search

Tongsuo-Project / Tongsuo

铜锁/Tongsuo is a Modern Cryptographic Primitives and Protocols Library
https://www.tongsuo.net
Apache License 2.0
1.15k stars 184 forks source link

sm2 failure and Legacy X25519 PKEY fails in SSL handshake #589

Open naghaabirami opened 8 months ago

naghaabirami commented 8 months ago

Babassl branch:8.4.0

SM2 failure: Speed Command:./openssl speed -engine qatengine -async_jobs 72 sm2

Error: SM2 init failure. version: 3.0.3

Legacy X25519 and X448 PKEY fails in SSL handshake: Server command:./openssl s_server -engine qatengine -key server-rsa-pss8k.key.pem -cert server-rsa-pss8k.cert.pem -accept 443 -www -nbio -tls1_3 -curves X25519 Client command:/openssl s_time -connect 127.0.0.1:443 -new -ciphersuites TLS_AES_128_GCM_SHA256 -www 50x.html -time 5

Error: 40732410D57F0000:error:03000093:digital envelope routines:default_check:command not supported:crypto/evp/ctrl_params_translate.c:329: 40732410D57F0000:error:0A080006:SSL routines:ssl_generate_param_group:EVP lib:ssl/s3_lib.c:4055: 40732410D57F0000:error:0A00013A:SSL routines:tls_parse_ctos_key_share:unable to find ecdh parameters:ssl/statem/extensions_srvr.c:662:

InfoHunter commented 8 months ago

For X25519 issue, have you tried this patch: https://github.com/Tongsuo-Project/Tongsuo/pull/563/files

InfoHunter commented 8 months ago

For that SM2 part, I noticed you were using a QAT engine to do the real SM2 jobs. So is there any clue reported by the engine?

naghaabirami commented 8 months ago

For X25519 issue, have you tried this patch: https://github.com/Tongsuo-Project/Tongsuo/pull/563/files

With this patch issue not occurring. Can this patch be included in 8.4.0 or next release.

naghaabirami commented 8 months ago

For that SM2 part, I noticed you were using a QAT engine to do the real SM2 jobs. So is there any clue reported by the engine?

For sm2, keytype was missed. After adding keytype argument in EVP_PKEY_CTX_set_ec_paramgen_curve_nid API keytype is updating properly and working as expected. Created a PR https://github.com/Tongsuo-Project/Tongsuo/pull/590 .

InfoHunter commented 8 months ago

Can this patch be included in 8.4.0 or next release.

This patch is already in the 8.4-stable branch, so it will be with the next release (which is 8.4.1)

bjayanax commented 4 months ago

Hi, Any approximate date for 8.4.1 release?

naghaabirami commented 2 months ago

Any approximate date for 8.4.1 release?

bjayanax commented 3 weeks ago

Hi Any approximate date for 8.4.1 release?