ecx: add key generation support.#11371
Conversation
|
Very early WIP, TLS tests are completely broken. |
|
In travis it doesnt get past
|
|
Failure in ./test/evp_test ./test/recipes/30-test_evp_data/evppkey.txt is in fips mode as these are not in the fips module. |
|
It looks like you broke it good :) |
|
Pauli just having a cursory look at a failure in ssl_test_old: I think it generates one of your new keys and then runs.. static int add_key_share(SSL *s, WPACKET pkt, unsigned int curve_id) which then calls rv = evp_pkey_asn1_ctrl(pkey, ASN1_PKEY_CTRL_GET1_TLS_ENCPT, 0, ppt); which probably then calls legacy_asn1_ctrl_to_param which will not handle ASN1_PKEY_CTRL_GET1_TLS_ENCPT and then return -2; @mattcaswell you may already be aware of this? |
|
I added these in FIPS mode. I suspect there are things that have been missed so far. |
Yes - I made the same note here wrt ec keymgmt: |
paulidale
force-pushed
the
ecx_keygen
branch
2 times, most recently
from
2f0aea7 to
6485f4c
Compare
|
Failing in the TLS tests, but finally passing the EVP ones. |
paulidale
force-pushed
the
ecx_keygen
branch
8 times, most recently
from
80a6c9e to
12c5018
Compare
|
This seems to be close now, the TLS tests are rubbish but otherwise it seems to work. After building this branch: Then on a fresh 3.0 (master) build: I get:
Where |
|
Can this be rebased? Will the various fixes that @levitte put in help with the TLS failures now? |
|
Just needs a rebase (to address the merge conflicts) and this fix, and all the tests will start passing: diff --git a/crypto/evp/pmeth_gn.c b/crypto/evp/pmeth_gn.c
index 67800282de..9a7cdcf591 100644
--- a/crypto/evp/pmeth_gn.c
+++ b/crypto/evp/pmeth_gn.c
@@ -155,8 +155,9 @@ int EVP_PKEY_gen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey)
if (keydata == NULL)
goto not_supported;
- ret = evp_keymgmt_gen_set_template(ctx->keymgmt,
- ctx->op.keymgmt.genctx, keydata);
+ if (ctx->keymgmt->gen_set_template != NULL)
+ ret = evp_keymgmt_gen_set_template(ctx->keymgmt,
+ ctx->op.keymgmt.genctx, keydata);
}
/* |
mattcaswell
left a comment
mattcaswell
left a comment
There was a problem hiding this comment.
Approved on the assumption that #11550 is merged first and the "TLS test fixes" commit is dropped from here following a rebase (and CIs are still ok with it).
mattcaswell
added
the
approval: done
|
I've removed the commit. The CIs are expected to fail at this point. Once #11550 is merged, I'll rebase and confirm the CIs pass. |
|
24 hours has passed since 'approval: done' was set, but as this PR has been updated in that time the label 'approval: ready to merge' is not being automatically set. Please review the updates and set the label manually. |
Specifically for x25519, x448, ed25519 and ed448.
…on-approved algorithms
Also note how to select them.
Reviewed-by: Matt Caswell <[email protected]> (Merged from #11371)
Specifically for x25519, x448, ed25519 and ed448. Reviewed-by: Matt Caswell <[email protected]> (Merged from #11371)
Reviewed-by: Matt Caswell <[email protected]> (Merged from #11371)
Reviewed-by: Matt Caswell <[email protected]> (Merged from #11371)
Reviewed-by: Matt Caswell <[email protected]> (Merged from #11371)
…on-approved algorithms Reviewed-by: Matt Caswell <[email protected]> (Merged from #11371)
Also note how to select them. Reviewed-by: Matt Caswell <[email protected]> (Merged from #11371)
|
Travis is happy, merged. Thanks for all the input and assistance. |
6 participants
X25519, X448, Ed25519 and Ed448.