[PATCH] Implement new functions for EAP:

Jouni Malinen j at w1.fi
Mon Apr 18 07:09:36 PDT 2022


On Thu, Aug 26, 2021 at 11:25:34AM +0200, Juliusz Sosinowicz wrote:
> - `tls_get_tls_unique`
> - `tls_connection_get_cipher_suite`
> - `tls_connection_get_peer_subject`
> - `tls_connection_get_own_cert_used`
> 
> The necessary wolfSSL changes are located in https://github.com/wolfSSL/wolfssl/pull/4205 .

Thanks, applied with some cleanup in a number of separate commits.

While testing these with various wolfSSL versions, I noticed that there
were some regressions or old issues being revealed by additional
functionality getting enabled. I fixed some of these, but it looks like
there is still something wrong going on whenever TLS 1.3 is enabled and
the wpa_supplicant mechanism of disabling that by default not working
with wolfSSL. I ended up doing most of the testing with --disable-tls13
build of wolfSSL to verify previously working functionality.

As far as the now enabled TLS session resumption and caching is
concerned, it looks looks like there might be a memory leak in the
WOLFSSL_SESSION ex_data handling. tls_connection_set_success_data() adds
a heap allocated memory pointer with wolfSSL_SESSION_set_ex_data() and
that buffer is not always cleared. It looks like remove_session_cb() is
supposed to do that, but there is no mechanism to force that to happen
when exiting the process. It looks like there is
wolfSSL_flush_sessions(), but that is not called and even it it were,
the current implementation of it does not really do anything. I'm not
sure whether this is a real memory leak in the sense of each session
leaking one instance or whether this just shows up since the session
entry has not timed out and it would have been freed when processing the
eventual timeout.

-- 
Jouni Malinen                                            PGP id EFC895FA



More information about the Hostap mailing list