Re: [PATCH] Implement new functions for EAP:

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi Jouni,
thank you for your feedback. We are aware of the issue with TLS 1.3 in wpa_supplicant with wolfSSL. We have put in work to fix this and I am preparing another patch that will add TLS 1.3 support along with a few other new features when using wolfSSL as the crypto/TLS backend.
This memory leak hasn't been reported before. I will fix it and include it in the upcoming patch. 

Sincerely
Juliusz Sosinowicz

On 18/04/2022 16:09, Jouni Malinen wrote:

On Thu, Aug 26, 2021 at 11:25:34AM +0200, Juliusz Sosinowicz wrote:

- `tls_get_tls_unique`
- `tls_connection_get_cipher_suite`
- `tls_connection_get_peer_subject`
- `tls_connection_get_own_cert_used`

The necessary wolfSSL changes are located in https://github.com/wolfSSL/wolfssl/pull/4205 .

Thanks, applied with some cleanup in a number of separate commits.

While testing these with various wolfSSL versions, I noticed that there
were some regressions or old issues being revealed by additional
functionality getting enabled. I fixed some of these, but it looks like
there is still something wrong going on whenever TLS 1.3 is enabled and
the wpa_supplicant mechanism of disabling that by default not working
with wolfSSL. I ended up doing most of the testing with --disable-tls13
build of wolfSSL to verify previously working functionality.

As far as the now enabled TLS session resumption and caching is
concerned, it looks looks like there might be a memory leak in the
WOLFSSL_SESSION ex_data handling. tls_connection_set_success_data() adds
a heap allocated memory pointer with wolfSSL_SESSION_set_ex_data() and
that buffer is not always cleared. It looks like remove_session_cb() is
supposed to do that, but there is no mechanism to force that to happen
when exiting the process. It looks like there is
wolfSSL_flush_sessions(), but that is not called and even it it were,
the current implementation of it does not really do anything. I'm not
sure whether this is a real memory leak in the sense of each session
leaking one instance or whether this just shows up since the session
entry has not timed out and it would have been freed when processing the
eventual timeout.



_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap
[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]

  Powered by Linux