From 0e8320347c7906384e38ddba2352ea77fef8f831 Mon Sep 17 00:00:00 2001 From: Juliusz Sosinowicz Date: Mon, 2 Dec 2024 16:16:33 +0100 Subject: [PATCH 1/5] CID also supported in DTLS 1.2 --- configure.ac | 4 ---- wolfssl/wolfcrypt/settings.h | 4 ---- 2 files changed, 8 deletions(-) diff --git a/configure.ac b/configure.ac index 24775bd1b3..3afab60637 100644 --- a/configure.ac +++ b/configure.ac @@ -5018,10 +5018,6 @@ AC_ARG_ENABLE([dtlscid], ) if test "x$ENABLED_DTLS_CID" = "xyes" then - if test "x$ENABLED_DTLS13" != "xyes" - then - AC_MSG_ERROR([You need to enable DTLSv1.3 to use DTLS ConnectionID]) - fi AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DTLS_CID" fi diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index d5459ae3b9..19bb50ed13 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -4138,10 +4138,6 @@ extern void uITRON4_free(void *p) ; #error "DTLS v1.3 requires both WOLFSSL_TLS13 and WOLFSSL_DTLS" #endif -#if defined(WOLFSSL_DTLS_CID) && !defined(WOLFSSL_DTLS13) -#error "ConnectionID is supported for DTLSv1.3 only" -#endif - #if defined(WOLFSSL_QUIC) && defined(WOLFSSL_CALLBACKS) #error WOLFSSL_QUIC is incompatible with WOLFSSL_CALLBACKS. #endif From 0961be7711f9b1cb49f09470791b0c2c4389e7f0 Mon Sep 17 00:00:00 2001 From: Juliusz Sosinowicz Date: Tue, 3 Dec 2024 11:49:40 +0100 Subject: [PATCH 2/5] Add CID interop with mbedtls --- .github/workflows/hostap-vm.yml | 4 +- .github/workflows/mbedtls.sh | 77 +++++++++++++++++++++++++++++ .github/workflows/mbedtls.yml | 86 +++++++++++++++++++++++++++++++++ 3 files changed, 165 insertions(+), 2 deletions(-) create mode 100644 .github/workflows/mbedtls.sh create mode 100644 .github/workflows/mbedtls.yml diff --git a/.github/workflows/hostap-vm.yml b/.github/workflows/hostap-vm.yml index 4c52175d46..675bc48032 100644 --- a/.github/workflows/hostap-vm.yml +++ b/.github/workflows/hostap-vm.yml @@ -13,7 +13,7 @@ concurrency: # END OF COMMON SECTION env: - LINUX_REF: v6.6 + LINUX_REF: v6.12 jobs: build_wolfssl: @@ -91,6 +91,7 @@ jobs: with: repository: torvalds/linux path: linux + ref: ${{ env.LINUX_REF }} - name: Compile linux if: steps.cache.outputs.cache-hit != 'true' @@ -141,7 +142,6 @@ jobs: build_id: hostap-vm-build2 } name: hwsim test - # For openssl 1.1 if: github.repository_owner == 'wolfssl' runs-on: ubuntu-latest # This should be a safe limit for the tests to run. diff --git a/.github/workflows/mbedtls.sh b/.github/workflows/mbedtls.sh new file mode 100644 index 0000000000..335ff352f3 --- /dev/null +++ b/.github/workflows/mbedtls.sh @@ -0,0 +1,77 @@ +set -e +set -x + +# Basic TLS test +./mbedtls/build/programs/ssl/ssl_server2 2>&1 > /tmp/server.log & +SERVER_PID=$! +sleep 0.1 +./mbedtls/build/programs/ssl/ssl_client2 # Confirm working with mbed +env -C wolfssl ./examples/client/client -p 4433 -g \ + -A ../mbedtls/framework/data_files/test-ca-sha256.crt \ + -c ../mbedtls/framework/data_files/cli-rsa-sha256.crt \ + -k ../mbedtls/framework/data_files/cli-rsa-sha256.key.pem +kill $SERVER_PID +sleep 0.1 +env -C wolfssl ./examples/server/server -p 4433 -i -g \ + -A ../mbedtls/framework/data_files/test-ca-sha256.crt \ + -c ../mbedtls/framework/data_files/server2-sha256.crt \ + -k ../mbedtls/framework/data_files/server2.key.pem 2>&1 > /tmp/server.log & +SERVER_PID=$! +sleep 0.1 +./mbedtls/build/programs/ssl/ssl_client2 +env -C wolfssl ./examples/client/client -p 4433 -g \ + -A ../mbedtls/framework/data_files/test-ca-sha256.crt \ + -c ../mbedtls/framework/data_files/cli-rsa-sha256.crt \ + -k ../mbedtls/framework/data_files/cli-rsa-sha256.key.pem +kill $SERVER_PID +sleep 0.1 + +# Basic DTLS test +./mbedtls/build/programs/ssl/ssl_server2 dtls=1 2>&1 > /tmp/server.log & +SERVER_PID=$! +sleep 0.1 +./mbedtls/build/programs/ssl/ssl_client2 dtls=1 # Confirm working with mbed +env -C wolfssl ./examples/client/client -p 4433 -g -u \ + -A ../mbedtls/framework/data_files/test-ca-sha256.crt \ + -c ../mbedtls/framework/data_files/cli-rsa-sha256.crt \ + -k ../mbedtls/framework/data_files/cli-rsa-sha256.key.pem +kill $SERVER_PID +sleep 0.1 +env -C wolfssl ./examples/server/server -p 4433 -i -g -u \ + -A ../mbedtls/framework/data_files/test-ca-sha256.crt \ + -c ../mbedtls/framework/data_files/server2-sha256.crt \ + -k ../mbedtls/framework/data_files/server2.key.pem 2>&1 > /tmp/server.log & +SERVER_PID=$! +sleep 0.1 +env -C wolfssl ./examples/client/client -p 4433 -g -u \ + -A ../mbedtls/framework/data_files/test-ca-sha256.crt \ + -c ../mbedtls/framework/data_files/cli-rsa-sha256.crt \ + -k ../mbedtls/framework/data_files/cli-rsa-sha256.key.pem +./mbedtls/build/programs/ssl/ssl_client2 dtls=1 +kill $SERVER_PID +sleep 0.1 + +# DTLS 1.2 CID test +./mbedtls/build/programs/ssl/ssl_server2 dtls=1 cid=1 cid_val=121212 2>&1 > /tmp/server.log & +SERVER_PID=$! +sleep 0.1 +./mbedtls/build/programs/ssl/ssl_client2 dtls=1 cid=1 cid_val=232323 # Confirm working with mbed +env -C wolfssl ./examples/client/client -p 4433 -g -u --cid 232323 \ + -A ../mbedtls/framework/data_files/test-ca-sha256.crt \ + -c ../mbedtls/framework/data_files/cli-rsa-sha256.crt \ + -k ../mbedtls/framework/data_files/cli-rsa-sha256.key.pem +kill $SERVER_PID +sleep 0.1 +env -C wolfssl ./examples/server/server -p 4433 -i -g -u --cid 121212 \ + -A ../mbedtls/framework/data_files/test-ca-sha256.crt \ + -c ../mbedtls/framework/data_files/server2-sha256.crt \ + -k ../mbedtls/framework/data_files/server2.key.pem 2>&1 > /tmp/server.log & +SERVER_PID=$! +sleep 0.1 +./mbedtls/build/programs/ssl/ssl_client2 dtls=1 cid_val=232323 +env -C wolfssl ./examples/client/client -p 4433 -g -u --cid 232323 \ + -A ../mbedtls/framework/data_files/test-ca-sha256.crt \ + -c ../mbedtls/framework/data_files/cli-rsa-sha256.crt \ + -k ../mbedtls/framework/data_files/cli-rsa-sha256.key.pem +kill $SERVER_PID +sleep 0.1 diff --git a/.github/workflows/mbedtls.yml b/.github/workflows/mbedtls.yml new file mode 100644 index 0000000000..194a1be804 --- /dev/null +++ b/.github/workflows/mbedtls.yml @@ -0,0 +1,86 @@ +name: mbedtls interop Tests + +# START OF COMMON SECTION +on: + push: + branches: [ 'master', 'main', 'release/**' ] + pull_request: + branches: [ '*' ] + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true +# END OF COMMON SECTION + +env: + MBED_REF: v3.6.2 + +jobs: + build_mbedtls: + name: Build mbedtls + if: github.repository_owner == 'wolfssl' + runs-on: ubuntu-latest + # This should be a safe limit for the tests to run. + timeout-minutes: 10 + steps: + - name: Checking if we have mbed in cache + uses: actions/cache@v4 + id: cache + with: + path: mbedtls + key: ${{ env.MBED_REF }} + lookup-only: true + + - name: Checkout mbedtls + if: steps.cache.outputs.cache-hit != 'true' + uses: actions/checkout@v4 + with: + repository: Mbed-TLS/mbedtls + ref: ${{ env.MBED_REF }} + path: mbedtls + + - name: Compile mbedtls + if: steps.cache.outputs.cache-hit != 'true' + working-directory: mbedtls + run: | + git submodule update --init + mkdir build + cd build + cmake .. + make -j + # convert key to pem format + openssl pkey -in framework/data_files/cli-rsa-sha256.key.der -text > framework/data_files/cli-rsa-sha256.key.pem + openssl pkey -in framework/data_files/server2.key.der -text > framework/data_files/server2.key.pem + + mbedtls_test: + name: Test interop with mbedtls + runs-on: ubuntu-latest + needs: build_mbedtls + timeout-minutes: 10 + if: github.repository_owner == 'wolfssl' + steps: + - name: Disable IPv6 (IMPORTANT, OTHERWISE DTLS MBEDTLS CLIENT WON'T CONNECT) + run: echo 1 | sudo tee /proc/sys/net/ipv6/conf/lo/disable_ipv6 + + - name: Checking if we have mbed in cache + uses: actions/cache/restore@v4 + id: cache + with: + path: mbedtls + key: ${{ env.MBED_REF }} + fail-on-cache-miss: true + + - name: Build wolfSSL + uses: wolfSSL/actions-build-autotools-project@v1 + with: + path: wolfssl + configure: --enable-dtls --enable-dtlscid + install: false + check: false + + - name: Test interop + run: bash wolfssl/.github/workflows/mbedtls.sh + + - name: print server logs + if: ${{ failure() }} + run: cat /tmp/server.log From 3275ebf54bf8f22cc3c4ca580208c49f2b17e748 Mon Sep 17 00:00:00 2001 From: Juliusz Sosinowicz Date: Wed, 4 Dec 2024 17:23:56 +0100 Subject: [PATCH 3/5] add shebang --- .github/workflows/mbedtls.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/mbedtls.sh b/.github/workflows/mbedtls.sh index 335ff352f3..c2c99e90e7 100644 --- a/.github/workflows/mbedtls.sh +++ b/.github/workflows/mbedtls.sh @@ -1,3 +1,5 @@ +#!/usr/bin/env bash + set -e set -x From a3be82689585a7a53f76f98ab6b9bc13fc3debb5 Mon Sep 17 00:00:00 2001 From: Juliusz Sosinowicz Date: Wed, 4 Dec 2024 20:13:44 +0100 Subject: [PATCH 4/5] use unique key --- .github/workflows/mbedtls.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/mbedtls.yml b/.github/workflows/mbedtls.yml index 194a1be804..f9830fcf6e 100644 --- a/.github/workflows/mbedtls.yml +++ b/.github/workflows/mbedtls.yml @@ -28,7 +28,7 @@ jobs: id: cache with: path: mbedtls - key: ${{ env.MBED_REF }} + key: mbedtls-${{ env.MBED_REF }} lookup-only: true - name: Checkout mbedtls @@ -67,7 +67,7 @@ jobs: id: cache with: path: mbedtls - key: ${{ env.MBED_REF }} + key: mbedtls-${{ env.MBED_REF }} fail-on-cache-miss: true - name: Build wolfSSL From aa662ad50abd9e2610ad0300d1c63dbcac402933 Mon Sep 17 00:00:00 2001 From: Juliusz Sosinowicz Date: Mon, 9 Dec 2024 12:41:16 +0100 Subject: [PATCH 5/5] fix redirect order --- .github/workflows/mbedtls.sh | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/mbedtls.sh b/.github/workflows/mbedtls.sh index c2c99e90e7..d199fd2e3d 100644 --- a/.github/workflows/mbedtls.sh +++ b/.github/workflows/mbedtls.sh @@ -4,7 +4,7 @@ set -e set -x # Basic TLS test -./mbedtls/build/programs/ssl/ssl_server2 2>&1 > /tmp/server.log & +./mbedtls/build/programs/ssl/ssl_server2 > /tmp/server.log 2>&1 & SERVER_PID=$! sleep 0.1 ./mbedtls/build/programs/ssl/ssl_client2 # Confirm working with mbed @@ -17,7 +17,7 @@ sleep 0.1 env -C wolfssl ./examples/server/server -p 4433 -i -g \ -A ../mbedtls/framework/data_files/test-ca-sha256.crt \ -c ../mbedtls/framework/data_files/server2-sha256.crt \ - -k ../mbedtls/framework/data_files/server2.key.pem 2>&1 > /tmp/server.log & + -k ../mbedtls/framework/data_files/server2.key.pem > /tmp/server.log 2>&1 & SERVER_PID=$! sleep 0.1 ./mbedtls/build/programs/ssl/ssl_client2 @@ -29,7 +29,7 @@ kill $SERVER_PID sleep 0.1 # Basic DTLS test -./mbedtls/build/programs/ssl/ssl_server2 dtls=1 2>&1 > /tmp/server.log & +./mbedtls/build/programs/ssl/ssl_server2 dtls=1 > /tmp/server.log 2>&1 & SERVER_PID=$! sleep 0.1 ./mbedtls/build/programs/ssl/ssl_client2 dtls=1 # Confirm working with mbed @@ -42,7 +42,7 @@ sleep 0.1 env -C wolfssl ./examples/server/server -p 4433 -i -g -u \ -A ../mbedtls/framework/data_files/test-ca-sha256.crt \ -c ../mbedtls/framework/data_files/server2-sha256.crt \ - -k ../mbedtls/framework/data_files/server2.key.pem 2>&1 > /tmp/server.log & + -k ../mbedtls/framework/data_files/server2.key.pem > /tmp/server.log 2>&1 & SERVER_PID=$! sleep 0.1 env -C wolfssl ./examples/client/client -p 4433 -g -u \ @@ -54,7 +54,7 @@ kill $SERVER_PID sleep 0.1 # DTLS 1.2 CID test -./mbedtls/build/programs/ssl/ssl_server2 dtls=1 cid=1 cid_val=121212 2>&1 > /tmp/server.log & +./mbedtls/build/programs/ssl/ssl_server2 dtls=1 cid=1 cid_val=121212 > /tmp/server.log 2>&1 & SERVER_PID=$! sleep 0.1 ./mbedtls/build/programs/ssl/ssl_client2 dtls=1 cid=1 cid_val=232323 # Confirm working with mbed @@ -67,7 +67,7 @@ sleep 0.1 env -C wolfssl ./examples/server/server -p 4433 -i -g -u --cid 121212 \ -A ../mbedtls/framework/data_files/test-ca-sha256.crt \ -c ../mbedtls/framework/data_files/server2-sha256.crt \ - -k ../mbedtls/framework/data_files/server2.key.pem 2>&1 > /tmp/server.log & + -k ../mbedtls/framework/data_files/server2.key.pem > /tmp/server.log 2>&1 & SERVER_PID=$! sleep 0.1 ./mbedtls/build/programs/ssl/ssl_client2 dtls=1 cid_val=232323