Skip to content

Update softhsm and libp11 to latest#459

Merged
OYTIS merged 2 commits intoadvancedtelematic:masterfrom
ricardosalveti:hsm
Jan 25, 2019
Merged

Update softhsm and libp11 to latest#459
OYTIS merged 2 commits intoadvancedtelematic:masterfrom
ricardosalveti:hsm

Conversation

@ricardosalveti
Copy link
Copy Markdown
Contributor

@ricardosalveti ricardosalveti commented Jan 17, 2019

  • softhsm: bump to 2.5.0
  • libp11: bump to git 57ca68f for EC signing support

This also enables support for using EdDSA, which is available in latest OpenSSL (1.1.1a).

@pattivacek
Copy link
Copy Markdown
Collaborator

pattivacek commented Jan 17, 2019

Cool! It was about time to get some of these up to date. Especially cool to be able to get rid of the patches and to see EdDSA support! I'm running tests now.

lbonn
lbonn reviewed Jan 17, 2019
View reviewed changes
Comment thread recipes-support/softhsm/softhsm_git.bb Outdated
@ricardosalveti
softhsm: bump to 2.5.0
90402a6 
Changes in 2.5.0:
 - Support for cross-compilation
 - Use RDRAND in OpenSSL if that engine is available
 - Support for EDDSA with vendor defined mechanisms
 - Replace PKCS11 headers with a version from p11-kit

Recipe updated to build support for EdDSA since that is already
available in latest OpenSSL (1.1.1a).

HOMEPAGE and LICENSE also changed to match upstream.

Signed-off-by: Ricardo Salveti <[email protected]>
@ricardosalveti
libp11: bump to git 57ca68f for EC signing support
5ac4622 
libp11 0.4.9 gives an error when EC keys are used for signing
(pkcs11_try_pkey_ec_sign() not implemented), so bump to git 57ca68f
(post 0.4.9) for EC signing support.

Also drop workaround patch for OpenSSL 1.0.2.m since OE OpenSSL version
is now at 1.1.1a.

Signed-off-by: Ricardo Salveti <[email protected]>
@lbonn
Copy link
Copy Markdown
Contributor

lbonn commented Jan 17, 2019

Yes, that's good!

My only concern is whether it would make backports to rocko too difficult (we try to have minimal differences in our recipes, in particular with relation to dependencies versions). In particular, dropping the OpenSSL 1.0.2 patch and the --enable-eddsa configuration flag.

Maybe @OYTIS has a clearer picture about that?

@ricardosalveti
Copy link
Copy Markdown
Contributor Author

ricardosalveti commented Jan 17, 2019

My only concern is whether it would make backports to rocko too difficult (we try to have minimal differences in our recipes, in particular with relation to dependencies versions). In particular, dropping the OpenSSL 1.0.2 patch and the --enable-eddsa configuration flag.

That is why I added that comment in there, to avoid issues when backporting to other branches, but it would still be something to change when doing the actual backport.

Ideally softhsm should be able to handle this automatically, but that still requires softhsm/SoftHSMv2#438 to be merged (didn't test if that works well when cross building).

ricardosalveti added a commit to ricardosalveti/meta-lmp that referenced this pull request Jan 17, 2019
@ricardosalveti
softhsm: add 2.5.0 release
f0b1137 
Changes in 2.5.0:
 - Support for cross-compilation
 - Use RDRAND in OpenSSL if that engine is available
 - Support for EDDSA with vendor defined mechanisms
 - Replace PKCS11 headers with a version from p11-kit

Meta-updater pull request:
advancedtelematic/meta-updater#459

Signed-off-by: Ricardo Salveti <[email protected]>
ricardosalveti added a commit to ricardosalveti/meta-lmp that referenced this pull request Jan 17, 2019
@ricardosalveti
libp11: add git recipe based on 57ca68f
013b76d 
Latest git is required for EC signing support.

Meta-updater pull request:
advancedtelematic/meta-updater#459

Signed-off-by: Ricardo Salveti <[email protected]>
@ricardosalveti ricardosalveti mentioned this pull request Jan 17, 2019
Merged
ricardosalveti added a commit to foundriesio/meta-lmp that referenced this pull request Jan 17, 2019
@ricardosalveti
softhsm: add 2.5.0 release
d92812f 
Changes in 2.5.0:
 - Support for cross-compilation
 - Use RDRAND in OpenSSL if that engine is available
 - Support for EDDSA with vendor defined mechanisms
 - Replace PKCS11 headers with a version from p11-kit

Meta-updater pull request:
advancedtelematic/meta-updater#459

Signed-off-by: Ricardo Salveti <[email protected]>
ricardosalveti added a commit to foundriesio/meta-lmp that referenced this pull request Jan 17, 2019
@ricardosalveti
libp11: add git recipe based on 57ca68f
b58f0fb 
Latest git is required for EC signing support.

Meta-updater pull request:
advancedtelematic/meta-updater#459

Signed-off-by: Ricardo Salveti <[email protected]>
@pattivacek
Copy link
Copy Markdown
Collaborator

pattivacek commented Jan 18, 2019
edited
Loading

Passed oe-selftest. Still requires some manual testing with the HSM functionality, though.

I don't think the backport issues are big enough to prevent merging, but we should discuss and decide how to handle things like this.

OYTIS
OYTIS approved these changes Jan 24, 2019
View reviewed changes
Copy link
Copy Markdown
Contributor

@OYTIS OYTIS left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

To me it seems that keeping the patch across the branches would complicate things. Let's just keep that in mind when backporting.

@OYTIS OYTIS merged commit 826b15d into advancedtelematic:master Jan 25, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@lbonn lbonn Awaiting requested review from lbonn

@eu-siemann eu-siemann Awaiting requested review from eu-siemann

@pattivacek pattivacek Awaiting requested review from pattivacek

1 more reviewer

@OYTIS OYTIS OYTIS approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@ricardosalveti @pattivacek @lbonn @OYTIS