Make EC code available from within the FIPS provider#9380
Make EC code available from within the FIPS provider#9380mattcaswell wants to merge 3 commits intoopenssl:masterfrom
Conversation
levitte
left a comment
levitte
left a comment
There was a problem hiding this comment.
I'm not savvy enough re EC to give a functional comment... but code looks clean, so if CIs agree (and as long as @davidmakepeace's code is merged first), I'm fine with this.
You might want to ask someone with better EC knowledge to cast an eye on this as well.
|
Fixup commit pushed to address a travis failure. |
|
Looks like that wasn't the only failure. It might be because |
|
#9111 is merged. |
|
Rebased this now that #9111 is merged. I've not looked at the travis failure yet. |
|
I can't recreate it locally, but I think I figured out the travis failure. Fixup commit pushed. |
romen
left a comment
romen
left a comment
There was a problem hiding this comment.
I did just a quick code review, without running any test, and so far it looks good to me (I will try to find more time to review properly).
|
Fixup commit pushed addressing the documentation feedback above. My earlier fixup does seem to have resolved the travis error. |
mattcaswell
changed the title
|
Now out of WIP. |
| const char *EC_curve_nid2nist(int nid); | ||
| int EC_curve_nist2nid(const char *name); | ||
| int EC_GROUP_check_named_curve(const EC_GROUP *group, int nist_only); | ||
| int EC_GROUP_check_named_curve(const EC_GROUP *group, int nist_only, |
There was a problem hiding this comment.
You seem to add new functions with the _ex suffix, which is commendable considering we want to avoid API breaks,... except here. Any reason why?
There was a problem hiding this comment.
I believe it is because EC_GROUP_check_named_curve is new functionality only existing in master
|
@mattcaswell what's the plan about Currently this wound not link with |
Oh - oops. Thanks for the hint. I forgot about those files. I've fixed that how and rebased due to a conflict with master. Please take another look. The Edited by @romen to correctly mention issue 9251 |
|
I will have a look, we might also want to rebase this on #9474 after it's merged |
Test that EC code works properly in the FIPS provider
Document the new EC functions that are OPENSSL_CTX aware.
|
Rebased to resolve a conflict with master. Ping? |
|
Pushed. Thanks! |
Reviewed-by: Nicola Tuveri <[email protected]> (Merged from #9380)
Test that EC code works properly in the FIPS provider Reviewed-by: Nicola Tuveri <[email protected]> (Merged from #9380)
Document the new EC functions that are OPENSSL_CTX aware. Reviewed-by: Nicola Tuveri <[email protected]> (Merged from #9380)
4 participants
This is built on top of #9111 so until that is merged this one will remain in WIP. Only the last 3 commits are relevant to this PR.