Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug, openSSL compatibility]: #7391

Closed
laurenzfg opened this issue Apr 3, 2024 · 2 comments · Fixed by #7446
Closed

[Bug, openSSL compatibility]: #7391

laurenzfg opened this issue Apr 3, 2024 · 2 comments · Fixed by #7446
Assignees
@julek-wolfssl
Labels
bug

Comments

@laurenzfg
Copy link

laurenzfg commented Apr 3, 2024
edited
Loading

Contact Details

my first name is laurenz. E-Mail [firstname].grote@rwth-aachen.de

Version

reproduced in current HEAD c768f76

Description

Hello!

First and foremost thank you for the support provided so far. I am writing about an inconsistency with OpenSSL. In Wolf the function wolfSSL_CTX_set1_groups_list only accepts NIST Dh functions (e.g. prime256) , but not Bernstein DG functions such as X25519. This is because populate_groups in ssl.c refers to the dictionary kNistCurves in the same file, which lacks the Bernstein curves.
The analogous function SSL_CTX_set1_groups_list in OpenSSL accepts X25519, as also listed in their documentation: https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set1_groups_list.html`

I would suggest to extend the dicitionary by the Non-NIST Curves such that wolfSSL_CTX_set1_groups_list a) is compatible to OpenSSL and b) wolfSSL_CTX_set1_groups_list can supersede wolfSSL_CTX_set1_curves_list.

My configuration is:

./autogen.sh && ./configure --with-liboqs=/liboqs --enable-nullcipher --enable-psk --enable-opensslextra --enable-debug --enable-tls13 --enable-ecccustcurves --enable-brainpool --enable-curve25519 --enable-ed25519 --enable-curve448 --enable-ed448 CFLAGS="-DWOLFSSL_STATIC_RSA -DWOLFSSL_STATIC_DH -DKEEP_PEER_CERT -DHAVE_SECRET_CALLBACK -DHAVE_SUPPORTED_CURVES"

Many Thanks

Cheers

Laurenz

Reproduction steps

Apply
std::string name = "X25519"; wolfSSL_CTX_set1_curves_list(ctx, name.c_str()). Works!

Apply
std::string name = "X25519"; wolfSSL_CTX_set1_groups_list(ctx, name.c_str())). Error Unrecognized curve name in list!

But (in OpenSSL 3.1.1)
std::string name = "X25519"; SSL_CTX_set1_groups_list(ctx, name.c_str())). Works!

Relevant log output

No response
@laurenzfg laurenzfg added the bug label Apr 3, 2024
@laurenzfg
Copy link
Author

For the time being, I use this pattern as a bug fix:

if ((wolfSSL_CTX_set1_curves_list(ctx, mappedName.c_str()) || wolfSSL_CTX_set1_groups_list(ctx, (char*) mappedName.c_str()))!= 1) {

@embhorn embhorn assigned julek-wolfssl and unassigned embhorn Apr 3, 2024
@julek-wolfssl julek-wolfssl linked a pull request Apr 25, 2024 that will close this issue
hostap update #7446
Merged
@julek-wolfssl
Copy link
Member

Hi @laurenzfg

thank you for the report. A fix and refactor will be included in #7446.

Juliusz

julek-wolfssl added a commit to julek-wolfssl/wolfssl that referenced this issue May 8, 2024
@julek-wolfssl
Fix wolfSSL#7391
df425b3
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@julek-wolfssl julek-wolfssl

Labels
bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

hostap update julek-wolfssl/wolfssl
3 participants
@laurenzfg @embhorn @julek-wolfssl