QUIC support for wolfSSL #5384
Merged
QUIC support for wolfSSL #5384
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Can one of the wolfSSL admins verify this patch? |
|
OK to test |
|
I have no access to the 2 last failing test suites. So, if someone could figure out what is needed to have them pass, let me know. |
|
Thank you! The latest addition fixes that for me. Let's see what CI says. Also as a note, if I configure I get failures in ocsp-stapling and unit.tests, but after some research I found that those also happen in master. Just FYI. |
dgarske
requested changes
Jul 26, 2022
There was a problem hiding this comment.
Some minor cast warnings:
./configure CC=g++ --enable-quic
In file included from tests/quic.c:29:
tests/quic.c: In function ‘int test_quic_crypt()’:
./wolfssl/wolfcrypt/types.h:508:67: error: invalid conversion from ‘void*’ to ‘uint8_t*’ {aka ‘unsigned char*’} [-fpermissive]
508 | #define XMALLOC(s, h, t) ((void)(h), (void)(t), wolfSSL_Malloc((s)))
| ~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~
| |
| void*
./tests/unit.h:52:49: note: in definition of macro ‘Assert’
52 | #define Assert(test, description, result) if (!(test)) Fail(description, result)
| ^~~~
tests/quic.c:353:9: note: in expansion of macro ‘AssertNotNull’
353 | AssertNotNull(encrypted = XMALLOC(enc_len, NULL, DYNAMIC_TYPE_TMP_BUFFER));
| ^~~~~~~~~~~~~
tests/quic.c:353:35: note: in expansion of macro ‘XMALLOC’
353 | AssertNotNull(encrypted = XMALLOC(enc_len, NULL, DYNAMIC_TYPE_TMP_BUFFER));
| ^~~~~~~
./wolfssl/wolfcrypt/types.h:508:67: error: invalid conversion from ‘void*’ to ‘uint8_t*’ {aka ‘unsigned char*’} [-fpermissive]
508 | #define XMALLOC(s, h, t) ((void)(h), (void)(t), wolfSSL_Malloc((s)))
| ~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~
| |
| void*
./tests/unit.h:52:49: note: in definition of macro ‘Assert’
52 | #define Assert(test, description, result) if (!(test)) Fail(description, result)
| ^~~~
tests/quic.c:354:9: note: in expansion of macro ‘AssertNotNull’
354 | AssertNotNull(decrypted = XMALLOC(dec_len, NULL, DYNAMIC_TYPE_TMP_BUFFER));
| ^~~~~~~~~~~~~
tests/quic.c:354:35: note: in expansion of macro ‘XMALLOC’
354 | AssertNotNull(decrypted = XMALLOC(dec_len, NULL, DYNAMIC_TYPE_TMP_BUFFER));
| ^~~~~~~
tests/quic.c: In function ‘void QuicTestContext_init(QuicTestContext*, WOLFSSL_CTX*, const char*, int)’:
tests/quic.c:432:66: error: narrowing conversion of ‘-1’ from ‘int’ to ‘byte’ {aka ‘unsigned char’} [-Wnarrowing]
432 | static const byte tp_params_s[] = {7, 6, 5, 4, 3, 2, 1, 0, -1};
| ^
tests/quic.c: In function ‘int ctx_set_encryption_secrets(WOLFSSL*, WOLFSSL_ENCRYPTION_LEVEL, const uint8_t*, const uint8_t*, size_t)’:
tests/quic.c:476:48: error: invalid conversion from ‘void*’ to ‘QuicTestContext*’ [-fpermissive]
476 | QuicTestContext *ctx = wolfSSL_get_app_data(ssl);
| ~~~~~~~~~~~~~~~~~~~~^~~~~
| |
| void*
tests/quic.c: In function ‘int ctx_add_handshake_data(WOLFSSL*, WOLFSSL_ENCRYPTION_LEVEL, const uint8_t*, size_t)’:
tests/quic.c:495:48: error: invalid conversion from ‘void*’ to ‘QuicTestContext*’ [-fpermissive]
495 | QuicTestContext *ctx = wolfSSL_get_app_data(ssl);
| ~~~~~~~~~~~~~~~~~~~~^~~~~
| |
| void*
tests/quic.c:505:31: error: invalid conversion from ‘void*’ to ‘OutputBuffer*’ [-fpermissive]
505 | out->next = calloc(1, sizeof(OutputBuffer));
| ~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~
| |
| void*
tests/quic.c: In function ‘int ctx_flush_flight(WOLFSSL*)’:
tests/quic.c:525:48: error: invalid conversion from ‘void*’ to ‘QuicTestContext*’ [-fpermissive]
525 | QuicTestContext *ctx = wolfSSL_get_app_data(ssl);
| ~~~~~~~~~~~~~~~~~~~~^~~~~
| |
| void*
tests/quic.c: In function ‘int ctx_send_alert(WOLFSSL*, WOLFSSL_ENCRYPTION_LEVEL, uint8_t)’:
tests/quic.c:534:48: error: invalid conversion from ‘void*’ to ‘QuicTestContext*’ [-fpermissive]
534 | QuicTestContext *ctx = wolfSSL_get_app_data(ssl);
| ~~~~~~~~~~~~~~~~~~~~^~~~~
| |
| void*
make[2]: *** [Makefile:6497: tests/unit_test-quic.o] Error 1
make[2]: *** Waiting for unfinished jobs....
In file included from ./wolfssl/wolfcrypt/misc.h:32,
from ./wolfcrypt/src/misc.c:37,
from src/quic.c:34:
src/quic.c: In function ‘QuicRecord* quic_record_make(WOLFSSL*, WOLFSSL_ENCRYPTION_LEVEL, const uint8_t*, size_t)’:
./wolfssl/wolfcrypt/types.h:508:67: error: invalid conversion from ‘void*’ to ‘QuicRecord*’ [-fpermissive]
508 | #define XMALLOC(s, h, t) ((void)(h), (void)(t), wolfSSL_Malloc((s)))
| ~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~
| |
| void*
src/quic.c:76:10: note: in expansion of macro ‘XMALLOC’
76 | qr = XMALLOC(sizeof(*qr), ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
| ^~~~~~~
./wolfssl/wolfcrypt/types.h:508:67: error: invalid conversion from ‘void*’ to ‘uint8_t*’ {aka ‘unsigned char*’} [-fpermissive]
508 | #define XMALLOC(s, h, t) ((void)(h), (void)(t), wolfSSL_Malloc((s)))
| ~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~
| |
| void*
src/quic.c:89:20: note: in expansion of macro ‘XMALLOC’
89 | qr->data = XMALLOC(qr->capacity, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
| ^~~~~~~
src/quic.c: In function ‘int quic_record_append(WOLFSSL*, QuicRecord*, const uint8_t*, size_t, size_t*)’:
./wolfssl/wolfcrypt/types.h:514:61: error: invalid conversion from ‘void*’ to ‘uint8_t*’ {aka ‘unsigned char*’} [-fpermissive]
514 | #define XREALLOC(p, n, h, t) wolfSSL_Realloc((p), (n))
| ~~~~~~~~~~~~~~~^~~~~~~~~~
| |
| void*
src/quic.c:131:30: note: in expansion of macro ‘XREALLOC’
131 | uint8_t *ndata = XREALLOC(qr->data, qr->len, ssl->head, DYNAMIC_TYPE_TMP_BUFFER);
| ^~~~~~~~
src/quic.c: In function ‘word32 quic_record_transfer(QuicRecord*, byte*, word32)’:
src/quic.c:186:44: error: enumeral and non-enumeral type in conditional expression [-Werror=extra]
186 | rlen = (qr->len <= MAX_RECORD_SIZE)? qr->len : MAX_RECORD_SIZE;
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from ./wolfssl/wolfcrypt/misc.h:32,
from ./wolfcrypt/src/misc.c:37,
from src/quic.c:34:
src/quic.c: In function ‘const QuicTransportParam* QuicTransportParam_new(const uint8_t*, size_t, void*)’:
./wolfssl/wolfcrypt/types.h:508:67: error: invalid conversion from ‘void*’ to ‘QuicTransportParam*’ [-fpermissive]
508 | #define XMALLOC(s, h, t) ((void)(h), (void)(t), wolfSSL_Malloc((s)))
| ~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~
| |
| void*
src/quic.c:212:10: note: in expansion of macro ‘XMALLOC’
212 | tp = XMALLOC(sizeof(*tp), heap, DYNAMIC_TYPE_TLSX);
| ^~~~~~~
./wolfssl/wolfcrypt/types.h:508:67: error: invalid conversion from ‘void*’ to ‘const uint8_t*’ {aka ‘const unsigned char*’} [-fpermissive]
508 | #define XMALLOC(s, h, t) ((void)(h), (void)(t), wolfSSL_Malloc((s)))
| ~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~
| |
| void*
src/quic.c:214:16: note: in expansion of macro ‘XMALLOC’
214 | tp->data = XMALLOC(len, heap, DYNAMIC_TYPE_TLSX);
| ^~~~~~~
src/quic.c: In function ‘const QuicTransportParam* QuicTransportParam_dup(const QuicTransportParam*, void*)’:
./wolfssl/wolfcrypt/types.h:508:67: error: invalid conversion from ‘void*’ to ‘QuicTransportParam*’ [-fpermissive]
508 | #define XMALLOC(s, h, t) ((void)(h), (void)(t), wolfSSL_Malloc((s)))
| ~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~
| |
| void*
src/quic.c:227:11: note: in expansion of macro ‘XMALLOC’
227 | tp2 = XMALLOC(sizeof(*tp2), heap, DYNAMIC_TYPE_TLSX);
| ^~~~~~~
./wolfssl/wolfcrypt/types.h:508:67: error: invalid conversion from ‘void*’ to ‘const uint8_t*’ {aka ‘const unsigned char*’} [-fpermissive]
508 | #define XMALLOC(s, h, t) ((void)(h), (void)(t), wolfSSL_Malloc((s)))
| ~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~
| |
| void*
src/quic.c:229:17: note: in expansion of macro ‘XMALLOC’
229 | tp2->data = XMALLOC(tp->len, heap, DYNAMIC_TYPE_TLSX);
| ^~~~~~~
src/quic.c: In function ‘int wolfSSL_quic_send_internal(WOLFSSL*)’:
src/quic.c:740:27: error: invalid conversion from ‘int’ to ‘WOLFSSL_ENCRYPTION_LEVEL’ {aka ‘wolfssl_encryption_level_t’} [-fpermissive]
740 | ssl->quic.output_rec_level, (const uint8_t*)output, len);
| ~~~~~~~~~~^~~~~~~~~~~~~~~~
| |
| int
SparkiDev
requested changes
Jul 27, 2022
Should all be resolved now. |
Done.
Which ones specifically? I think I used the WOLFSSL things where possible. Are your talking about the use of |
|
APIs like: Use OpenSSL types. |
Ah, I see now what you mean. For me, anything with prefix The motivation for this was that I tried to stay close to the quictls/openssl patch and that crypto internals are not my strength. It was not immediately obvious to me how the EVP functions could be replaced with something like If you think there is value in avoiding the EVP part of wolfSSL, I'd need either some guidance or someone with deeper understanding needs to write a PR on top of this one with the changes. I can't tell what the best way to approach this would be. |
|
That's fine we'll add different APIs later if needed. |
SparkiDev
approved these changes
Jul 28, 2022
dgarske
approved these changes
Aug 3, 2022
|
@icing , please resolve minor merge conflict. |
dgarske
requested changes
Aug 4, 2022
There was a problem hiding this comment.
Spelling:
diff --git a/src/quic.c b/src/quic.c
index 79dae7371..91f7f257a 100644
--- a/src/quic.c
+++ b/src/quic.c
@@ -451,7 +451,7 @@ int wolfSSL_quic_add_transport_extensions(WOLFSSL* ssl, int msg_type)
}
if (is_resp) {
- /* server repsonse: time to decide which version to use */
+ /* server response: time to decide which version to use */
if (ssl->quic.transport_peer && ssl->quic.transport_peer_draft) {
if (ssl->quic.transport_version == TLSX_KEY_QUIC_TP_PARAMS_DRAFT) {
ret = TLSX_QuicTP_Use(ssl,
@@ -536,7 +536,7 @@ void wolfSSL_set_quic_early_data_enabled(WOLFSSL* ssl, int enabled)
* not started yet.
* This function is part of the quictls/openssl API and does
* not return any error, sadly. So we just ignore any
- * unsuccessfull use. But we can produce some warnings.
+ * unsuccessful use. But we can produce some warnings.
*/
if (!WOLFSSL_IS_QUIC(ssl)) {
WOLFSSL_MSG("wolfSSL_set_quic_early_data_enabled: not a QUIC SSL");
@@ -754,7 +754,7 @@ static int wolfSSL_quic_send_internal(WOLFSSL* ssl)
aret = ssl->quic.method->add_handshake_data(ssl,
ssl->quic.output_rec_level, (const uint8_t*)output, len);
if (aret != 1) {
- /* The application has an error. General desaster. */
+ /* The application has an error. General disaster. */
WOLFSSL_MSG("WOLFSSL_QUIC_SEND application failed");
ret = FWRITE_ERROR;
goto cleanup;
CC=g++ build errors:
src/quic.c:189:45: error: enumeral and non-enumeral type in conditional expression [-Werror=extra]
189 | rlen = (qr->len <= MAX_RECORD_SIZE) ? qr->len : MAX_RECORD_SIZE;
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~
tests/quic.c: In function ‘void QuicTestContext_init(QuicTestContext*, WOLFSSL_CTX*, const char*, int)’:
tests/quic.c:434:66: error: narrowing conversion of ‘-1’ from ‘int’ to ‘byte’ {aka ‘unsigned char’} [-Wnarrowing]
434 | static const byte tp_params_s[] = {7, 6, 5, 4, 3, 2, 1, 0, -1};
| ^
tests/quic.c: In function ‘int new_session_cb(WOLFSSL*, WOLFSSL_SESSION*)’:
tests/quic.c:1277:48: error: invalid conversion from ‘void*’ to ‘QuicTestContext*’ [-fpermissive]
1277 | QuicTestContext *ctx = wolfSSL_get_app_data(ssl);
| ~~~~~~~~~~~~~~~~~~~~^~~~~
| |
| void*
|
Should be fixed now. Thanks for reviewing. |
dgarske
approved these changes
Aug 4, 2022
icing
force-pushed
the
quic
branch
2 times, most recently
from
49a3847 to
df44dd8
Compare
|
I am not in a position to review this wolfSSL code, but I'm eager to try this out as soon as this has merged - as part of the greater work by @icing, as I hope to use wolfSSL with ngtcp2 to do full fledged HTTP/3 in curl with this stack. |
Merged
douzzer
added a commit
to douzzer/wolfssl
that referenced
this pull request
Aug 10, 2022
added numerous missing _SMALL_STACK code paths (PK objects on the stack); in settings.h, enable WOLFSSL_SMALL_STACK_STATIC by default when WOLFSSL_SMALL_STACK is defined (NO_WOLFSSL_SMALL_STACK_STATIC to override); fixes for unsafe strcat()s in tests/quic.c; fix for unsafe macro WOLFSSL_IS_QUIC(); fix to exclude quic from enable-all when enable-linuxkm (quic needs opensslextra, and opensslextra currently only works in-kernel in cryptonly builds); fix for signed/unsigned clash in wolfSSL_quic_receive().
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
This PR adds QUIC support to wolfSSL.
Please see the supplied QUIC.md for a complete description.
Testing
tests/quic.cand run as part ofmake test.Checklist
tbd. when changes and new API has been reviewed.
see QUIC.md as a base for further documentation updates