From rickard at opendnssec.org Mon Aug 11 16:21:57 2014 From: rickard at opendnssec.org (Rickard Bellgrim) Date: Mon, 11 Aug 2014 18:21:57 +0200 Subject: [Softhsm-develop] Re: Update on wrap/unwrap In-Reply-To: <53CE8803.6060805@redhat.com> References: <53CD2BD3.9070701@surfnet.nl> <53CE4CDC.8010508@redhat.com> <1406041144.32410.3.camel@what> <53CE8803.6060805@redhat.com> Message-ID: Hi All I am back from my holiday and will review the patch during this weekend. // Rickard On Tue, Jul 22, 2014 at 5:49 PM, Petr Spacek wrote: > On 22.7.2014 16:59, Jerry Lundstr?m wrote: > >> Hi Petr, >> >> On tis, 2014-07-22 at 13:37 +0200, Petr Spacek wrote: >> >>> Anyway, I can live with my developer builds [1] for now. For me the hard >>> deadline is Thursday 2014-08-21. I would like to have everything in >>> upstream >>> git at that time. What do you think? Is it possible? >>> >> >> Since SoftHSMv2 is still in alpha and new alpha release is easy and fast >> to make but this still needs to be reviewed by Rickard. Seeing that he >> should be back the week before your hard deadline there should be plenty >> of time to get this in before that. >> > > Let me clarify that I don't need "release". Pure git push to upstream repo > is enough if we can agree on patches. > > Have a nice day! > > > -- > Petr Spacek @ Red Hat > _______________________________________________ > Softhsm-develop mailing list > Softhsm-develop at lists.opendnssec.org > https://lists.opendnssec.org/mailman/listinfo/softhsm-develop > -------------- next part -------------- An HTML attachment was scrubbed... URL: From pspacek at redhat.com Wed Aug 20 08:32:01 2014 From: pspacek at redhat.com (Petr Spacek) Date: Wed, 20 Aug 2014 10:32:01 +0200 Subject: [Softhsm-develop] AES wrap_key_with_pad & OpenSSL master branch Message-ID: <53F45D01.20605@redhat.com> Hello, It took some time but support for RFC 5649 was merged to OpenSSL [0]. Unfortunately I have had to re-write the original patch [1] to make it acceptable and the final API is not compatible with API from the original patch. (Now the key wrap mode is part of EVP API.) I would like to send patches for SoftHSM with support for the 'official' OpenSSL API so AES key wrap with padding will be usable on systems even without custom OpenSSL build. Can I remove the unofficial API and replace it with the official one? Or is it necessary to keep support the unofficial API around? Thank you for answers. [0] https://github.com/openssl/openssl/commit/d31fed73e25391cd71a0de488d88724db78f6f8a [1] https://github.com/opendnssec/SoftHSMv2/blob/develop/aes_wrap_key_with_pad/openssl-diff -- Petr Spacek @ Red Hat From jakob at kirei.se Thu Aug 21 09:23:54 2014 From: jakob at kirei.se (Jakob Schlyter) Date: Thu, 21 Aug 2014 11:23:54 +0200 Subject: [Softhsm-develop] AES wrap_key_with_pad & OpenSSL master branch In-Reply-To: <53F45D01.20605@redhat.com> References: <53F45D01.20605@redhat.com> Message-ID: <393E651C-A5F8-40BE-AC22-BAB1E91F7328@kirei.se> On 20 aug 2014, at 10:32, Petr Spacek wrote: > Unfortunately I have had to re-write the original patch [1] to make it acceptable and the final API is not compatible with API from the original patch. (Now the key wrap mode is part of EVP API.) > > I would like to send patches for SoftHSM with support for the 'official' OpenSSL API so AES key wrap with padding will be usable on systems even without custom OpenSSL build. > > Can I remove the unofficial API and replace it with the official one? Or is it necessary to keep support the unofficial API around? Since we've not yet released SoftHSM 2.0, I believe we can replace it. jakob