From rickard at opendnssec.org Wed Apr 15 19:06:46 2015 From: rickard at opendnssec.org (Rickard Bellgrim) Date: Wed, 15 Apr 2015 21:06:46 +0200 Subject: [Softhsm-develop] static analysis results for git a9239137c73bf5e482accc5af8a4c1bbd375b394 In-Reply-To: <55155119.2050009@redhat.com> References: <55155119.2050009@redhat.com> Message-ID: On Fri, Mar 27, 2015 at 1:46 PM, Petr Spacek wrote: > >From 143 defects detected back in September 2014 we are now down to 8 > defects > detected today. > Still have 6 defects left: * 4 DEADCODE because the code is there to support additional algorithms in the future. * 2 CHECKED_RETURN because the calls are just dummy calls made upon an error. > Interestingly, gcc version 5.0.0 with -Wshadow option screams a lot and > produces more than 250 warnings about shadowed variables. I'm not sure if > the > check makes sense in all cases but it is suspicious - these results are > attached in shadow-warnings.err.bz2. > Renaming the variables fixed the warnings. All changes are in https://github.com/opendnssec/SoftHSMv2/pull/118 // Rickard -------------- next part -------------- An HTML attachment was scrubbed... URL: From pspacek at redhat.com Thu Apr 16 10:53:51 2015 From: pspacek at redhat.com (Petr Spacek) Date: Thu, 16 Apr 2015 12:53:51 +0200 Subject: [Softhsm-develop] 2.0.0 release plans Message-ID: <552F94BF.4010706@redhat.com> Hello, I would like to know if some kind of 2.0.0-xxx release is planned for near future. I'm going to pull latest source to Fedora so I would like to know if a new signed tarball will be available or if I should just take snapshot from Git tree. Thank you! -- Petr Spacek @ Red Hat From rickard at opendnssec.org Thu Apr 16 22:16:11 2015 From: rickard at opendnssec.org (Rickard Bellgrim) Date: Fri, 17 Apr 2015 00:16:11 +0200 Subject: [Softhsm-develop] 2.0.0 release plans In-Reply-To: <552F94BF.4010706@redhat.com> References: <552F94BF.4010706@redhat.com> Message-ID: On Thu, Apr 16, 2015 at 12:53 PM, Petr Spacek wrote: > I would like to know if some kind of 2.0.0-xxx release is planned for near > future. > > I'm going to pull latest source to Fedora so I would like to know if a new > signed tarball will be available or if I should just take snapshot from > Git tree. > We have now closed all pending issues for the 2.0.0. 2.0.0b3 can be released once we have merged: https://github.com/opendnssec/SoftHSMv2/pull/117 https://github.com/opendnssec/SoftHSMv2/pull/119 Jakob, how does the schedule look like for releasing 2.0.0b3? // Rickard -------------- next part -------------- An HTML attachment was scrubbed... URL: From jakob at kirei.se Fri Apr 17 07:14:32 2015 From: jakob at kirei.se (Jakob Schlyter) Date: Fri, 17 Apr 2015 09:14:32 +0200 Subject: [Softhsm-develop] 2.0.0 release plans In-Reply-To: References: <552F94BF.4010706@redhat.com> Message-ID: > On 17 apr 2015, at 00:16, Rickard Bellgrim wrote: > > Jakob, how does the schedule look like for releasing 2.0.0b3? Done, please send announcement. I noticed a problem with the latest OpenSSL version, it would be great if someone can take a look at that. jakob From pspacek at redhat.com Fri Apr 17 07:18:08 2015 From: pspacek at redhat.com (Petr Spacek) Date: Fri, 17 Apr 2015 09:18:08 +0200 Subject: [Softhsm-develop] 2.0.0 release plans In-Reply-To: References: <552F94BF.4010706@redhat.com>

Message-ID: <5530B3B0.6050805@redhat.com> On 17.4.2015 09:14, Jakob Schlyter wrote: > >> On 17 apr 2015, at 00:16, Rickard Bellgrim wrote: >> >> Jakob, how does the schedule look like for releasing 2.0.0b3? > > Done, please send announcement. > > I noticed a problem with the latest OpenSSL version, it would be great if someone can take a look at that. I could check that if you give me more details about the problem. Thank you! -- Petr Spacek @ Red Hat From jakob at kirei.se Fri Apr 17 07:18:49 2015 From: jakob at kirei.se (Jakob Schlyter) Date: Fri, 17 Apr 2015 09:18:49 +0200 Subject: [Softhsm-develop] 2.0.0 release plans In-Reply-To: <5530B3B0.6050805@redhat.com> References: <552F94BF.4010706@redhat.com>

<5530B3B0.6050805@redhat.com> Message-ID: <32CF19A6-8CD0-40DD-BC15-A1A58EC658FA@kirei.se> On 17 apr 2015, at 09:18, Petr Spacek wrote: > > I could check that if you give me more details about the problem. build with openssl 1.0.2 and do 'make check' jakob From pspacek at redhat.com Fri Apr 17 13:32:37 2015 From: pspacek at redhat.com (Petr Spacek) Date: Fri, 17 Apr 2015 15:32:37 +0200 Subject: [Softhsm-develop] 2.0.0 release plans In-Reply-To: <32CF19A6-8CD0-40DD-BC15-A1A58EC658FA@kirei.se> References: <552F94BF.4010706@redhat.com>

<5530B3B0.6050805@redhat.com> <32CF19A6-8CD0-40DD-BC15-A1A58EC658FA@kirei.se> Message-ID: <55310B75.3030502@redhat.com> On 17.4.2015 09:18, Jakob Schlyter wrote: > On 17 apr 2015, at 09:18, Petr Spacek wrote: >> > >> I could check that if you give me more details about the problem. > > build with openssl 1.0.2 and do 'make check' Tests are passing for me on Fedora 22 with hand-compiled OpenSSL 1.0.2a. The only thing I had to do was to hack m4/acx_openssl_rfc5649.m4 to disable RFC 5649 support because it is not present in OpenSSL 1.0.2a and this check ignores --with-openssl configure parameter. I'm not an Autotools expert so I'm not able to write proper fix, sorry! -- Petr Spacek @ Red Hat From rickard at opendnssec.org Sat Apr 18 07:12:16 2015 From: rickard at opendnssec.org (Rickard Bellgrim) Date: Sat, 18 Apr 2015 09:12:16 +0200 Subject: [Softhsm-develop] 2.0.0 release plans In-Reply-To: <55310B75.3030502@redhat.com> References: <552F94BF.4010706@redhat.com>

<5530B3B0.6050805@redhat.com> <32CF19A6-8CD0-40DD-BC15-A1A58EC658FA@kirei.se> <55310B75.3030502@redhat.com> Message-ID: On Fri, Apr 17, 2015 at 3:32 PM, Petr Spacek wrote: > Tests are passing for me on Fedora 22 with hand-compiled OpenSSL 1.0.2a. > > The only thing I had to do was to hack m4/acx_openssl_rfc5649.m4 to disable > RFC 5649 support because it is not present in OpenSSL 1.0.2a and this check > ignores --with-openssl configure parameter. > > I'm not an Autotools expert so I'm not able to write proper fix, sorry! The configuration works for me: $ /usr/local/ssl/bin/openssl version OpenSSL 1.0.2a 19 Mar 2015 $ ../configure --disable-non-paged-memory --with-objectstore-backend-db --with-migrate --with-crypto-backend=openssl --with-openssl=/usr/local/ssl ... checking what are the OpenSSL includes... -I/usr/local/ssl/include checking what are the OpenSSL libs... -L/usr/local/ssl/lib -lcrypto checking openssl/ssl.h usability... yes checking openssl/ssl.h presence... yes checking for openssl/ssl.h... yes checking for BN_init in -lcrypto... yes checking for OpenSSL version... >= 1.0.0 checking for OpenSSL ECC support... Found P256 and P384 checking for OpenSSL GOST support... Found GOST engine checking OpenSSL EVP interface for AES key wrapping... RFC 3394 is supported checking OpenSSL EVP interface for AES key wrapping with pad... RFC 5649 is not supported ? There was however an error introduced when renaming the variables. Should be fixed in https://github.com/opendnssec/SoftHSMv2/pull/120 // Rickard -------------- next part -------------- An HTML attachment was scrubbed... URL: From pspacek at redhat.com Mon Apr 20 14:36:36 2015 From: pspacek at redhat.com (Petr Spacek) Date: Mon, 20 Apr 2015 16:36:36 +0200 Subject: [Softhsm-develop] Configure script & custom OpenSSL path In-Reply-To: References: <552F94BF.4010706@redhat.com>

<5530B3B0.6050805@redhat.com> <32CF19A6-8CD0-40DD-BC15-A1A58EC658FA@kirei.se> <55310B75.3030502@redhat.com> Message-ID: <55350EF4.2080308@redhat.com> On 18.4.2015 09:12, Rickard Bellgrim wrote: > On Fri, Apr 17, 2015 at 3:32 PM, Petr Spacek wrote: > >> Tests are passing for me on Fedora 22 with hand-compiled OpenSSL 1.0.2a. >> >> The only thing I had to do was to hack m4/acx_openssl_rfc5649.m4 to disable >> RFC 5649 support because it is not present in OpenSSL 1.0.2a and this check >> ignores --with-openssl configure parameter. >> >> I'm not an Autotools expert so I'm not able to write proper fix, sorry! > > > The configuration works for me: > > $ /usr/local/ssl/bin/openssl version > OpenSSL 1.0.2a 19 Mar 2015 > > $ ../configure --disable-non-paged-memory --with-objectstore-backend-db > --with-migrate --with-crypto-backend=openssl --with-openssl=/usr/local/ssl > ... > checking what are the OpenSSL includes... -I/usr/local/ssl/include > checking what are the OpenSSL libs... -L/usr/local/ssl/lib -lcrypto > checking openssl/ssl.h usability... yes > checking openssl/ssl.h presence... yes > checking for openssl/ssl.h... yes > checking for BN_init in -lcrypto... yes > checking for OpenSSL version... >= 1.0.0 > checking for OpenSSL ECC support... Found P256 and P384 > checking for OpenSSL GOST support... Found GOST engine > checking OpenSSL EVP interface for AES key wrapping... RFC 3394 is supported > checking OpenSSL EVP interface for AES key wrapping with pad... RFC 5649 is > not supported > ? My problem was that it the check itself was testing openssl in / and not in /usr/local/ssl. The compilation later used /usr/local/ssl as it should so that was okay for me, just the check itself was bogus. Does it say 'RFC 5649 is supported' if you run configure script without --with-openssl=/usr/local/ssl ? -- Petr Spacek @ Red Hat