[PATCH][OpenSSL-1.0.2] making it possible to do async session lookup during session resumption

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

[PATCH][OpenSSL-1.0.2] making it possible to do async session lookup during session resumption

Zi Lin
Hi OpenSSL devs,

I want to propose a patch that makes OpenSSL compatible with
asynchronous session lookup during session resumption. Currently, the
session lookup expects the session callback to return immediately with
success or failure. Now consider a cluster of hosts that want to pool
the ssl session together to improve session resumption, we would like
the session lookup callback to adopt the asynchronous paradigm of
"cert_cb", i.e. cert_cb can be called repeatedly until cert_cb
finished its job.
https://github.com/openssl/openssl/blob/OpenSSL_1_0_2-stable/ssl/s3_srvr.c#L916

Piotr Sikora initiated this project with ideas borrowed from BoringSSL
code base,
and since we have put some efforts to make sure no bug is introduced.

Hence this attached patch to enable "get_session_cb" to return a fake
session pointer that signals the pending session lookup, and the SSL
state machines will adopts such signal to resume the client hello
processing instead of err-out. It's not a small patch since we have
touched multiple aspects of the SSL state machine. But this patch has
been verified in CloudFlare's heavy traffic production environment for quite a
while and we consider it is stable to be used by upstream.

Any feedback is appreciated!

Best,

Zi

_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

openssl-async-session-lookup.patch (11K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: [PATCH][OpenSSL-1.0.2] making it possible to do async session lookup during session resumption

Matt Caswell-2
On 05/01/16 22:44, Zi Lin wrote:

> Hi OpenSSL devs,
>
> I want to propose a patch that makes OpenSSL compatible with
> asynchronous session lookup during session resumption. Currently, the
> session lookup expects the session callback to return immediately with
> success or failure. Now consider a cluster of hosts that want to pool
> the ssl session together to improve session resumption, we would like
> the session lookup callback to adopt the asynchronous paradigm of
> "cert_cb", i.e. cert_cb can be called repeatedly until cert_cb
> finished its job.
> https://github.com/openssl/openssl/blob/OpenSSL_1_0_2-stable/ssl/s3_srvr.c#L916
>
> Piotr Sikora initiated this project with ideas borrowed from BoringSSL
> code base,
> and since we have put some efforts to make sure no bug is introduced.
>
> Hence this attached patch to enable "get_session_cb" to return a fake
> session pointer that signals the pending session lookup, and the SSL
> state machines will adopts such signal to resume the client hello
> processing instead of err-out. It's not a small patch since we have
> touched multiple aspects of the SSL state machine. But this patch has
> been verified in CloudFlare's heavy traffic production environment for quite a
> while and we consider it is stable to be used by upstream.

Hi Zi

That is an interesting idea and something we may consider looking at.
However your patch in its current form cannot be accepted because it
targets 1.0.2. Such a change would be considered a new feature. The
1.0.2 branch only receives bug fixes. New features should target the
master branch.

If you take a look at master you will see that there have been
substantial and fundamental changes to the state machine code so your
patch would need significant work to bring it into line.

BTW, please email any future submissions to [hidden email] so that they
can be properly tracked.

Thanks

Matt


_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Reply | Threaded
Open this post in threaded view
|

Re: [PATCH][OpenSSL-1.0.2] making it possible to do async session lookup during session resumption

Zi Lin
Hi Matt,

thanks for your time. I am glad to see the big efforts done to make
OpenSSL code better in the master branch (and v1.1.0+). I will find a
way to start working on the master branch. A quick glance into the
master branch state machine: the get_prev_session call happens in
process_message "phase", and dealing with cert_cb happens in
post_process_message "phase". Moving get_prev_session into
post_processing_message "phase" seems non trivial as all those cipher
check are in the process_messaage "phase", depending on resumed
session.

Further, I see this comment. Can you clarify what that means?
https://github.com/openssl/openssl/blob/master/ssl/statem/statem_srvr.c#L1150
Only session ticket and further TLS1.3 session resumption are
supported in v1.1+?

Best,

Zi

On Tue, Jan 5, 2016 at 9:37 PM, Matt Caswell <[hidden email]> wrote:

> On 05/01/16 22:44, Zi Lin wrote:
>> Hi OpenSSL devs,
>>
>> I want to propose a patch that makes OpenSSL compatible with
>> asynchronous session lookup during session resumption. Currently, the
>> session lookup expects the session callback to return immediately with
>> success or failure. Now consider a cluster of hosts that want to pool
>> the ssl session together to improve session resumption, we would like
>> the session lookup callback to adopt the asynchronous paradigm of
>> "cert_cb", i.e. cert_cb can be called repeatedly until cert_cb
>> finished its job.
>> https://github.com/openssl/openssl/blob/OpenSSL_1_0_2-stable/ssl/s3_srvr.c#L916
>>
>> Piotr Sikora initiated this project with ideas borrowed from BoringSSL
>> code base,
>> and since we have put some efforts to make sure no bug is introduced.
>>
>> Hence this attached patch to enable "get_session_cb" to return a fake
>> session pointer that signals the pending session lookup, and the SSL
>> state machines will adopts such signal to resume the client hello
>> processing instead of err-out. It's not a small patch since we have
>> touched multiple aspects of the SSL state machine. But this patch has
>> been verified in CloudFlare's heavy traffic production environment for quite a
>> while and we consider it is stable to be used by upstream.
>
> Hi Zi
>
> That is an interesting idea and something we may consider looking at.
> However your patch in its current form cannot be accepted because it
> targets 1.0.2. Such a change would be considered a new feature. The
> 1.0.2 branch only receives bug fixes. New features should target the
> master branch.
>
> If you take a look at master you will see that there have been
> substantial and fundamental changes to the state machine code so your
> patch would need significant work to bring it into line.
>
> BTW, please email any future submissions to [hidden email] so that they
> can be properly tracked.
>
> Thanks
>
> Matt
>
>
_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Reply | Threaded
Open this post in threaded view
|

Re: [PATCH][OpenSSL-1.0.2] making it possible to do async session lookup during session resumption

Viktor Dukhovni
In reply to this post by Zi Lin
On Tue, Jan 05, 2016 at 02:44:32PM -0800, Zi Lin wrote:

> Hi OpenSSL devs,
>
> I want to propose a patch that makes OpenSSL compatible with
> asynchronous session lookup during session resumption.

I think this is a bad idea.  If you want distributed session caches
use session tickets, and implement a distributed mechanism for
rotating the keys across the server farm.  Actually, there's an RT
ticket for that, but the code is not quite what I'd like to see
adopted, and is no longer compatible with the substantially modified
SSL library in 1.1.0.  So I'll likely just implement session ticket
key management from scratch when I get a chance.

I would strongly recommend against a distributed session store.

--
        Viktor.
_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Reply | Threaded
Open this post in threaded view
|

Re: [PATCH][OpenSSL-1.0.2] making it possible to do async session lookup during session resumption

Matt Caswell-2
In reply to this post by Zi Lin
On 06/01/16 06:14, Zi Lin wrote:

> Hi Matt,
>
> thanks for your time. I am glad to see the big efforts done to make
> OpenSSL code better in the master branch (and v1.1.0+). I will find a
> way to start working on the master branch. A quick glance into the
> master branch state machine: the get_prev_session call happens in
> process_message "phase", and dealing with cert_cb happens in
> post_process_message "phase". Moving get_prev_session into
> post_processing_message "phase" seems non trivial as all those cipher
> check are in the process_messaage "phase", depending on resumed
> session.
>
> Further, I see this comment. Can you clarify what that means?
> https://github.com/openssl/openssl/blob/master/ssl/statem/statem_srvr.c#L1150
> Only session ticket and further TLS1.3 session resumption are
> supported in v1.1+?

This comment is in specific reference to SSLv2 backwards compatible
ClientHellos. While support for SSLv2 itself has been removed from
1.1.0, we still accept SSLv2 backward compat ClientHellos. However we
will not allow session resumption in such an instance: if we are
resuming a session then we must have previously negotiated a version >
SSLv2 so it makes no sense for a client to send a backward compat
ClientHello.

Matt

_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Reply | Threaded
Open this post in threaded view
|

Re: [PATCH][OpenSSL-1.0.2] making it possible to do async session lookup during session resumption

Alessandro Ghedini
In reply to this post by Viktor Dukhovni
On Wed, Jan 06, 2016 at 06:21:13AM +0000, Viktor Dukhovni wrote:
> On Tue, Jan 05, 2016 at 02:44:32PM -0800, Zi Lin wrote:
>
> > Hi OpenSSL devs,
> >
> > I want to propose a patch that makes OpenSSL compatible with
> > asynchronous session lookup during session resumption.
>
> I think this is a bad idea.  If you want distributed session caches
> use session tickets,

That's not really a solution if the client doesn't support session tickets at
all. So in those cases you are left with doing no resumption or doing it
synchronously with session id in an inefficient way.

I think that with the new state machine in master this could be implemented
fairly elegantly and since there's an interest from OpenSSL users (even
BoringSSL provides this!) it seems like something worth implementing to me.

Cheers

_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

signature.asc (836 bytes) Download Attachment