Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

test: use stronger curves for keygen #25564

Closed
wants to merge 1 commit into from

Conversation

danbev
Copy link
Contributor

@danbev danbev commented Jan 18, 2019

This commit updates the named curves P-192 (prime192v1), and secp192k1
to 256 bit versions.

The motivation for this is that in Red Hat Enterprise Linux (RHEL) all
ECC curves < 224 bits are removed from OpenSSL provided by the system.
I'm not sure if other distributions do this but these 256 bit curves are
availalbe in OpenSSL 1.1.0j (current version on master) and OpenSSL
1.1.1 so as far as I can tell it should be safe change to make.

Checklist
  • make -j4 test (UNIX), or vcbuild test (Windows) passes
  • commit message follows commit guidelines

@nodejs-github-bot nodejs-github-bot added the test Issues and PRs related to the tests. label Jan 18, 2019
@danbev
Copy link
Contributor Author

danbev commented Jan 18, 2019

Copy link
Contributor

@sam-github sam-github left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I know the commit description says test: , but the message sounded to me like it was making a breaking change. Maybe a description like test: use stronger curves for keygen would be more clear?

This commit updates the named curves P-192 (prime192v1), and secp192k1
to 256 bit versions.

The motivation for this is that in Red Hat Enterprise Linux (RHEL) all
ECC curves < 224 bits are removed from OpenSSL provided by the system.
I'm not sure if other distributions do this but these 256 bit curves are
availalbe in OpenSSL 1.1.0j (current version on master) and OpenSSL
1.1.1 so as far as I can tell it should be safe change to make.
@danbev danbev force-pushed the test-crypto-keygen-rhel8 branch from ef558fb to 573f8cf Compare January 20, 2019 05:41
@danbev
Copy link
Contributor Author

danbev commented Jan 20, 2019

Maybe a description like test: use stronger curves for keygen would be more clear?

Yeah, that sounds good. I've updated now. Thanks

@danbev danbev changed the title test: update P-192 and secp192k1 to 256 bit test: use stronger curves for keygen Jan 20, 2019
@danbev
Copy link
Contributor Author

danbev commented Jan 21, 2019

Landed in 8b2e861.

@danbev danbev closed this Jan 21, 2019
@danbev danbev deleted the test-crypto-keygen-rhel8 branch January 21, 2019 05:32
danbev added a commit that referenced this pull request Jan 21, 2019
This commit updates the named curves P-192 (prime192v1), and secp192k1
to 256 bit versions.

The motivation for this is that in Red Hat Enterprise Linux (RHEL) all
ECC curves < 224 bits are removed from OpenSSL provided by the system.
I'm not sure if other distributions do this but these 256 bit curves are
availalbe in OpenSSL 1.1.0j (current version on master) and OpenSSL
1.1.1 so as far as I can tell it should be safe change to make.

PR-URL: #25564
Reviewed-By: Sam Roberts <[email protected]>
Reviewed-By: Luigi Pinca <[email protected]>
addaleax pushed a commit that referenced this pull request Jan 23, 2019
This commit updates the named curves P-192 (prime192v1), and secp192k1
to 256 bit versions.

The motivation for this is that in Red Hat Enterprise Linux (RHEL) all
ECC curves < 224 bits are removed from OpenSSL provided by the system.
I'm not sure if other distributions do this but these 256 bit curves are
availalbe in OpenSSL 1.1.0j (current version on master) and OpenSSL
1.1.1 so as far as I can tell it should be safe change to make.

PR-URL: #25564
Reviewed-By: Sam Roberts <[email protected]>
Reviewed-By: Luigi Pinca <[email protected]>
@MylesBorins MylesBorins mentioned this pull request Jan 24, 2019
BethGriggs pushed a commit that referenced this pull request Apr 29, 2019
This commit updates the named curves P-192 (prime192v1), and secp192k1
to 256 bit versions.

The motivation for this is that in Red Hat Enterprise Linux (RHEL) all
ECC curves < 224 bits are removed from OpenSSL provided by the system.
I'm not sure if other distributions do this but these 256 bit curves are
availalbe in OpenSSL 1.1.0j (current version on master) and OpenSSL
1.1.1 so as far as I can tell it should be safe change to make.

PR-URL: #25564
Reviewed-By: Sam Roberts <[email protected]>
Reviewed-By: Luigi Pinca <[email protected]>
@BethGriggs BethGriggs mentioned this pull request May 1, 2019
BethGriggs pushed a commit that referenced this pull request May 10, 2019
This commit updates the named curves P-192 (prime192v1), and secp192k1
to 256 bit versions.

The motivation for this is that in Red Hat Enterprise Linux (RHEL) all
ECC curves < 224 bits are removed from OpenSSL provided by the system.
I'm not sure if other distributions do this but these 256 bit curves are
availalbe in OpenSSL 1.1.0j (current version on master) and OpenSSL
1.1.1 so as far as I can tell it should be safe change to make.

PR-URL: #25564
Reviewed-By: Sam Roberts <[email protected]>
Reviewed-By: Luigi Pinca <[email protected]>
MylesBorins pushed a commit that referenced this pull request May 16, 2019
This commit updates the named curves P-192 (prime192v1), and secp192k1
to 256 bit versions.

The motivation for this is that in Red Hat Enterprise Linux (RHEL) all
ECC curves < 224 bits are removed from OpenSSL provided by the system.
I'm not sure if other distributions do this but these 256 bit curves are
availalbe in OpenSSL 1.1.0j (current version on master) and OpenSSL
1.1.1 so as far as I can tell it should be safe change to make.

PR-URL: #25564
Reviewed-By: Sam Roberts <[email protected]>
Reviewed-By: Luigi Pinca <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
test Issues and PRs related to the tests.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants