From 82fca1c483e775c9322b2da1a603239d07b7760e Mon Sep 17 00:00:00 2001 From: aidan garske Date: Thu, 11 Jul 2024 15:52:26 -0700 Subject: [PATCH 1/5] `InitSuites` changes to order making `BUILD_TLS_AES_256_GCM_SHA384` be prioritized over `BUILD_TLS_AES_128_GCM_SHA256` --- src/internal.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/internal.c b/src/internal.c index 7a2690ed84..37809668dd 100644 --- a/src/internal.c +++ b/src/internal.c @@ -3304,17 +3304,17 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, return; /* trust user settings, don't override */ #ifdef WOLFSSL_TLS13 -#ifdef BUILD_TLS_AES_128_GCM_SHA256 +#ifdef BUILD_TLS_AES_256_GCM_SHA384 if (tls1_3) { suites->suites[idx++] = TLS13_BYTE; - suites->suites[idx++] = TLS_AES_128_GCM_SHA256; + suites->suites[idx++] = TLS_AES_256_GCM_SHA384; } #endif -#ifdef BUILD_TLS_AES_256_GCM_SHA384 +#ifdef BUILD_TLS_AES_128_GCM_SHA256 if (tls1_3) { suites->suites[idx++] = TLS13_BYTE; - suites->suites[idx++] = TLS_AES_256_GCM_SHA384; + suites->suites[idx++] = TLS_AES_128_GCM_SHA256; } #endif From f8814fb68f311a62e618cba7618c9e4a9def1229 Mon Sep 17 00:00:00 2001 From: aidan garske Date: Mon, 15 Jul 2024 13:21:48 -0700 Subject: [PATCH 2/5] `InitSuites` changes to order making `BUILD_TLS_AES_256_GCM_SHA384` be prioritized over `BUILD_TLS_AES_128_GCM_SHA256` to match TLS 1.2. --- src/internal.c | 8 ++++---- src/ssl.c | 4 ++-- tests/api.c | 41 ++++++++++++++++++----------------------- tests/quic.c | 20 +++++++++++++++----- wolfssl/test.h | 8 ++++++++ 5 files changed, 47 insertions(+), 34 deletions(-) diff --git a/src/internal.c b/src/internal.c index 7a2690ed84..37809668dd 100644 --- a/src/internal.c +++ b/src/internal.c @@ -3304,17 +3304,17 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, return; /* trust user settings, don't override */ #ifdef WOLFSSL_TLS13 -#ifdef BUILD_TLS_AES_128_GCM_SHA256 +#ifdef BUILD_TLS_AES_256_GCM_SHA384 if (tls1_3) { suites->suites[idx++] = TLS13_BYTE; - suites->suites[idx++] = TLS_AES_128_GCM_SHA256; + suites->suites[idx++] = TLS_AES_256_GCM_SHA384; } #endif -#ifdef BUILD_TLS_AES_256_GCM_SHA384 +#ifdef BUILD_TLS_AES_128_GCM_SHA256 if (tls1_3) { suites->suites[idx++] = TLS13_BYTE; - suites->suites[idx++] = TLS_AES_256_GCM_SHA384; + suites->suites[idx++] = TLS_AES_128_GCM_SHA256; } #endif diff --git a/src/ssl.c b/src/ssl.c index 9ba891d629..c0e3e54aae 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -19632,10 +19632,10 @@ long wolfSSL_CTX_ctrl(WOLFSSL_CTX* ctx, int cmd, long opt, void* pt) if ((ctrl_opt & WOLFSSL_OP_CIPHER_SERVER_PREFERENCE) == WOLFSSL_OP_CIPHER_SERVER_PREFERENCE) { WOLFSSL_MSG("Using Server's Cipher Preference."); - ctx->useClientOrder = FALSE; + ctx->useClientOrder = 0; } else { WOLFSSL_MSG("Using Client's Cipher Preference."); - ctx->useClientOrder = TRUE; + ctx->useClientOrder = 1; } #endif /* WOLFSSL_QT */ diff --git a/tests/api.c b/tests/api.c index 5b19169a5e..31848af78f 100644 --- a/tests/api.c +++ b/tests/api.c @@ -6495,15 +6495,10 @@ static int test_wolfSSL_EVP_CIPHER_CTX(void) #if defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) || \ defined(HAVE_IO_TESTS_DEPENDENCIES) #ifdef WOLFSSL_HAVE_TLS_UNIQUE - #ifdef WC_SHA512_DIGEST_SIZE - #define MD_MAX_SIZE WC_SHA512_DIGEST_SIZE - #else - #define MD_MAX_SIZE WC_SHA256_DIGEST_SIZE - #endif - byte server_side_msg1[MD_MAX_SIZE] = {0};/* msg sent by server */ - byte server_side_msg2[MD_MAX_SIZE] = {0};/* msg received from client */ - byte client_side_msg1[MD_MAX_SIZE] = {0};/* msg sent by client */ - byte client_side_msg2[MD_MAX_SIZE] = {0};/* msg received from server */ + byte server_side_msg1[WC_MAX_DIGEST_SIZE] = {0};/* msg sent by server */ + byte server_side_msg2[WC_MAX_DIGEST_SIZE] = {0};/* msg received from client */ + byte client_side_msg1[WC_MAX_DIGEST_SIZE] = {0};/* msg sent by client */ + byte client_side_msg2[WC_MAX_DIGEST_SIZE] = {0};/* msg received from server */ #endif /* WOLFSSL_HAVE_TLS_UNIQUE */ /* TODO: Expand and enable this when EVP_chacha20_poly1305 is supported */ @@ -7049,14 +7044,14 @@ int test_wolfSSL_client_server_nofail_memio(test_ssl_cbf* client_cb, TEST_SUCCESS); } #ifdef WOLFSSL_HAVE_TLS_UNIQUE - XMEMSET(server_side_msg2, 0, MD_MAX_SIZE); + XMEMSET(server_side_msg2, 0, WC_MAX_DIGEST_SIZE); msg_len = wolfSSL_get_peer_finished(test_ctx.s_ssl, server_side_msg2, - MD_MAX_SIZE); + WC_MAX_DIGEST_SIZE); ExpectIntGE(msg_len, 0); - XMEMSET(server_side_msg1, 0, MD_MAX_SIZE); + XMEMSET(server_side_msg1, 0, WC_MAX_DIGEST_SIZE); msg_len = wolfSSL_get_finished(test_ctx.s_ssl, server_side_msg1, - MD_MAX_SIZE); + WC_MAX_DIGEST_SIZE); ExpectIntGE(msg_len, 0); #endif /* WOLFSSL_HAVE_TLS_UNIQUE */ @@ -7420,12 +7415,12 @@ static THREAD_RETURN WOLFSSL_THREAD test_server_nofail(void* args) } #ifdef WOLFSSL_HAVE_TLS_UNIQUE - XMEMSET(server_side_msg2, 0, MD_MAX_SIZE); - msg_len = wolfSSL_get_peer_finished(ssl, server_side_msg2, MD_MAX_SIZE); + XMEMSET(server_side_msg2, 0, WC_MAX_DIGEST_SIZE); + msg_len = wolfSSL_get_peer_finished(ssl, server_side_msg2, WC_MAX_DIGEST_SIZE); AssertIntGE(msg_len, 0); - XMEMSET(server_side_msg1, 0, MD_MAX_SIZE); - msg_len = wolfSSL_get_finished(ssl, server_side_msg1, MD_MAX_SIZE); + XMEMSET(server_side_msg1, 0, WC_MAX_DIGEST_SIZE); + msg_len = wolfSSL_get_finished(ssl, server_side_msg1, WC_MAX_DIGEST_SIZE); AssertIntGE(msg_len, 0); #endif /* WOLFSSL_HAVE_TLS_UNIQUE */ @@ -9044,12 +9039,12 @@ static int test_wolfSSL_get_finished_client_on_handshake(WOLFSSL_CTX* ctx, /* get_finished test */ /* 1. get own sent message */ - XMEMSET(client_side_msg1, 0, MD_MAX_SIZE); - msg_len = wolfSSL_get_finished(ssl, client_side_msg1, MD_MAX_SIZE); + XMEMSET(client_side_msg1, 0, WC_MAX_DIGEST_SIZE); + msg_len = wolfSSL_get_finished(ssl, client_side_msg1, WC_MAX_DIGEST_SIZE); ExpectIntGE(msg_len, 0); /* 2. get peer message */ - XMEMSET(client_side_msg2, 0, MD_MAX_SIZE); - msg_len = wolfSSL_get_peer_finished(ssl, client_side_msg2, MD_MAX_SIZE); + XMEMSET(client_side_msg2, 0, WC_MAX_DIGEST_SIZE); + msg_len = wolfSSL_get_peer_finished(ssl, client_side_msg2, WC_MAX_DIGEST_SIZE); ExpectIntGE(msg_len, 0); return EXPECT_RESULT(); @@ -9072,8 +9067,8 @@ static int test_wolfSSL_get_finished(void) TEST_SUCCESS); /* test received msg vs sent msg */ - ExpectIntEQ(0, XMEMCMP(client_side_msg1, server_side_msg2, MD_MAX_SIZE)); - ExpectIntEQ(0, XMEMCMP(client_side_msg2, server_side_msg1, MD_MAX_SIZE)); + ExpectIntEQ(0, XMEMCMP(client_side_msg1, server_side_msg2, WC_MAX_DIGEST_SIZE)); + ExpectIntEQ(0, XMEMCMP(client_side_msg2, server_side_msg1, WC_MAX_DIGEST_SIZE)); #endif /* HAVE_SSL_MEMIO_TESTS_DEPENDENCIES && WOLFSSL_HAVE_TLS_UNIQUE */ return EXPECT_RESULT(); diff --git a/tests/quic.c b/tests/quic.c index 4c5de68bda..30da859f36 100644 --- a/tests/quic.c +++ b/tests/quic.c @@ -41,6 +41,11 @@ #include #include +#if defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256) + #define DEFAULT_TLS_DIGEST_SZ WC_SHA384_DIGEST_SIZE +#else + #define DEFAULT_TLS_DIGEST_SZ WC_SHA256_DIGEST_SIZE +#endif #define testingFmt " %s:" #define resultFmt " %s\n" @@ -1126,13 +1131,16 @@ static int test_quic_server_hello(int verbose) { QuicConversation_step(&conv, 0); /* check established/missing secrets */ check_secrets(&tserver, wolfssl_encryption_initial, 0, 0); - check_secrets(&tserver, wolfssl_encryption_handshake, 32, 32); - check_secrets(&tserver, wolfssl_encryption_application, 32, 32); + check_secrets(&tserver, wolfssl_encryption_handshake, + DEFAULT_TLS_DIGEST_SZ, DEFAULT_TLS_DIGEST_SZ); + check_secrets(&tserver, wolfssl_encryption_application, + DEFAULT_TLS_DIGEST_SZ, DEFAULT_TLS_DIGEST_SZ); check_secrets(&tclient, wolfssl_encryption_handshake, 0, 0); /* feed the server data to the client */ QuicConversation_step(&conv, 0); /* client has generated handshake secret */ - check_secrets(&tclient, wolfssl_encryption_handshake, 32, 32); + check_secrets(&tclient, wolfssl_encryption_handshake, + DEFAULT_TLS_DIGEST_SZ, DEFAULT_TLS_DIGEST_SZ); /* continue the handshake till done */ conv.started = 1; /* run till end */ @@ -1155,8 +1163,10 @@ static int test_quic_server_hello(int verbose) { /* the last client write (FINISHED) was at handshake level */ AssertTrue(tclient.output.level == wolfssl_encryption_handshake); /* we have the app secrets */ - check_secrets(&tclient, wolfssl_encryption_application, 32, 32); - check_secrets(&tserver, wolfssl_encryption_application, 32, 32); + check_secrets(&tclient, wolfssl_encryption_application, + DEFAULT_TLS_DIGEST_SZ, DEFAULT_TLS_DIGEST_SZ); + check_secrets(&tserver, wolfssl_encryption_application, + DEFAULT_TLS_DIGEST_SZ, DEFAULT_TLS_DIGEST_SZ); /* verify client and server have the same secrets established */ assert_secrets_EQ(&tclient, &tserver, wolfssl_encryption_handshake); assert_secrets_EQ(&tclient, &tserver, wolfssl_encryption_application); diff --git a/wolfssl/test.h b/wolfssl/test.h index 4dd6320e74..ba4105d3eb 100644 --- a/wolfssl/test.h +++ b/wolfssl/test.h @@ -1947,7 +1947,11 @@ static WC_INLINE unsigned int my_psk_client_tls13_cb(WOLFSSL* ssl, key[i] = (unsigned char) b; } +#if defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256) + *ciphersuite = userCipher ? userCipher : "TLS13-AES256-GCM-SHA384"; +#else *ciphersuite = userCipher ? userCipher : "TLS13-AES128-GCM-SHA256"; +#endif ret = 32; /* length of key in octets or 0 for error */ @@ -1986,7 +1990,11 @@ static WC_INLINE unsigned int my_psk_server_tls13_cb(WOLFSSL* ssl, key[i] = (unsigned char) b; } +#if defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256) + *ciphersuite = userCipher ? userCipher : "TLS13-AES256-GCM-SHA384"; +#else *ciphersuite = userCipher ? userCipher : "TLS13-AES128-GCM-SHA256"; +#endif ret = 32; /* length of key in octets or 0 for error */ From 337a34246e7ddf0ed82ef25526f4adfab0b6c53a Mon Sep 17 00:00:00 2001 From: aidan garske Date: Mon, 18 Nov 2024 13:54:38 -0800 Subject: [PATCH 3/5] xmemset fix for init suites changes --- tests/api.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/tests/api.c b/tests/api.c index 4b94fac245..0df7d39370 100644 --- a/tests/api.c +++ b/tests/api.c @@ -7121,10 +7121,15 @@ static int test_wolfSSL_EVP_CIPHER_CTX(void) #if defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) || \ defined(HAVE_IO_TESTS_DEPENDENCIES) #ifdef WOLFSSL_HAVE_TLS_UNIQUE - byte server_side_msg1[WC_MAX_DIGEST_SIZE] = {0};/* msg sent by server */ - byte server_side_msg2[WC_MAX_DIGEST_SIZE] = {0};/* msg received from client */ - byte client_side_msg1[WC_MAX_DIGEST_SIZE] = {0};/* msg sent by client */ - byte client_side_msg2[WC_MAX_DIGEST_SIZE] = {0};/* msg received from server */ + byte server_side_msg1[WC_MAX_DIGEST_SIZE]; /* msg sent by server */ + byte server_side_msg2[WC_MAX_DIGEST_SIZE]; /* msg received from client */ + byte client_side_msg1[WC_MAX_DIGEST_SIZE]; /* msg sent by client */ + byte client_side_msg2[WC_MAX_DIGEST_SIZE]; /* msg received from server */ + + XMEMSET(server_side_msg1, 0, WC_MAX_DIGEST_SIZE); + XMEMSET(server_side_msg2, 0, WC_MAX_DIGEST_SIZE); + XMEMSET(client_side_msg1, 0, WC_MAX_DIGEST_SIZE); + XMEMSET(client_side_msg2, 0, WC_MAX_DIGEST_SIZE); #endif /* WOLFSSL_HAVE_TLS_UNIQUE */ /* TODO: Expand and enable this when EVP_chacha20_poly1305 is supported */ From 6625d90f7fa032312a8948b803c0878a9b58001d Mon Sep 17 00:00:00 2001 From: aidan garske Date: Mon, 18 Nov 2024 14:20:14 -0800 Subject: [PATCH 4/5] reverted xmemset changes already done --- tests/api.c | 11 ----------- 1 file changed, 11 deletions(-) diff --git a/tests/api.c b/tests/api.c index 0df7d39370..985579fe00 100644 --- a/tests/api.c +++ b/tests/api.c @@ -7120,17 +7120,6 @@ static int test_wolfSSL_EVP_CIPHER_CTX(void) #if defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) || \ defined(HAVE_IO_TESTS_DEPENDENCIES) -#ifdef WOLFSSL_HAVE_TLS_UNIQUE - byte server_side_msg1[WC_MAX_DIGEST_SIZE]; /* msg sent by server */ - byte server_side_msg2[WC_MAX_DIGEST_SIZE]; /* msg received from client */ - byte client_side_msg1[WC_MAX_DIGEST_SIZE]; /* msg sent by client */ - byte client_side_msg2[WC_MAX_DIGEST_SIZE]; /* msg received from server */ - - XMEMSET(server_side_msg1, 0, WC_MAX_DIGEST_SIZE); - XMEMSET(server_side_msg2, 0, WC_MAX_DIGEST_SIZE); - XMEMSET(client_side_msg1, 0, WC_MAX_DIGEST_SIZE); - XMEMSET(client_side_msg2, 0, WC_MAX_DIGEST_SIZE); -#endif /* WOLFSSL_HAVE_TLS_UNIQUE */ /* TODO: Expand and enable this when EVP_chacha20_poly1305 is supported */ #if defined(HAVE_SESSION_TICKET) && defined(OPENSSL_EXTRA) && \ From 43cea3e964bc9dab6a2efc4ab1ef020a0b98e6ad Mon Sep 17 00:00:00 2001 From: aidan garske Date: Mon, 18 Nov 2024 14:27:33 -0800 Subject: [PATCH 5/5] fix xmemset --- tests/api.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/tests/api.c b/tests/api.c index 985579fe00..b353a6a827 100644 --- a/tests/api.c +++ b/tests/api.c @@ -7120,6 +7120,12 @@ static int test_wolfSSL_EVP_CIPHER_CTX(void) #if defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) || \ defined(HAVE_IO_TESTS_DEPENDENCIES) +#ifdef WOLFSSL_HAVE_TLS_UNIQUE + byte server_side_msg1[WC_MAX_DIGEST_SIZE]; /* msg sent by server */ + byte server_side_msg2[WC_MAX_DIGEST_SIZE]; /* msg received from client */ + byte client_side_msg1[WC_MAX_DIGEST_SIZE]; /* msg sent by client */ + byte client_side_msg2[WC_MAX_DIGEST_SIZE]; /* msg received from server */ +#endif /* WOLFSSL_HAVE_TLS_UNIQUE */ /* TODO: Expand and enable this when EVP_chacha20_poly1305 is supported */ #if defined(HAVE_SESSION_TICKET) && defined(OPENSSL_EXTRA) && \