-
Notifications
You must be signed in to change notification settings - Fork 29.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
crypto: add support for x25119 and x448 key pair generation #26774
Conversation
/cc @sam-github @tniessen |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The PR basically LGTM but can you also add regression tests to test/parallel/test-crypto-key-objects.js? Thanks.
indeed. coming up |
I guess we should be careful with supporting key types, but I don't have much experience around ECDH keys so I hope others do. |
See #26709 (comment). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't disagree but since it's mostly transparent to Node.js because it goes through openssl's EVP API, I don't see a problem with supporting them. |
The CI failures don't seem to be related to the PR. Ideas? |
CI is known to be flaky from time to time, let's see what happens when I resume it: https://ci.nodejs.org/job/node-test-pull-request/21671/ |
✅, ping the team? |
Co-Authored-By: panva <panva.ip@gmail.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think for the next key type, we are going to need to refactor our docs to have a section on key types, and the invalid messages will have to change to be "not a supported key type" rather than an ever growing list of types. But, that shouldn't block this.
Now that support for X25519 and X448 has been added, this function is not used exclusively for EdDSA keys anymore. PR-URL: #26900 Refs: #26774 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de> Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
@targos @BethGriggs This was landed on v11.x-staging, but it doesn't work against openssl 1.1.0, which doesn't support those. I found this while testing #26951 against openssl 1.1.0, you'll find out soon, too. So, I think it needs popping off of v11.x-staging, and to be backported. |
|
Oh, right, I forgot about that, too... We are targeting 1.1.1 but still allow linking against 1.1.0 IIRC :( |
when prepping the release, people don't pull a single commit onto v11.x-staging, run full ci, pull another, etc. They do more of a bulk, test, hope its good (it should be), pull a bunch more. Then narrow down problems to single commits if they occur. So, when @BethGriggs started work on 11.x, she would notice this. Maybe this is enough:
|
Or, you could just not backport it. it depends if you are hoping to get it onto an LTS release. It will come in 12.x, but 12.x won't be LTS until the fall. |
I'm quite sure I ran tests before pushing to staging. Is it supposed to fail? |
@targos the shared_openssl1.1.0 test won't pass, I'm not sure what you ran, was that test part of it? This is the one: the key types this PR adds support for aren't supported by openssl 1.1.0, so the test has to be skipped when node is built against that openssl version. |
OK, I removed it from staging |
Now that support for X25519 and X448 has been added, this function is not used exclusively for EdDSA keys anymore. PR-URL: #26900 Refs: #26774 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de> Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
This adds support for key pair generation for x25519 and x448 so that #26626 is one step closer.
Refs: #26626 - ECDH with x25519 and x448 keys
Checklist
make -j4 test
(UNIX), orvcbuild test
(Windows) passes