From: Kareem Date: Thu, 27 Jul 2023 15:36:07 -0700 Subject: [PATCH 6/8] DO NOT MERGE: test only memcached --- .github/workflows/main.yml | 52 +++++++++++++++++++------------------- 1 file changed, 26 insertions(+), 26 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 7f570aea729..e976e3adca1 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -10,32 +10,32 @@ on: branches: [ '*' ] jobs: - espressif: - uses: ./.github/workflows/docker-Espressif.yml - multi-compiler: - uses: ./.github/workflows/multi-compiler.yml - openwrt: - uses: ./.github/workflows/docker-OpenWrt.yml - os-check: - uses: ./.github/workflows/os-check.yml - async: - uses: ./.github/workflows/async.yml - stunnel: - uses: ./.github/workflows/stunnel.yml - openvpn: - uses: ./.github/workflows/openvpn.yml - hostap: - uses: ./.github/workflows/hostap.yml - nginx: - uses: ./.github/workflows/nginx.yml - zephyr: - uses: ./.github/workflows/zephyr.yml - hitch: - uses: ./.github/workflows/hitch.yml - curl: - uses: ./.github/workflows/curl.yml - krb5: - uses: ./.github/workflows/krb5.yml + # espressif: + # uses: ./.github/workflows/docker-Espressif.yml + # multi-compiler: + # uses: ./.github/workflows/multi-compiler.yml + # openwrt: + # uses: ./.github/workflows/docker-OpenWrt.yml + # os-check: + # uses: ./.github/workflows/os-check.yml + # async: + # uses: ./.github/workflows/async.yml + # stunnel: + # uses: ./.github/workflows/stunnel.yml + # openvpn: + # uses: ./.github/workflows/openvpn.yml + # hostap: + # uses: ./.github/workflows/hostap.yml + # nginx: + # uses: ./.github/workflows/nginx.yml + # zephyr: + # uses: ./.github/workflows/zephyr.yml + # hitch: + # uses: ./.github/workflows/hitch.yml + # curl: + # uses: ./.github/workflows/curl.yml + # krb5: + # uses: ./.github/workflows/krb5.yml memcached: uses: ./.github/workflows/memcached.yml # TODO: Currently this test fails. Enable it once it becomes passing. From 072865f2affe22590357749cdbf4751ff52a3e27 Mon Sep 17 00:00:00 2001 From: Kareem Date: Thu, 27 Jul 2023 15:46:08 -0700 Subject: [PATCH 7/8] Specify wolfSSL path for memcached configure --- .github/workflows/memcached.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/memcached.yml b/.github/workflows/memcached.yml index 63b40c8a2e0..0fb6b67a88c 100644 --- a/.github/workflows/memcached.yml +++ b/.github/workflows/memcached.yml @@ -66,7 +66,7 @@ jobs: cd $GITHUB_WORKSPACE/memcached/ patch -p1 < $GITHUB_WORKSPACE/osp/memcached/memcached_1.6.19.patch ./autogen.sh - ./configure --enable-wolfssl + ./configure --enable-wolfssl --with-wolfssl=$GITHUB_WORKSPACE/build-dir make -j$(nproc) - name: Confirm memcached built with wolfSSL From f01c90135d801c5b7784e6ecfa7115d9cecb5702 Mon Sep 17 00:00:00 2001 From: Kareem Date: Thu, 27 Jul 2023 15:57:01 -0700 Subject: [PATCH 8/8] test --- .github/workflows/memcached.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/memcached.yml b/.github/workflows/memcached.yml index 0fb6b67a88c..8562e974361 100644 --- a/.github/workflows/memcached.yml +++ b/.github/workflows/memcached.yml @@ -66,7 +66,7 @@ jobs: cd $GITHUB_WORKSPACE/memcached/ patch -p1 < $GITHUB_WORKSPACE/osp/memcached/memcached_1.6.19.patch ./autogen.sh - ./configure --enable-wolfssl --with-wolfssl=$GITHUB_WORKSPACE/build-dir + ./configure --with-wolfssl=$GITHUB_WORKSPACE/build-dir make -j$(nproc) - name: Confirm memcached built with wolfSSL