Comments (4)
julek-wolfssl
commented on May 20, 2024
1
Hi @icing
I cleaned up the EVP layer usage in quic in a PR here: #7465. Thanks for the report.
Juliusz
from wolfssl.
nbars
commented on May 20, 2024
Hey,
Does this mean that instead of using the CCM mode, the CTR mode was always used?
from wolfssl.
icing
commented on May 20, 2024
QUIC handshake is now failing in tests at ngtcp2 and curl CI. Easiest to reproduce probably in ngtcp2.
Build https://github.com/ngtcp2/ngtcp2 as in the instructions with wolfssl and another tls lib (openssl-quictls or gnutls or boring). Run pytest:
> pytest -v -k test_01
examples/tests/test_01_handshake.py::TestHandshake::test_01_01_get[quictls-quictls] PASSED [ 6%]
examples/tests/test_01_handshake.py::TestHandshake::test_01_01_get[quictls-boringssl] PASSED [ 12%]
examples/tests/test_01_handshake.py::TestHandshake::test_01_01_get[quictls-picotls] PASSED [ 18%]
examples/tests/test_01_handshake.py::TestHandshake::test_01_01_get[quictls-wolfssl] FAILED [ 25%]
examples/tests/test_01_handshake.py::TestHandshake::test_01_01_get[boringssl-quictls] PASSED [ 31%]
examples/tests/test_01_handshake.py::TestHandshake::test_01_01_get[boringssl-boringssl] PASSED [ 37%]
examples/tests/test_01_handshake.py::TestHandshake::test_01_01_get[boringssl-picotls] PASSED [ 43%]
examples/tests/test_01_handshake.py::TestHandshake::test_01_01_get[boringssl-wolfssl] FAILED [ 50%]
examples/tests/test_01_handshake.py::TestHandshake::test_01_01_get[picotls-quictls] PASSED [ 56%]
examples/tests/test_01_handshake.py::TestHandshake::test_01_01_get[picotls-boringssl] PASSED [ 62%]
examples/tests/test_01_handshake.py::TestHandshake::test_01_01_get[picotls-picotls] PASSED [ 68%]
...
You see that wolfssl can only connect if it is used in client and server. The problem seems to be cipher selection as in the logs you'll see ` pkt packet has incorrect reserved bits...pkt could not decrypt packet payload"
from wolfssl.
julek-wolfssl
commented on May 20, 2024
#7477 will fix that. My previous commit was wrongly assuming what wolfSSL_quic_get_hp is returning. It would be nice for ngtcp2_crypto_hp_mask to include an explanation why CTR is necessary instead of ECB for AES.
from wolfssl.
Related Issues (20)
- Both `--enable-lms` and `--enable-xmss`?
- Unexpected behavior with --enable-sslextra HOT 2
- [Bug]: ImportError: /usr/lib/python3.9/site-packages/wolfcrypt/_ffi.abi3.so: undefined symbol: wc_DerToPemEx HOT 3
- The DTLS1.3 protocol is compatible with DTLS1.2. Is there a compatible interface in wolfssl? For example, if the client is DTLS1.3 and the server is DTLS1.2, how do I achieve compatibility HOT 1
- Does wolf ssl support extract OID field from x.509 certificate
- Ada wrapper incorrectly sets verification method for remote peers HOT 11
- [Bug]: C:/Users/EDS/Desktop/wallfssl/wolfssl/IDE/IAR-EWARM/Projects/lib/ewarm/Exe/wolfSSL-Lib.a', needed by 'C:/Users/EDS/Desktop/wallfssl/wolfssl/IDE/IAR-EWARM/Projects/benchmark/ewarm/Exe/benchmark.out', missing and no known rule to make it when make build of IAR-EWARM then coming this issue file not wolfSSL-Lib.a HOT 2
- [Bug]: PKCS11 issue with wc_ecc_init_ex() HOT 4
- [Bug]: wolfSSL_check_domain_name for QUIC returns ok for failed SAN check HOT 1
- EC_method support missing despite RSA_method being present HOT 5
- Ed25519 signature verification bug HOT 2
- [Bug]: DTLS 1.2 handshake fails when 2 packets arrive OOO HOT 12
- [Bug]: wc_Curve448PublicKeyToDer returns error when output is NULL HOT 1
- Support for chrome and X25519Kyber512Draft00 HOT 4
- How can I contact [email protected] HOT 2
- multiplication by 0 in wc_ecc_mulmod and point at infinity HOT 3
- [Bug]: PlatformIO without SINGLE_THREADED causes fatal error: semphr.h: No such file
- [Bug]: Forcing FreeRTOS Espressif to SINGLE_THREADED causes SHA256 test failure HOT 1
- Request more openssl compatibility for gSOAP. HOT 2
- Trying to understand the implementation of the function - ge_double_scalarmult_vartime HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from wolfssl.