-
Notifications
You must be signed in to change notification settings - Fork 822
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Bug, openSSL compatibility]: #7391
Labels
Comments
For the time being, I use this pattern as a bug fix:
|
Merged
Hi @laurenzfg thank you for the report. A fix and refactor will be included in #7446. Juliusz |
julek-wolfssl
added a commit
to julek-wolfssl/wolfssl
that referenced
this issue
May 8, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Contact Details
my first name is laurenz. E-Mail [firstname].grote@rwth-aachen.de
Version
reproduced in current HEAD c768f76
Description
Hello!
First and foremost thank you for the support provided so far. I am writing about an inconsistency with OpenSSL. In Wolf the function
wolfSSL_CTX_set1_groups_list
only accepts NIST Dh functions (e.g. prime256) , but not Bernstein DG functions such asX25519
. This is becausepopulate_groups
inssl.c
refers to the dictionarykNistCurves
in the same file, which lacks the Bernstein curves.The analogous function
SSL_CTX_set1_groups_list
in OpenSSL accepts X25519, as also listed in their documentation: https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set1_groups_list.html`I would suggest to extend the dicitionary by the Non-NIST Curves such that
wolfSSL_CTX_set1_groups_list
a) is compatible to OpenSSL and b)wolfSSL_CTX_set1_groups_list
can supersedewolfSSL_CTX_set1_curves_list
.My configuration is:
./autogen.sh && ./configure --with-liboqs=/liboqs --enable-nullcipher --enable-psk --enable-opensslextra --enable-debug --enable-tls13 --enable-ecccustcurves --enable-brainpool --enable-curve25519 --enable-ed25519 --enable-curve448 --enable-ed448 CFLAGS="-DWOLFSSL_STATIC_RSA -DWOLFSSL_STATIC_DH -DKEEP_PEER_CERT -DHAVE_SECRET_CALLBACK -DHAVE_SUPPORTED_CURVES"
Many Thanks
Cheers
Laurenz
Reproduction steps
Apply
std::string name = "X25519"; wolfSSL_CTX_set1_curves_list(ctx, name.c_str())
. Works!Apply
std::string name = "X25519"; wolfSSL_CTX_set1_groups_list(ctx, name.c_str()))
. ErrorUnrecognized curve name in list
!But (in OpenSSL 3.1.1)
std::string name = "X25519"; SSL_CTX_set1_groups_list(ctx, name.c_str()))
. Works!Relevant log output
No response
The text was updated successfully, but these errors were encountered: