-
-
Notifications
You must be signed in to change notification settings - Fork 10.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Make EC code available from within the FIPS provider #9380
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not savvy enough re EC to give a functional comment... but code looks clean, so if CIs agree (and as long as @davidmakepeace's code is merged first), I'm fine with this.
You might want to ask someone with better EC knowledge to cast an eye on this as well.
Fixup commit pushed to address a travis failure. |
Looks like that wasn't the only failure.
It might be because |
#9111 is merged. |
Rebased this now that #9111 is merged. I've not looked at the travis failure yet. |
I can't recreate it locally, but I think I figured out the travis failure. Fixup commit pushed. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I did just a quick code review, without running any test, and so far it looks good to me (I will try to find more time to review properly).
Fixup commit pushed addressing the documentation feedback above. My earlier fixup does seem to have resolved the travis error. |
Now out of WIP. |
@@ -422,7 +447,8 @@ size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems); | |||
|
|||
const char *EC_curve_nid2nist(int nid); | |||
int EC_curve_nist2nid(const char *name); | |||
int EC_GROUP_check_named_curve(const EC_GROUP *group, int nist_only); | |||
int EC_GROUP_check_named_curve(const EC_GROUP *group, int nist_only, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You seem to add new functions with the _ex
suffix, which is commendable considering we want to avoid API breaks,... except here. Any reason why?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I believe it is because EC_GROUP_check_named_curve
is new functionality only existing in master
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah, ok
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes - exactly.
@mattcaswell what's the plan about Currently this wound not link with |
Oh - oops. Thanks for the hint. I forgot about those files. I've fixed that how and rebased due to a conflict with master. Please take another look. The Edited by @romen to correctly mention issue 9251 |
I will have a look, we might also want to rebase this on #9474 after it's merged |
Test that EC code works properly in the FIPS provider
Document the new EC functions that are OPENSSL_CTX aware.
Rebased to resolve a conflict with master. Ping? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
Pushed. Thanks! |
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> (Merged from #9380)
Test that EC code works properly in the FIPS provider Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> (Merged from #9380)
Document the new EC functions that are OPENSSL_CTX aware. Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> (Merged from #9380)
This is built on top of #9111 so until that is merged this one will remain in WIP. Only the last 3 commits are relevant to this PR.