Add TLS v1.3 as an option#661
Conversation
|
retest this please Jenkins, was updating Windows jobs. |
|
Jenkins, something went wrong, could you please re-run windows PR test |
ejohnstown
left a comment
There was a problem hiding this comment.
I pulled this PR against commit 483e461, as it won't merge cleanly with master.
There are a few build issues on macOS with clang that I'm not seeing on Ubuntu with GCC. I think there is something glitchy with the configure.ac for that.
I'll dig into that, and the code in general, a little more over the week.
There was a problem hiding this comment.
When building on macOS-clang without session tickets enabled, this function is unused.
There was a problem hiding this comment.
Building with macOS-clang, this has a loss-of-precision error for the tv values.
There was a problem hiding this comment.
Casting to word32 now
There was a problem hiding this comment.
Building on macOS-clang, session doesn't have cipherSuite0 and cipherSuite when session certs isn't enabled.
There was a problem hiding this comment.
Building on macOS-clang, TLSX_PreSharedKey_Use() needs PSK enabled.
There was a problem hiding this comment.
Building on macOS-clang, PSK_DHE_KE needs PSK enabled.
There was a problem hiding this comment.
Building on macOS-clang, TLSX_PskKeModes_Use() needs PSK enabled.
ejohnstown
left a comment
There was a problem hiding this comment.
Just a few small formatting tweaks.
There was a problem hiding this comment.
Doesn't need to be optional. decode_error is used in master now.
There was a problem hiding this comment.
Formatting: Please move the paren up a line.
There was a problem hiding this comment.
Formatting: Please move the paren up a line.
There was a problem hiding this comment.
Formatting: Please move the paren up a line.
There was a problem hiding this comment.
Formatting: Please move the paren up a line.
|
We need tests/suites.c updated for handling TLSv1.3 andtest cases for tests/test.conf. |
ejohnstown
left a comment
There was a problem hiding this comment.
valgrind leak checks, clang static analysis checks, infer static analysis checks
There was a problem hiding this comment.
I think this is leaking the client ecc_key. Valgrind is reporting
==12644== by 0x418E9D: wolfSSL_Malloc (memory.c:94)
==12644== by 0x42424A: TLSX_KeyShare_GenEccKey (tls.c:4425)
==12644== by 0x4243FF: TLSX_KeyShare_GenKey (tls.c:4481)
==12644== by 0x425086: TLSX_KeyShare_Use (tls.c:5005)
==12644== by 0x42520D: TLSX_KeyShare_SetSupported (tls.c:5104)
==12644== by 0x42530E: TLSX_KeyShare_Establish (tls.c:5148)
==12644== by 0x45C935: VerifyServerSuite (internal.c:18897)
==12644== by 0x45CA3C: MatchSuite (internal.c:18927)
==12644== by 0x429D9D: DoTls13ClientHello (tls13.c:2445)
==12644== by 0x42D143: DoTls13HandShakeMsgType (tls13.c:4688)
==12644== by 0x42D576: DoTls13HandShakeMsg (tls13.c:4817)
and this line looked like it might be losing something. (I added an XFREE of the clientKSE key before the assignment and valgrind accepted it.)
There was a problem hiding this comment.
clang scan-build is reporting that protocol and protocolLen are being used without being initialized.
There was a problem hiding this comment.
infer static analysis: if TLSX_Find returns a null, we would be dereferencing it
There was a problem hiding this comment.
infer static analysis: extension may be NULL at this point.
There was a problem hiding this comment.
infer static analysis: extension may be NULL
There was a problem hiding this comment.
infer static analysis: extension may be NULL
There was a problem hiding this comment.
Let's pick a default key share like p256, have that be the default, and then allow the user to override by calling this function. That eliminates the need for every user to call every time.
There was a problem hiding this comment.
Changed to use a default unless user calls wolfSSL_NoKeyShare() in which case no KeyShare data is sent and the HelloRetryRequest message will be used to negotiate group.
There was a problem hiding this comment.
Should there be a wolfSSL_CTX_ version of no_dhe_psk as well to make this easier to use?
There was a problem hiding this comment.
Added wolfSSL_CTX_no_dhe_psk().
There was a problem hiding this comment.
update_keys should be made non-blocking.
There was a problem hiding this comment.
Changes made to deal with WANT_WRITE.
There was a problem hiding this comment.
should 0x7f as major temp version be a define for easy switching in the future? same with minor?
There was a problem hiding this comment.
let's also add TLS 1.3 cipher suite tests into test/tls13.conf.
There was a problem hiding this comment.
TLS v1.3 cipher suites added to tests/test-tls13.conf. Test conf added to tests/suites.c.
There was a problem hiding this comment.
why not use the is TLS 1.3 function?
There was a problem hiding this comment.
Should there be a wolfSSL_CTX version of create_ticket() as well for easier use?
There was a problem hiding this comment.
Should create ticket be the default? And instead have no ticket option for those that want to disable tickets?
There was a problem hiding this comment.
CTX version added.
There was a problem hiding this comment.
When using TLS v1.2 or below then the wolfSSL_CTX_UseSessionTicket() function is called and the new Ticket is sent.
In TLS v1.3 the extension is sent when you can fall back to TLS v1.2 or below. But when you are doing TLS v1.3 you need to send the new ticket if you want to perform resumption in later handshakes. I can see that sending the ticket should be the default behaviour for TLS v1.3 - but not for earlier versions. User only knows whether you negotiated TLS v1.3 once the handshake is happening.
Changing the API to wolfSSL_no_ticket_TLSv13() makes sense to me and internally a new flag would be used called noTicketTls13.
Please advise.
There was a problem hiding this comment.
Changed as described.
|
retest this please jenkins (Windows machine was offline) |
There was a problem hiding this comment.
Hey Sean, looks like these three new members are TLS 1.3 specific and should have the #ifdef WOLFSSL_TLS13 around them? Then the struct Arrays won't grow for non-TLS 1.3 builds.
That's the only issue I saw looking through internal.c and internal.h. Some of the cleanups you've done I also did in async_intelqa, so whoever gets into master second will have some serious rebase/merge conflicts to resolve. ;-)
There was a problem hiding this comment.
Thanks David!
Change made.
Good to see we cleaned up the same things. :-) Hopefully my changes won't cause you to many problems when you merge! ;-)
|
Rebase with fixup |
dgarske
left a comment
There was a problem hiding this comment.
See comments.
Also had build failure with:
./configure --enable-tls13 --enable-psk CFLAGS="-DHAVE_NULL_CIPHER -DWOLFSSL_STATIC_PSK"
src/tls.c:6747:25: error: implicit declaration of function 'TimeNowInMilliseconds' is invalid in C99 [-Werror,-Wimplicit-function-declaration]
milli = TimeNowInMilliseconds() - sess->ticketSeen +
^
src/tls.c:6747:57: error: no member named 'ticketSeen' in 'struct WOLFSSL_SESSION'
milli = TimeNowInMilliseconds() - sess->ticketSeen +
~~~~ ^
src/tls.c:6748:31: error: no member named 'ticketAdd' in 'struct WOLFSSL_SESSION'
sess->ticketAdd;
~~~~ ^
src/tls.c:6750:56: error: no member named 'ticket' in 'struct WOLFSSL_SESSION'
ret = TLSX_PreSharedKey_Use(ssl, sess->ticket, sess->ticketLen,
~~~~ ^
src/tls.c:6750:70: error: no member named 'ticketLen' in 'struct WOLFSSL_SESSION'
ret = TLSX_PreSharedKey_Use(ssl, sess->ticket, sess->ticketLen,
~~~~ ^
5 errors generated.
make[1]: *** [src/src_libwolfssl_la-tls.lo] Error 1
make[1]: *** Waiting for unfinished jobs....
src/tls13.c:2222:20: error: use of undeclared identifier 'WOLFSSL_TICKET_RET_OK'
if (ret != WOLFSSL_TICKET_RET_OK)
^
src/tls13.c:2227:24: error: implicit declaration of function 'TimeNowInMilliseconds' is invalid in C99 [-Werror,-Wimplicit-function-declaration]
int diff = TimeNowInMilliseconds() - ssl->session.ticketSeen;
^
src/tls13.c:2227:63: error: no member named 'ticketSeen' in 'struct WOLFSSL_SESSION'
int diff = TimeNowInMilliseconds() - ssl->session.ticketSeen;
~~~~~~~~~~~~ ^
src/tls13.c:2228:55: error: no member named 'ticketAdd' in 'struct WOLFSSL_SESSION'
diff -= current->ticketAge - ssl->session.ticketAdd;
~~~~~~~~~~~~ ^
src/tls13.c:2254:52: error: no member named 'ticketAdd' in 'struct WOLFSSL_SESSION'
if (current->ticketAge != ssl->session.ticketAdd)
~~~~~~~~~~~~ ^
src/tls13.c:2299:40: error: no member named 'namedGroup' in 'struct WOLFSSL_SESSION'
ssl->namedGroup = ssl->session.namedGroup;
Thanks
There was a problem hiding this comment.
This isn't required here because we have the misc.c logic at the top. This section with WOLFSSL_HAVE_MIN can be remove.
There was a problem hiding this comment.
Was the change from XOR to AND on purpose and if so can you add comment for why it was wrong? Thanks.
There was a problem hiding this comment.
When XOR:
0 ^ 0 = 0
0 ^ 1 = 1
1 ^ 0 = 1
1 ^ 1 = 0
Therefore if any other bits (the ones not being checked) are 1 then the result is non-zero or TRUE.
The code with an AND will mask out the bit to be checked.
There was a problem hiding this comment.
Can you avoid hard coded 2 here? Perhaps sizeof(current->group)?
There was a problem hiding this comment.
Changed to KE_GROUP_LEN
There was a problem hiding this comment.
This section for WOLFSSL_HAVE_MIN can be removed. Was part of a previous cleanup and is now in misc.c
|
@toddouska and @SparkiDev : Didn't mean to "approve" it. Just dismissed my review comments since they have been addressed. The rebase has been pushed but there is an issue with the TLS 1.3 test script. Looks like something in SendTls13CertificateVerify causing a Decrypt error on the server side. Sent you both an email with details. |
No description provided.