-
Notifications
You must be signed in to change notification settings - Fork 30.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
tls: fix getEphemeralKeyInfo to support X25519 #20273
Conversation
`EVP_PKEY_EC` only covers ANSI X9.62 curves not IETF ones(curve25519 and curve448). This fixes to add support of X25519 in `tlsSocket.getEphemeralKeyInfo()`. X448 should be added in the future upgrade to OpenSSL-1.1.1.
@nodejs/crypto |
Only on AIX, something wrong in test-https-agent-additional-options. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, thanks.
src/node_crypto.cc
Outdated
EC_KEY* ec = EVP_PKEY_get1_EC_KEY(key); | ||
int nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec)); | ||
EC_KEY_free(ec); | ||
const char *curve_name; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Style: star leans left.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixed.
info->Set(context, env->type_string(), | ||
FIXED_ONE_BYTE_STRING(env->isolate(), "ECDH")).FromJust(); | ||
info->Set(context, env->name_string(), | ||
OneByteString(args.GetIsolate(), | ||
OBJ_nid2sn(nid))).FromJust(); | ||
curve_name)).FromJust(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Since you're here, can you insert a break;
statement on line 2151? That's a subtle footgun waiting to go off.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixed. Thanks.
CI runs again in https://ci.nodejs.org/job/node-test-pull-request/14493/. |
node-test-commit-aix re-run: https://ci.nodejs.org/job/node-test-commit-aix/14495/ |
`EVP_PKEY_EC` only covers ANSI X9.62 curves not IETF ones(curve25519 and curve448). This fixes to add support of X25519 in `tlsSocket.getEphemeralKeyInfo()`. X448 should be added in the future upgrade to OpenSSL-1.1.1. PR-URL: nodejs#20273 Fixes: nodejs#20262 Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Landed in c51b7b2 🎉 |
`EVP_PKEY_EC` only covers ANSI X9.62 curves not IETF ones(curve25519 and curve448). This fixes to add support of X25519 in `tlsSocket.getEphemeralKeyInfo()`. X448 should be added in the future upgrade to OpenSSL-1.1.1. PR-URL: #20273 Fixes: #20262 Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Tobias Nießen <tniessen@tnie.de>
EVP_PKEY_EC
only covers ANSI X9.62 curves not IETF ones(curve25519 and curve448).This fixes to add support of X25519 in
tlsSocket.getEphemeralKeyInfo()
.X448 should be added in the future upgrade to OpenSSL-1.1.1.
Fixes: #20262
Checklist
make -j4 test
(UNIX), orvcbuild test
(Windows) passesCC @bnoordhuis