Skip to content

Commit 6dd00ab

Browse files
JacobBarthelmehJacobBarthelmeh
authored
Merge pull request wolfSSL#7771 from aidangarske/InitSuites_Orderadj
`InitSuites` changes to order making `BUILD_TLS_AES_256_GCM_SHA384` be prioritized over `BUILD_TLS_AES_128_GCM_SHA256`
2 parents c5d7dc3 + 43cea3e commit 6dd00ab

5 files changed

Lines changed: 47 additions & 34 deletions

File tree

src/internal.c

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -3273,17 +3273,17 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
32733273
return; /* trust user settings, don't override */
32743274

32753275
#ifdef WOLFSSL_TLS13
3276-
#ifdef BUILD_TLS_AES_128_GCM_SHA256
3276+
#ifdef BUILD_TLS_AES_256_GCM_SHA384
32773277
if (tls1_3) {
32783278
suites->suites[idx++] = TLS13_BYTE;
3279-
suites->suites[idx++] = TLS_AES_128_GCM_SHA256;
3279+
suites->suites[idx++] = TLS_AES_256_GCM_SHA384;
32803280
}
32813281
#endif
32823282

3283-
#ifdef BUILD_TLS_AES_256_GCM_SHA384
3283+
#ifdef BUILD_TLS_AES_128_GCM_SHA256
32843284
if (tls1_3) {
32853285
suites->suites[idx++] = TLS13_BYTE;
3286-
suites->suites[idx++] = TLS_AES_256_GCM_SHA384;
3286+
suites->suites[idx++] = TLS_AES_128_GCM_SHA256;
32873287
}
32883288
#endif
32893289

src/ssl.c

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -20145,10 +20145,10 @@ long wolfSSL_CTX_ctrl(WOLFSSL_CTX* ctx, int cmd, long opt, void* pt)
2014520145
if ((ctrl_opt & WOLFSSL_OP_CIPHER_SERVER_PREFERENCE)
2014620146
== WOLFSSL_OP_CIPHER_SERVER_PREFERENCE) {
2014720147
WOLFSSL_MSG("Using Server's Cipher Preference.");
20148-
ctx->useClientOrder = FALSE;
20148+
ctx->useClientOrder = 0;
2014920149
} else {
2015020150
WOLFSSL_MSG("Using Client's Cipher Preference.");
20151-
ctx->useClientOrder = TRUE;
20151+
ctx->useClientOrder = 1;
2015220152
}
2015320153
#endif /* WOLFSSL_QT */
2015420154

tests/api.c

Lines changed: 18 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -7172,15 +7172,10 @@ static int test_wolfSSL_EVP_CIPHER_CTX(void)
71727172
#if defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) || \
71737173
defined(HAVE_IO_TESTS_DEPENDENCIES)
71747174
#ifdef WOLFSSL_HAVE_TLS_UNIQUE
7175-
#ifdef WC_SHA512_DIGEST_SIZE
7176-
#define MD_MAX_SIZE WC_SHA512_DIGEST_SIZE
7177-
#else
7178-
#define MD_MAX_SIZE WC_SHA256_DIGEST_SIZE
7179-
#endif
7180-
byte server_side_msg1[MD_MAX_SIZE] = {0};/* msg sent by server */
7181-
byte server_side_msg2[MD_MAX_SIZE] = {0};/* msg received from client */
7182-
byte client_side_msg1[MD_MAX_SIZE] = {0};/* msg sent by client */
7183-
byte client_side_msg2[MD_MAX_SIZE] = {0};/* msg received from server */
7175+
byte server_side_msg1[WC_MAX_DIGEST_SIZE]; /* msg sent by server */
7176+
byte server_side_msg2[WC_MAX_DIGEST_SIZE]; /* msg received from client */
7177+
byte client_side_msg1[WC_MAX_DIGEST_SIZE]; /* msg sent by client */
7178+
byte client_side_msg2[WC_MAX_DIGEST_SIZE]; /* msg received from server */
71847179
#endif /* WOLFSSL_HAVE_TLS_UNIQUE */
71857180

71867181
/* TODO: Expand and enable this when EVP_chacha20_poly1305 is supported */
@@ -7733,14 +7728,14 @@ int test_wolfSSL_client_server_nofail_memio(test_ssl_cbf* client_cb,
77337728
TEST_SUCCESS);
77347729
}
77357730
#ifdef WOLFSSL_HAVE_TLS_UNIQUE
7736-
XMEMSET(server_side_msg2, 0, MD_MAX_SIZE);
7731+
XMEMSET(server_side_msg2, 0, WC_MAX_DIGEST_SIZE);
77377732
msg_len = wolfSSL_get_peer_finished(test_ctx.s_ssl, server_side_msg2,
7738-
MD_MAX_SIZE);
7733+
WC_MAX_DIGEST_SIZE);
77397734
ExpectIntGE(msg_len, 0);
77407735

7741-
XMEMSET(server_side_msg1, 0, MD_MAX_SIZE);
7736+
XMEMSET(server_side_msg1, 0, WC_MAX_DIGEST_SIZE);
77427737
msg_len = wolfSSL_get_finished(test_ctx.s_ssl, server_side_msg1,
7743-
MD_MAX_SIZE);
7738+
WC_MAX_DIGEST_SIZE);
77447739
ExpectIntGE(msg_len, 0);
77457740
#endif /* WOLFSSL_HAVE_TLS_UNIQUE */
77467741

@@ -8104,12 +8099,12 @@ static THREAD_RETURN WOLFSSL_THREAD test_server_nofail(void* args)
81048099
}
81058100

81068101
#ifdef WOLFSSL_HAVE_TLS_UNIQUE
8107-
XMEMSET(server_side_msg2, 0, MD_MAX_SIZE);
8108-
msg_len = wolfSSL_get_peer_finished(ssl, server_side_msg2, MD_MAX_SIZE);
8102+
XMEMSET(server_side_msg2, 0, WC_MAX_DIGEST_SIZE);
8103+
msg_len = wolfSSL_get_peer_finished(ssl, server_side_msg2, WC_MAX_DIGEST_SIZE);
81098104
AssertIntGE(msg_len, 0);
81108105

8111-
XMEMSET(server_side_msg1, 0, MD_MAX_SIZE);
8112-
msg_len = wolfSSL_get_finished(ssl, server_side_msg1, MD_MAX_SIZE);
8106+
XMEMSET(server_side_msg1, 0, WC_MAX_DIGEST_SIZE);
8107+
msg_len = wolfSSL_get_finished(ssl, server_side_msg1, WC_MAX_DIGEST_SIZE);
81138108
AssertIntGE(msg_len, 0);
81148109
#endif /* WOLFSSL_HAVE_TLS_UNIQUE */
81158110

@@ -9728,12 +9723,12 @@ static int test_wolfSSL_get_finished_client_on_handshake(WOLFSSL_CTX* ctx,
97289723

97299724
/* get_finished test */
97309725
/* 1. get own sent message */
9731-
XMEMSET(client_side_msg1, 0, MD_MAX_SIZE);
9732-
msg_len = wolfSSL_get_finished(ssl, client_side_msg1, MD_MAX_SIZE);
9726+
XMEMSET(client_side_msg1, 0, WC_MAX_DIGEST_SIZE);
9727+
msg_len = wolfSSL_get_finished(ssl, client_side_msg1, WC_MAX_DIGEST_SIZE);
97339728
ExpectIntGE(msg_len, 0);
97349729
/* 2. get peer message */
9735-
XMEMSET(client_side_msg2, 0, MD_MAX_SIZE);
9736-
msg_len = wolfSSL_get_peer_finished(ssl, client_side_msg2, MD_MAX_SIZE);
9730+
XMEMSET(client_side_msg2, 0, WC_MAX_DIGEST_SIZE);
9731+
msg_len = wolfSSL_get_peer_finished(ssl, client_side_msg2, WC_MAX_DIGEST_SIZE);
97379732
ExpectIntGE(msg_len, 0);
97389733

97399734
return EXPECT_RESULT();
@@ -9756,8 +9751,8 @@ static int test_wolfSSL_get_finished(void)
97569751
TEST_SUCCESS);
97579752

97589753
/* test received msg vs sent msg */
9759-
ExpectIntEQ(0, XMEMCMP(client_side_msg1, server_side_msg2, MD_MAX_SIZE));
9760-
ExpectIntEQ(0, XMEMCMP(client_side_msg2, server_side_msg1, MD_MAX_SIZE));
9754+
ExpectIntEQ(0, XMEMCMP(client_side_msg1, server_side_msg2, WC_MAX_DIGEST_SIZE));
9755+
ExpectIntEQ(0, XMEMCMP(client_side_msg2, server_side_msg1, WC_MAX_DIGEST_SIZE));
97619756
#endif /* HAVE_SSL_MEMIO_TESTS_DEPENDENCIES && WOLFSSL_HAVE_TLS_UNIQUE */
97629757

97639758
return EXPECT_RESULT();

tests/quic.c

Lines changed: 15 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -42,6 +42,11 @@
4242
#include <wolfssl/error-ssl.h>
4343
#include <wolfssl/internal.h>
4444

45+
#if defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256)
46+
#define DEFAULT_TLS_DIGEST_SZ WC_SHA384_DIGEST_SIZE
47+
#else
48+
#define DEFAULT_TLS_DIGEST_SZ WC_SHA256_DIGEST_SIZE
49+
#endif
4550

4651
#define testingFmt " %s:"
4752
#define resultFmt " %s\n"
@@ -1127,13 +1132,16 @@ static int test_quic_server_hello(int verbose) {
11271132
QuicConversation_step(&conv, 0);
11281133
/* check established/missing secrets */
11291134
check_secrets(&tserver, wolfssl_encryption_initial, 0, 0);
1130-
check_secrets(&tserver, wolfssl_encryption_handshake, 32, 32);
1131-
check_secrets(&tserver, wolfssl_encryption_application, 32, 32);
1135+
check_secrets(&tserver, wolfssl_encryption_handshake,
1136+
DEFAULT_TLS_DIGEST_SZ, DEFAULT_TLS_DIGEST_SZ);
1137+
check_secrets(&tserver, wolfssl_encryption_application,
1138+
DEFAULT_TLS_DIGEST_SZ, DEFAULT_TLS_DIGEST_SZ);
11321139
check_secrets(&tclient, wolfssl_encryption_handshake, 0, 0);
11331140
/* feed the server data to the client */
11341141
QuicConversation_step(&conv, 0);
11351142
/* client has generated handshake secret */
1136-
check_secrets(&tclient, wolfssl_encryption_handshake, 32, 32);
1143+
check_secrets(&tclient, wolfssl_encryption_handshake,
1144+
DEFAULT_TLS_DIGEST_SZ, DEFAULT_TLS_DIGEST_SZ);
11371145
/* continue the handshake till done */
11381146
conv.started = 1;
11391147
/* run till end */
@@ -1156,8 +1164,10 @@ static int test_quic_server_hello(int verbose) {
11561164
/* the last client write (FINISHED) was at handshake level */
11571165
AssertTrue(tclient.output.level == wolfssl_encryption_handshake);
11581166
/* we have the app secrets */
1159-
check_secrets(&tclient, wolfssl_encryption_application, 32, 32);
1160-
check_secrets(&tserver, wolfssl_encryption_application, 32, 32);
1167+
check_secrets(&tclient, wolfssl_encryption_application,
1168+
DEFAULT_TLS_DIGEST_SZ, DEFAULT_TLS_DIGEST_SZ);
1169+
check_secrets(&tserver, wolfssl_encryption_application,
1170+
DEFAULT_TLS_DIGEST_SZ, DEFAULT_TLS_DIGEST_SZ);
11611171
/* verify client and server have the same secrets established */
11621172
assert_secrets_EQ(&tclient, &tserver, wolfssl_encryption_handshake);
11631173
assert_secrets_EQ(&tclient, &tserver, wolfssl_encryption_application);

wolfssl/test.h

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1958,7 +1958,11 @@ static WC_INLINE unsigned int my_psk_client_tls13_cb(WOLFSSL* ssl,
19581958
key[i] = (unsigned char) b;
19591959
}
19601960

1961+
#if defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256)
1962+
*ciphersuite = userCipher ? userCipher : "TLS13-AES256-GCM-SHA384";
1963+
#else
19611964
*ciphersuite = userCipher ? userCipher : "TLS13-AES128-GCM-SHA256";
1965+
#endif
19621966

19631967
ret = 32; /* length of key in octets or 0 for error */
19641968

@@ -1997,7 +2001,11 @@ static WC_INLINE unsigned int my_psk_server_tls13_cb(WOLFSSL* ssl,
19972001
key[i] = (unsigned char) b;
19982002
}
19992003

2004+
#if defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256)
2005+
*ciphersuite = userCipher ? userCipher : "TLS13-AES256-GCM-SHA384";
2006+
#else
20002007
*ciphersuite = userCipher ? userCipher : "TLS13-AES128-GCM-SHA256";
2008+
#endif
20012009

20022010
ret = 32; /* length of key in octets or 0 for error */
20032011

0 commit comments

Comments
 (0)