-
Notifications
You must be signed in to change notification settings - Fork 3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ssl: Fix stateless ticket in_window comparison #6019
ssl: Fix stateless ticket in_window comparison #6019
Conversation
CT Test Results 2 files 64 suites 47m 43s ⏱️ Results for commit 612fe8f. ♻️ This comment has been updated with latest results. To speed up review, make sure that you have read Contributing to Erlang/OTP and that all checks pass. See the TESTING and DEVELOPMENT HowTo guides for details about how to run test locally. Artifacts// Erlang/OTP Github Action Bot |
Your test case actually fails on some of our test machines. It might be due to making the window size smaller the possibility for false negatives become higher. There actually is no guarantee with stateless tickets that all valid tickets will be considered valid and used. I think this section of the RFC is what we should go on is:
I do not think our implementation takes estimated round trip time into account, and that is probably what we want. But I do not have an immediate good idea of how to best do that. |
Wouldn't adding the estimated round-trip time be considered an enhancement? As it stands, this fix is to implement the original intention of the code, because the anti-replay mechanism is unusable in its current state. Currently the deviation from the RFC is that we calculate Regarding the point that not all valid tickets will be considered valid and used. I'm assuming this is induced by the bloom filter that is used to validate tickets. Doesn't that imply that each test-case for valid tickets should be ran multiple times and expected to pass x% of times (97% with the default bloom filter values)? Alternatively the tests could be ran with a deterministic data structure for the ticket validation storage, but that is I believe a big rework and requires explicit testing of the bloom filter (I think it's only indirectly tested right now).
Regarding my original concern about the clock drift time:
Regarding this specific PR, I originally reduced the window_size to keep the test execution time down. I could try tweaking the |
I would like clarify discussion in related issue #6014 , before proceeding with this PR. |
@peterdmv wrote:
I'm not sure how to read that. Examples provided in issue discussion are Other comments
|
I've added more tests for anti_replay in #6055. I hope you will adjust it in this PR, once I merge PR-6055 to master (plan to do it within a day or two). This will be needed:
|
52d334e
to
3d1b225
Compare
Let me know once #6055 is merged and I can make the suggested changes |
#6055 is merged. please rebase and fix the |
61494f0
to
6360074
Compare
I rebased on master and updated the testcase from #6055, what do you think about the testcases that I wrote originally in this PR, the new testcases you added test the same thing @u3s?
I think comments surrounding the checks with references to the RFC would be fine by me. Do you want me to cover this?
Do you want me to add it to this PR? |
I'm fine with leaving them as your tests are more of a white box tests. My recent addition is more end2end.
yes please.
yes, if not a problem for you to make a small adjustment. Maybe its a matter of adding ClientHello around "freshness checks" - to indicate what we're recording and checking with anti_replay - I'm looking here. |
6360074
to
b3618af
Compare
I did some slight documentation updates, but it is kind of adressed here: https://www.erlang.org/doc/apps/ssl/using_ssl.html#anti-replay-protection-in-tls-1.3 |
If a stateless ticket is older than the WindowSize of the bloom filter then it will be rejected. By subtracting the ReportedAge from the RealAge we have the DeltaAge, which will become too large during a replay. Previously the absolute age of the ticket was being used.
b3618af
to
612fe8f
Compare
thanks for contribution! |
If a stateless ticket is older than the WindowSize of the bloom filter
then it will be rejected. By subtracting the ReportedAge from the
RealAge we have the drift time, which should become too large during
a replay. Previously the absolute age of the ticket was being used.
Fixes #6014