diff --git a/src/internal.c b/src/internal.c index 14a09a77f3..462e3c7244 100644 --- a/src/internal.c +++ b/src/internal.c @@ -3273,17 +3273,17 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, return; /* trust user settings, don't override */ #ifdef WOLFSSL_TLS13 -#ifdef BUILD_TLS_AES_128_GCM_SHA256 +#ifdef BUILD_TLS_AES_256_GCM_SHA384 if (tls1_3) { suites->suites[idx++] = TLS13_BYTE; - suites->suites[idx++] = TLS_AES_128_GCM_SHA256; + suites->suites[idx++] = TLS_AES_256_GCM_SHA384; } #endif -#ifdef BUILD_TLS_AES_256_GCM_SHA384 +#ifdef BUILD_TLS_AES_128_GCM_SHA256 if (tls1_3) { suites->suites[idx++] = TLS13_BYTE; - suites->suites[idx++] = TLS_AES_256_GCM_SHA384; + suites->suites[idx++] = TLS_AES_128_GCM_SHA256; } #endif diff --git a/src/ssl.c b/src/ssl.c index 13ea2ff695..fd10e5e5b7 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -20145,10 +20145,10 @@ long wolfSSL_CTX_ctrl(WOLFSSL_CTX* ctx, int cmd, long opt, void* pt) if ((ctrl_opt & WOLFSSL_OP_CIPHER_SERVER_PREFERENCE) == WOLFSSL_OP_CIPHER_SERVER_PREFERENCE) { WOLFSSL_MSG("Using Server's Cipher Preference."); - ctx->useClientOrder = FALSE; + ctx->useClientOrder = 0; } else { WOLFSSL_MSG("Using Client's Cipher Preference."); - ctx->useClientOrder = TRUE; + ctx->useClientOrder = 1; } #endif /* WOLFSSL_QT */ diff --git a/tests/api.c b/tests/api.c index a387ca3353..e7b64124a6 100644 --- a/tests/api.c +++ b/tests/api.c @@ -7172,15 +7172,10 @@ static int test_wolfSSL_EVP_CIPHER_CTX(void) #if defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) || \ defined(HAVE_IO_TESTS_DEPENDENCIES) #ifdef WOLFSSL_HAVE_TLS_UNIQUE - #ifdef WC_SHA512_DIGEST_SIZE - #define MD_MAX_SIZE WC_SHA512_DIGEST_SIZE - #else - #define MD_MAX_SIZE WC_SHA256_DIGEST_SIZE - #endif - byte server_side_msg1[MD_MAX_SIZE] = {0};/* msg sent by server */ - byte server_side_msg2[MD_MAX_SIZE] = {0};/* msg received from client */ - byte client_side_msg1[MD_MAX_SIZE] = {0};/* msg sent by client */ - byte client_side_msg2[MD_MAX_SIZE] = {0};/* msg received from server */ + byte server_side_msg1[WC_MAX_DIGEST_SIZE]; /* msg sent by server */ + byte server_side_msg2[WC_MAX_DIGEST_SIZE]; /* msg received from client */ + byte client_side_msg1[WC_MAX_DIGEST_SIZE]; /* msg sent by client */ + byte client_side_msg2[WC_MAX_DIGEST_SIZE]; /* msg received from server */ #endif /* WOLFSSL_HAVE_TLS_UNIQUE */ /* TODO: Expand and enable this when EVP_chacha20_poly1305 is supported */ @@ -7733,14 +7728,14 @@ int test_wolfSSL_client_server_nofail_memio(test_ssl_cbf* client_cb, TEST_SUCCESS); } #ifdef WOLFSSL_HAVE_TLS_UNIQUE - XMEMSET(server_side_msg2, 0, MD_MAX_SIZE); + XMEMSET(server_side_msg2, 0, WC_MAX_DIGEST_SIZE); msg_len = wolfSSL_get_peer_finished(test_ctx.s_ssl, server_side_msg2, - MD_MAX_SIZE); + WC_MAX_DIGEST_SIZE); ExpectIntGE(msg_len, 0); - XMEMSET(server_side_msg1, 0, MD_MAX_SIZE); + XMEMSET(server_side_msg1, 0, WC_MAX_DIGEST_SIZE); msg_len = wolfSSL_get_finished(test_ctx.s_ssl, server_side_msg1, - MD_MAX_SIZE); + WC_MAX_DIGEST_SIZE); ExpectIntGE(msg_len, 0); #endif /* WOLFSSL_HAVE_TLS_UNIQUE */ @@ -8104,12 +8099,12 @@ static THREAD_RETURN WOLFSSL_THREAD test_server_nofail(void* args) } #ifdef WOLFSSL_HAVE_TLS_UNIQUE - XMEMSET(server_side_msg2, 0, MD_MAX_SIZE); - msg_len = wolfSSL_get_peer_finished(ssl, server_side_msg2, MD_MAX_SIZE); + XMEMSET(server_side_msg2, 0, WC_MAX_DIGEST_SIZE); + msg_len = wolfSSL_get_peer_finished(ssl, server_side_msg2, WC_MAX_DIGEST_SIZE); AssertIntGE(msg_len, 0); - XMEMSET(server_side_msg1, 0, MD_MAX_SIZE); - msg_len = wolfSSL_get_finished(ssl, server_side_msg1, MD_MAX_SIZE); + XMEMSET(server_side_msg1, 0, WC_MAX_DIGEST_SIZE); + msg_len = wolfSSL_get_finished(ssl, server_side_msg1, WC_MAX_DIGEST_SIZE); AssertIntGE(msg_len, 0); #endif /* WOLFSSL_HAVE_TLS_UNIQUE */ @@ -9728,12 +9723,12 @@ static int test_wolfSSL_get_finished_client_on_handshake(WOLFSSL_CTX* ctx, /* get_finished test */ /* 1. get own sent message */ - XMEMSET(client_side_msg1, 0, MD_MAX_SIZE); - msg_len = wolfSSL_get_finished(ssl, client_side_msg1, MD_MAX_SIZE); + XMEMSET(client_side_msg1, 0, WC_MAX_DIGEST_SIZE); + msg_len = wolfSSL_get_finished(ssl, client_side_msg1, WC_MAX_DIGEST_SIZE); ExpectIntGE(msg_len, 0); /* 2. get peer message */ - XMEMSET(client_side_msg2, 0, MD_MAX_SIZE); - msg_len = wolfSSL_get_peer_finished(ssl, client_side_msg2, MD_MAX_SIZE); + XMEMSET(client_side_msg2, 0, WC_MAX_DIGEST_SIZE); + msg_len = wolfSSL_get_peer_finished(ssl, client_side_msg2, WC_MAX_DIGEST_SIZE); ExpectIntGE(msg_len, 0); return EXPECT_RESULT(); @@ -9756,8 +9751,8 @@ static int test_wolfSSL_get_finished(void) TEST_SUCCESS); /* test received msg vs sent msg */ - ExpectIntEQ(0, XMEMCMP(client_side_msg1, server_side_msg2, MD_MAX_SIZE)); - ExpectIntEQ(0, XMEMCMP(client_side_msg2, server_side_msg1, MD_MAX_SIZE)); + ExpectIntEQ(0, XMEMCMP(client_side_msg1, server_side_msg2, WC_MAX_DIGEST_SIZE)); + ExpectIntEQ(0, XMEMCMP(client_side_msg2, server_side_msg1, WC_MAX_DIGEST_SIZE)); #endif /* HAVE_SSL_MEMIO_TESTS_DEPENDENCIES && WOLFSSL_HAVE_TLS_UNIQUE */ return EXPECT_RESULT(); diff --git a/tests/quic.c b/tests/quic.c index 3051a57c79..c58625db48 100644 --- a/tests/quic.c +++ b/tests/quic.c @@ -42,6 +42,11 @@ #include #include +#if defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256) + #define DEFAULT_TLS_DIGEST_SZ WC_SHA384_DIGEST_SIZE +#else + #define DEFAULT_TLS_DIGEST_SZ WC_SHA256_DIGEST_SIZE +#endif #define testingFmt " %s:" #define resultFmt " %s\n" @@ -1127,13 +1132,16 @@ static int test_quic_server_hello(int verbose) { QuicConversation_step(&conv, 0); /* check established/missing secrets */ check_secrets(&tserver, wolfssl_encryption_initial, 0, 0); - check_secrets(&tserver, wolfssl_encryption_handshake, 32, 32); - check_secrets(&tserver, wolfssl_encryption_application, 32, 32); + check_secrets(&tserver, wolfssl_encryption_handshake, + DEFAULT_TLS_DIGEST_SZ, DEFAULT_TLS_DIGEST_SZ); + check_secrets(&tserver, wolfssl_encryption_application, + DEFAULT_TLS_DIGEST_SZ, DEFAULT_TLS_DIGEST_SZ); check_secrets(&tclient, wolfssl_encryption_handshake, 0, 0); /* feed the server data to the client */ QuicConversation_step(&conv, 0); /* client has generated handshake secret */ - check_secrets(&tclient, wolfssl_encryption_handshake, 32, 32); + check_secrets(&tclient, wolfssl_encryption_handshake, + DEFAULT_TLS_DIGEST_SZ, DEFAULT_TLS_DIGEST_SZ); /* continue the handshake till done */ conv.started = 1; /* run till end */ @@ -1156,8 +1164,10 @@ static int test_quic_server_hello(int verbose) { /* the last client write (FINISHED) was at handshake level */ AssertTrue(tclient.output.level == wolfssl_encryption_handshake); /* we have the app secrets */ - check_secrets(&tclient, wolfssl_encryption_application, 32, 32); - check_secrets(&tserver, wolfssl_encryption_application, 32, 32); + check_secrets(&tclient, wolfssl_encryption_application, + DEFAULT_TLS_DIGEST_SZ, DEFAULT_TLS_DIGEST_SZ); + check_secrets(&tserver, wolfssl_encryption_application, + DEFAULT_TLS_DIGEST_SZ, DEFAULT_TLS_DIGEST_SZ); /* verify client and server have the same secrets established */ assert_secrets_EQ(&tclient, &tserver, wolfssl_encryption_handshake); assert_secrets_EQ(&tclient, &tserver, wolfssl_encryption_application); diff --git a/wolfssl/test.h b/wolfssl/test.h index 769119a171..6b30f2375c 100644 --- a/wolfssl/test.h +++ b/wolfssl/test.h @@ -1958,7 +1958,11 @@ static WC_INLINE unsigned int my_psk_client_tls13_cb(WOLFSSL* ssl, key[i] = (unsigned char) b; } +#if defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256) + *ciphersuite = userCipher ? userCipher : "TLS13-AES256-GCM-SHA384"; +#else *ciphersuite = userCipher ? userCipher : "TLS13-AES128-GCM-SHA256"; +#endif ret = 32; /* length of key in octets or 0 for error */ @@ -1997,7 +2001,11 @@ static WC_INLINE unsigned int my_psk_server_tls13_cb(WOLFSSL* ssl, key[i] = (unsigned char) b; } +#if defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256) + *ciphersuite = userCipher ? userCipher : "TLS13-AES256-GCM-SHA384"; +#else *ciphersuite = userCipher ? userCipher : "TLS13-AES128-GCM-SHA256"; +#endif ret = 32; /* length of key in octets or 0 for error */