sm2 failure and Legacy X25519 PKEY fails in SSL handshake

[naghaabirami]

Babassl branch:8.4.0

SM2 failure: Speed Command:./openssl speed -engine qatengine -async_jobs 72 sm2

Error: SM2 init failure. version: 3.0.3

Legacy X25519 and X448 PKEY fails in SSL handshake: Server command:./openssl s_server -engine qatengine -key server-rsa-pss8k.key.pem -cert server-rsa-pss8k.cert.pem -accept 443 -www -nbio -tls1_3 -curves X25519 Client command:/openssl s_time -connect 127.0.0.1:443 -new -ciphersuites TLS_AES_128_GCM_SHA256 -www 50x.html -time 5

Error: 40732410D57F0000:error:03000093:digital envelope routines:default_check:command not supported:crypto/evp/ctrl_params_translate.c:329: 40732410D57F0000:error:0A080006:SSL routines:ssl_generate_param_group:EVP lib:ssl/s3_lib.c:4055: 40732410D57F0000:error:0A00013A:SSL routines:tls_parse_ctos_key_share:unable to find ecdh parameters:ssl/statem/extensions_srvr.c:662:

[InfoHunter]

For X25519 issue, have you tried this patch: https://github.com/Tongsuo-Project/Tongsuo/pull/563/files

[InfoHunter]

For that SM2 part, I noticed you were using a QAT engine to do the real SM2 jobs. So is there any clue reported by the engine?

[naghaabirami]

For X25519 issue, have you tried this patch: https://github.com/Tongsuo-Project/Tongsuo/pull/563/files

With this patch issue not occurring. Can this patch be included in 8.4.0 or next release.

[naghaabirami]

For that SM2 part, I noticed you were using a QAT engine to do the real SM2 jobs. So is there any clue reported by the engine?

For sm2, keytype was missed. After adding keytype argument in EVP_PKEY_CTX_set_ec_paramgen_curve_nid API keytype is updating properly and working as expected. Created a PR https://github.com/Tongsuo-Project/Tongsuo/pull/590 .

[InfoHunter]

Can this patch be included in 8.4.0 or next release.

This patch is already in the 8.4-stable branch, so it will be with the next release (which is 8.4.1)

[bjayanax]

Hi, Any approximate date for 8.4.1 release?

[naghaabirami]

Any approximate date for 8.4.1 release?