Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

EC_method support missing despite RSA_method being present #7508

Closed
schwabe opened this issue May 7, 2024 · 5 comments · Fixed by #7511
Closed

EC_method support missing despite RSA_method being present #7508

schwabe opened this issue May 7, 2024 · 5 comments · Fixed by #7511
Assignees
@julek-wolfssl

Comments

@schwabe
Copy link

schwabe commented May 7, 2024

Version

master of 2024-05-07

Description

While removing the OpenSSL 1.0.2 compatibility in OpenVPN (https://gerrit.openvpn.net/c/openvpn/+/559) I noticed that wolfSSL nows fails with missing EC_method support. It seems wolfSSL implements the RSA_method but not the EC_method
@dgarske
Copy link
Contributor

dgarske commented May 7, 2024

Hi @schwabe ,

Thank you for highlighting this OpenVPN issue. @julek-wolfssl will you take a look?

Thanks,
David Garske, wolfSSL

@julek-wolfssl
Copy link
Member

Thanks @schwabe for the report. I'll look into fixing this.

Juliusz

@julek-wolfssl julek-wolfssl linked a pull request May 8, 2024 that will close this issue
Stub EC_KEY_METHOD #7511
Merged
@julek-wolfssl
Copy link
Member

Hi @schwabe
I implemented stubs for the missing API at #7511. I needed to make the following changes to your patchset to get it compiling:

diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c
index 64ad3469..8f2724c1 100644
--- a/src/openvpn/crypto_openssl.c
+++ b/src/openvpn/crypto_openssl.c
@@ -1372,7 +1372,7 @@ out:
 
     return ret;
 }
-#elif !defined(LIBRESSL_VERSION_NUMBER)
+#elif !defined(LIBRESSL_VERSION_NUMBER) && !defined(WOLFSSL_VERSION)
 bool
 ssl_tls1_PRF(const uint8_t *seed, int seed_len, const uint8_t *secret,
              int secret_len, uint8_t *output, int output_len)
diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c
index efdd8829..3e18a5ba 100644
--- a/src/openvpn/ssl_openssl.c
+++ b/src/openvpn/ssl_openssl.c
@@ -2145,7 +2145,7 @@ print_server_tempkey(SSL *ssl, char *buf, size_t buflen)
     EVP_PKEY_free(pkey);
 }
 
-#if !defined(LIBRESSL_VERSION_NUMBER) \
+#if (!defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x1010000fL) \
     || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER >= 0x3090000fL)
 /**
  * Translate an OpenSSL NID into a more human readable name

Should I submit this patch to the mailing list or can you include it in your patchset?

Juliusz

@dgarske
Copy link
Contributor

dgarske commented May 13, 2024

Hi @schwabe ,

The PR #7511 has been merged. Please let us know if you have any further issues. Please mark this closed. Also let us know if you plan on implementing the patch suggested by Juliusz directly or if we should submit to the mailing list.

Thanks,
David Garske, wolfSSL

@schwabe
Copy link
Author

schwabe commented May 15, 2024

For the first problem of the TLS prf: https://gerrit.openvpn.net/c/openvpn/+/560 should take of that problem.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@julek-wolfssl julek-wolfssl

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Stub EC_KEY_METHOD julek-wolfssl/wolfssl
3 participants
@schwabe @dgarske @julek-wolfssl