Tests assume that ciphers using sha384 are first in the cipher suite …

…list

lib/cifra.c

@@ -23,10 +23,16 @@
 #include "picotls.h"
 #include "picotls/minicrypto.h"
 
-ptls_cipher_suite_t *ptls_minicrypto_cipher_suites[] = {&ptls_minicrypto_aes256gcmsha384, &ptls_minicrypto_aes128gcmsha256,
-                                                        &ptls_minicrypto_chacha20poly1305sha256,
+ptls_cipher_suite_t *ptls_minicrypto_cipher_suites[] = {// ciphers used with sha384 (must be first)
 #ifdef PTLS_HAVE_AEGIS
-                                                        &ptls_minicrypto_aegis128lsha256,
                                                         &ptls_minicrypto_aegis256sha384,
 #endif
+                                                        &ptls_minicrypto_aes256gcmsha384,
+
+                                                        // ciphers used with sha256
+#ifdef PTLS_HAVE_AEGIS
+                                                        &ptls_minicrypto_aegis128lsha256,
+#endif
+                                                        &ptls_minicrypto_aes128gcmsha256,
+                                                        &ptls_minicrypto_chacha20poly1305sha256,
                                                         NULL};

lib/cifra/libaegis.c

@@ -59,4 +59,4 @@ ptls_aead_algorithm_t ptls_minicrypto_aegis256 = {"AEGIS-256",
 ptls_cipher_suite_t ptls_minicrypto_aegis256sha384 = {.id = PTLS_CIPHER_SUITE_AEGIS256_SHA384,
                                                       .name = PTLS_CIPHER_SUITE_NAME_AEGIS256_SHA384,
                                                       .aead = &ptls_minicrypto_aegis256,
-                                                      .hash = &ptls_minicrypto_sha256};
+                                                      .hash = &ptls_minicrypto_sha384};

lib/openssl.c

@@ -2210,13 +2210,19 @@ ptls_cipher_suite_t ptls_openssl_aegis256sha384 = {.id = PTLS_CIPHER_SUITE_AEGIS
 
 
 
-ptls_cipher_suite_t *ptls_openssl_cipher_suites[] = {&ptls_openssl_aes256gcmsha384, &ptls_openssl_aes128gcmsha256,
-#if PTLS_OPENSSL_HAVE_CHACHA20_POLY1305
-                                                     &ptls_openssl_chacha20poly1305sha256,
+ptls_cipher_suite_t *ptls_openssl_cipher_suites[] = {// ciphers used with sha384 (must be first)
+#if PTLS_HAVE_AEGIS
+                                                     &ptls_openssl_aegis256sha384,
 #endif
+                                                     &ptls_openssl_aes256gcmsha384,
+
+                                                     // ciphers used with sha256
 #if PTLS_HAVE_AEGIS
                                                      &ptls_openssl_aegis128lsha256,
-                                                     &ptls_openssl_aegis256sha384,
+#endif
+                                                     &ptls_openssl_aes128gcmsha256,
+#if PTLS_OPENSSL_HAVE_CHACHA20_POLY1305
+                                                     &ptls_openssl_chacha20poly1305sha256,
 #endif
                                                      NULL};
 

t/openssl.c

@@ -562,9 +562,13 @@ int main(int argc, char **argv)
                                           .server = {.create_opener = &ech_create_opener,
                                                      .retry_configs = {(uint8_t *)ECH_CONFIG_LIST, sizeof(ECH_CONFIG_LIST) - 1}}},
                                   .sign_certificate = &openssl_sign_certificate.super};
-    assert(openssl_ctx.cipher_suites[0]->hash->digest_size == 48); /* sha384 */
+    assert(openssl_ctx.cipher_suites[0]->hash->digest_size == 48); /* aes256, sha384 */
     ptls_context_t openssl_ctx_sha256only = openssl_ctx;
     ++openssl_ctx_sha256only.cipher_suites;
+#ifdef PTLS_HAVE_AEGIS
+    assert(openssl_ctx.cipher_suites[0]->hash->digest_size == 48); /* aegis256, sha384 */
+    ++openssl_ctx_sha256only.cipher_suites;
+#endif
     assert(openssl_ctx_sha256only.cipher_suites[0]->hash->digest_size == 32); /* sha256 */
 
     ctx = ctx_peer = &openssl_ctx;