Add TLS v1.3 as an option

[SparkiDev]

No description provided.

[JacobBarthelmeh]

retest this please Jenkins, was updating Windows jobs.

[kaleb-himes]

Jenkins, something went wrong, could you please re-run windows PR test

[ejohnstown]

I pulled this PR against commit 483e461, as it won't merge cleanly with master.

There are a few build issues on macOS with clang that I'm not seeing on Ubuntu with GCC. I think there is something glitchy with the configure.ac for that.

I'll dig into that, and the code in general, a little more over the week.

[ejohnstown]

When building on macOS-clang without session tickets enabled, this function is unused.

[SparkiDev]

Fixed

[ejohnstown]

Building with macOS-clang, this has a loss-of-precision error for the tv values.

[SparkiDev]

Casting to word32 now

[ejohnstown]

Building on macOS-clang, session doesn't have cipherSuite0 and cipherSuite when session certs isn't enabled.

[ejohnstown]

Building on macOS-clang, TLSX_PreSharedKey_Use() needs PSK enabled.

[SparkiDev]

Fixed

[ejohnstown]

Building on macOS-clang, PSK_DHE_KE needs PSK enabled.

[SparkiDev]

Fixed

[ejohnstown]

Building on macOS-clang, TLSX_PskKeModes_Use() needs PSK enabled.

[SparkiDev]

Fixed

[ejohnstown]

Just a few small formatting tweaks.

[ejohnstown]

Doesn't need to be optional. decode_error is used in master now.

[ejohnstown]

Formatting: Please move the paren up a line.

[ejohnstown]

Formatting: Please move the paren up a line.

[ejohnstown]

Formatting: Please move the paren up a line.

[ejohnstown]

Formatting: Please move the paren up a line.

[ejohnstown]

"illegal parameter"

[ejohnstown]

We need tests/suites.c updated for handling TLSv1.3 andtest cases for tests/test.conf.

[ejohnstown]

valgrind leak checks, clang static analysis checks, infer static analysis checks

[ejohnstown]

I think this is leaking the client ecc_key. Valgrind is reporting

==12644==    by 0x418E9D: wolfSSL_Malloc (memory.c:94)
==12644==    by 0x42424A: TLSX_KeyShare_GenEccKey (tls.c:4425)
==12644==    by 0x4243FF: TLSX_KeyShare_GenKey (tls.c:4481)
==12644==    by 0x425086: TLSX_KeyShare_Use (tls.c:5005)
==12644==    by 0x42520D: TLSX_KeyShare_SetSupported (tls.c:5104)
==12644==    by 0x42530E: TLSX_KeyShare_Establish (tls.c:5148)
==12644==    by 0x45C935: VerifyServerSuite (internal.c:18897)
==12644==    by 0x45CA3C: MatchSuite (internal.c:18927)
==12644==    by 0x429D9D: DoTls13ClientHello (tls13.c:2445)
==12644==    by 0x42D143: DoTls13HandShakeMsgType (tls13.c:4688)
==12644==    by 0x42D576: DoTls13HandShakeMsg (tls13.c:4817)

and this line looked like it might be losing something. (I added an XFREE of the clientKSE key before the assignment and valgrind accepted it.)

[ejohnstown]

clang scan-build is reporting that protocol and protocolLen are being used without being initialized.

[SparkiDev]

Fixed

[ejohnstown]

infer static analysis: if TLSX_Find returns a null, we would be dereferencing it

[ejohnstown]

infer static analysis: extension may be NULL at this point.

[ejohnstown]

infer static analysis: extension may be NULL

[ejohnstown]

infer static analysis: extension may be NULL

[toddouska]

Let's pick a default key share like p256, have that be the default, and then allow the user to override by calling this function. That eliminates the need for every user to call every time.

[SparkiDev]

Changed to use a default unless user calls wolfSSL_NoKeyShare() in which case no KeyShare data is sent and the HelloRetryRequest message will be used to negotiate group.

[toddouska]

Should there be a wolfSSL_CTX_ version of no_dhe_psk as well to make this easier to use?

[SparkiDev]

Added wolfSSL_CTX_no_dhe_psk().

[toddouska]

update_keys should be made non-blocking.

[SparkiDev]

Changes made to deal with WANT_WRITE.

[toddouska]

should 0x7f as major temp version be a define for easy switching in the future? same with minor?

[SparkiDev]

Fixed

[toddouska]

let's also add TLS 1.3 cipher suite tests into test/tls13.conf.

[SparkiDev]

TLS v1.3 cipher suites added to tests/test-tls13.conf. Test conf added to tests/suites.c.

[toddouska]

why not use the is TLS 1.3 function?

[SparkiDev]

Fixed

[toddouska]

Should there be a wolfSSL_CTX version of create_ticket() as well for easier use?

[toddouska]

Should create ticket be the default? And instead have no ticket option for those that want to disable tickets?

[SparkiDev]

CTX version added.

[SparkiDev]

When using TLS v1.2 or below then the wolfSSL_CTX_UseSessionTicket() function is called and the new Ticket is sent.
In TLS v1.3 the extension is sent when you can fall back to TLS v1.2 or below. But when you are doing TLS v1.3 you need to send the new ticket if you want to perform resumption in later handshakes. I can see that sending the ticket should be the default behaviour for TLS v1.3 - but not for earlier versions. User only knows whether you negotiated TLS v1.3 once the handshake is happening.

Changing the API to wolfSSL_no_ticket_TLSv13() makes sense to me and internally a new flag would be used called noTicketTls13.
Please advise.

[SparkiDev]

Changed as described.

[kaleb-himes]

retest this please jenkins (Windows machine was offline)

[dgarske]

Hey Sean, looks like these three new members are TLS 1.3 specific and should have the #ifdef WOLFSSL_TLS13 around them? Then the struct Arrays won't grow for non-TLS 1.3 builds.

That's the only issue I saw looking through internal.c and internal.h. Some of the cleanups you've done I also did in async_intelqa, so whoever gets into master second will have some serious rebase/merge conflicts to resolve. ;-)

[SparkiDev]

Thanks David!
Change made.
Good to see we cleaned up the same things. :-) Hopefully my changes won't cause you to many problems when you merge! ;-)

[SparkiDev]

Rebase with fixup

These are fixes

[dgarske]

See comments.

Also had build failure with:

./configure --enable-tls13 --enable-psk CFLAGS="-DHAVE_NULL_CIPHER -DWOLFSSL_STATIC_PSK"

src/tls.c:6747:25: error: implicit declaration of function 'TimeNowInMilliseconds' is invalid in C99 [-Werror,-Wimplicit-function-declaration]
                milli = TimeNowInMilliseconds() - sess->ticketSeen +
                        ^
src/tls.c:6747:57: error: no member named 'ticketSeen' in 'struct WOLFSSL_SESSION'
                milli = TimeNowInMilliseconds() - sess->ticketSeen +
                                                  ~~~~  ^
src/tls.c:6748:31: error: no member named 'ticketAdd' in 'struct WOLFSSL_SESSION'
                        sess->ticketAdd;
                        ~~~~  ^
src/tls.c:6750:56: error: no member named 'ticket' in 'struct WOLFSSL_SESSION'
                ret = TLSX_PreSharedKey_Use(ssl, sess->ticket, sess->ticketLen,
                                                 ~~~~  ^
src/tls.c:6750:70: error: no member named 'ticketLen' in 'struct WOLFSSL_SESSION'
                ret = TLSX_PreSharedKey_Use(ssl, sess->ticket, sess->ticketLen,
                                                               ~~~~  ^
5 errors generated.
make[1]: *** [src/src_libwolfssl_la-tls.lo] Error 1
make[1]: *** Waiting for unfinished jobs....
src/tls13.c:2222:20: error: use of undeclared identifier 'WOLFSSL_TICKET_RET_OK'
        if (ret != WOLFSSL_TICKET_RET_OK)
                   ^
src/tls13.c:2227:24: error: implicit declaration of function 'TimeNowInMilliseconds' is invalid in C99 [-Werror,-Wimplicit-function-declaration]
            int diff = TimeNowInMilliseconds() - ssl->session.ticketSeen;
                       ^
src/tls13.c:2227:63: error: no member named 'ticketSeen' in 'struct WOLFSSL_SESSION'
            int diff = TimeNowInMilliseconds() - ssl->session.ticketSeen;
                                                 ~~~~~~~~~~~~ ^
src/tls13.c:2228:55: error: no member named 'ticketAdd' in 'struct WOLFSSL_SESSION'
            diff -= current->ticketAge - ssl->session.ticketAdd;
                                         ~~~~~~~~~~~~ ^
src/tls13.c:2254:52: error: no member named 'ticketAdd' in 'struct WOLFSSL_SESSION'
            if (current->ticketAge != ssl->session.ticketAdd)
                                      ~~~~~~~~~~~~ ^
src/tls13.c:2299:40: error: no member named 'namedGroup' in 'struct WOLFSSL_SESSION'
        ssl->namedGroup = ssl->session.namedGroup;

Thanks

[dgarske]

This isn't required here because we have the misc.c logic at the top. This section with WOLFSSL_HAVE_MIN can be remove.

[SparkiDev]

Removed

[dgarske]

Was the change from XOR to AND on purpose and if so can you add comment for why it was wrong? Thanks.

[SparkiDev]

When XOR:
0 ^ 0 = 0
0 ^ 1 = 1
1 ^ 0 = 1
1 ^ 1 = 0
Therefore if any other bits (the ones not being checked) are 1 then the result is non-zero or TRUE.
The code with an AND will mask out the bit to be checked.

[dgarske]

Can you avoid hard coded 2 here? Perhaps sizeof(current->group)?

[SparkiDev]

Changed to KE_GROUP_LEN

[dgarske]

This section for WOLFSSL_HAVE_MIN can be removed. Was part of a previous cleanup and is now in misc.c

[SparkiDev]

Removed.

[dgarske]

@toddouska and @SparkiDev : Didn't mean to "approve" it. Just dismissed my review comments since they have been addressed. The rebase has been pushed but there is an issue with the TLS 1.3 test script. Looks like something in SendTls13CertificateVerify causing a Decrypt error on the server side. Sent you both an email with details.