boringssl

History

David Benjamin 8cbb5f8f20 Add a very roundabout EC keygen API. OpenSSL's EVP-level EC API involves a separate "paramgen" operation, which is ultimately just a roundabout way to go from a NID to an EC_GROUP. But Node uses this, and it's the pattern used within OpenSSL these days, so this appears to be the official upstream recommendation. Also add a #define for OPENSSL_EC_EXPLICIT_CURVE, because Node uses it, but fail attempts to use it. Explicit curve encodings are forbidden by RFC 5480 and generally a bad idea. (Parsing such keys back into OpenSSL will cause it to lose the optimized path.) Change-Id: I5e97080e77cf90fc149f6cf6f2cc4900f573fc64 Reviewed-on: https://boringssl-review.googlesource.com/c/34565 Commit-Queue: David Benjamin <davidben@google.com> Commit-Queue: Adam Langley <agl@google.com> Reviewed-by: Adam Langley <agl@google.com>	2019-01-25 23:08:12 +00:00
..
openssl	Add a very roundabout EC keygen API.	2019-01-25 23:08:12 +00:00

David Benjamin 8cbb5f8f20 Add a very roundabout EC keygen API.

OpenSSL's EVP-level EC API involves a separate "paramgen" operation,
which is ultimately just a roundabout way to go from a NID to an
EC_GROUP. But Node uses this, and it's the pattern used within OpenSSL
these days, so this appears to be the official upstream recommendation.

Also add a #define for OPENSSL_EC_EXPLICIT_CURVE, because Node uses it,
but fail attempts to use it. Explicit curve encodings are forbidden by
RFC 5480 and generally a bad idea. (Parsing such keys back into OpenSSL
will cause it to lose the optimized path.)

Change-Id: I5e97080e77cf90fc149f6cf6f2cc4900f573fc64
Reviewed-on: https://boringssl-review.googlesource.com/c/34565
Commit-Queue: David Benjamin <davidben@google.com>
Commit-Queue: Adam Langley <agl@google.com>
Reviewed-by: Adam Langley <agl@google.com>

2019-01-25 23:08:12 +00:00

openssl

Add a very roundabout EC keygen API.

2019-01-25 23:08:12 +00:00