Skip to content

CMP implementation, incremental PR chunk 3: CMP ASN.1 structures#8669

Closed
DDvO wants to merge 15 commits intoopenssl:masterfrom
mpeylo:cmpossl_incremental3
Closed

CMP implementation, incremental PR chunk 3: CMP ASN.1 structures#8669
DDvO wants to merge 15 commits intoopenssl:masterfrom
mpeylo:cmpossl_incremental3

Conversation

@DDvO
Copy link
Contributor

@DDvO DDvO commented Apr 4, 2019

Certificate Management Protocol (CMP, RFC 4210) extension to OpenSSL.
Also includes CRMF (RFC 4211) and HTTP transfer (RFC 6712).

CMP and CRMF API is added to libcrypto, and the "cmp" app to the openssl CLI.
Adds extensive man pages and tests. Integration into build scripts.

3rd chunk: CMP ASN.1 structures (in crypto/cmp/cmp_asn.c) and related files.

Tests will be added with chunk 4 and following.

Checklist
  • documentation is added or updated

@DDvO
Copy link
Contributor Author

DDvO commented Apr 4, 2019

This is the first CMP chunk with contributions also by @Akretsch.
He is going to be the main person handling review comments.

@Akretsch Akretsch force-pushed the cmpossl_incremental3 branch from 5dcbc05 to 54534bf Compare April 12, 2019 07:47
@DDvO DDvO force-pushed the cmpossl_incremental3 branch from 54534bf to 5dcbc05 Compare April 12, 2019 07:51
@Akretsch Akretsch force-pushed the cmpossl_incremental3 branch from 8810f10 to abc219d Compare April 12, 2019 13:10
@DDvO
Copy link
Contributor Author

DDvO commented Apr 12, 2019

Thanks @mattcaswell and @FdaSilvaYY for your comments.
We have meanwhile handled all of them, performing all requested changes.

@DDvO DDvO force-pushed the cmpossl_incremental3 branch 2 times, most recently from 488e950 to 45e8eb7 Compare April 17, 2019 16:06
@DDvO
Copy link
Contributor Author

DDvO commented Apr 17, 2019

@mattcaswell, we have a general question regarding the review process of the CMP chunks.

Chunk 3 is still under review, and it seems likely that even if you approve it soon it will take some further while until it can be merged since a second review (which has not yet started) and approval is needed.
Chunk 4 will be rather orthogonal to chunk 3 (as it will focus on the OSSL_CMP_CTX structure with its getters and setters, plus some auxiliary and logging functions), and meanwhile we have got pretty far preparing it.

In order to save time (since the overall timeline for the CMP contribution until the release of 3.0.0 is pretty tough), would it make sense to submit chunk 4 somewhat in parallel to chunk 3, for example just after you have approved chunk 3?

@mattcaswell
Copy link
Member

Does chunk 4 depend on the chunk 3 commits? It's easier to review if it doesn't because github shows all code that isn't in the target branch when you are reviewing.

@DDvO
Copy link
Contributor Author

DDvO commented Apr 17, 2019

Unfortunately, there are a couple of files (at least cmp.h and cmp_int.h and some meta files) where there is a dependency because they get extended by each chunk.

@DDvO DDvO force-pushed the cmpossl_incremental3 branch from 45e8eb7 to 80df8a5 Compare April 17, 2019 16:40
@mattcaswell
Copy link
Member

Unfortunately, there are a couple of files (at least cmp.h and cmp_int.h and some meta files) where there is a dependency because they get extended by each chunk.

That is unfortunate. You could create chunk 4 as a WIP PR but github will show it with all the chunk 3 commits. It is possible to click into each individual commit and review each one in turn, but if there are multiple commits this is also problematic because it is difficult to get a "big picture" view.

@DDvO
Copy link
Contributor Author

DDvO commented Apr 17, 2019

Another workaround could be to submit at first only the 'meat' of the next chunk, i.e., the new source, doc, and test files, and to add the files that have dependencies later.

@mspncp
Copy link
Contributor

mspncp commented Apr 17, 2019

Unfortunately, there are a couple of files (at least cmp.h and cmp_int.h and some meta files) where there is a dependency because they get extended by each chunk.

That is unfortunate. You could create chunk 4 as a WIP PR but github will show it with all the chunk 3 commits. It is possible to click into each individual commit and review each one in turn, but if there are multiple commits this is also problematic because it is difficult to get a "big picture" view.

@DDvO you could open a pull request for chunk4 against chunk3 in your own repository for @mattcaswell to (p)review. Doing that, Matt would get to see the big picture, but without the commits from chunk3. To create the pull request, just go to the following comparison page:

https://github.com/mpeylo/cmpossl/compare/cmpossl_incremental3...mpeylo:cmpossl_incremental4?expand=1

(Currently, there seem to be merge conflicts, which you will need to fix first. Best is to rebase chunk4 on top of chunk3 first.)

@mspncp
Copy link
Contributor

mspncp commented Apr 17, 2019

You could even create two pull requests: an „official“ one against master in our repo, and an incremental one in your repo for reference.

@DDvO
Copy link
Contributor Author

DDvO commented Apr 17, 2019

@DDvO you could open a pull request for chunk4 against chunk3 in your own repository for @mattcaswell to (p)review. Doing that, Matt would get to see the big picture, but without the commits from chunk3.

This sounds like a good way to go, thanks @mspncp for this hint!
@mattcaswell, what do you think?

To create the pull request, just go to the following comparison page:
https://github.com/mpeylo/cmpossl/compare/cmpossl_incremental3...mpeylo:cmpossl_incremental4?expand=1

@mattcaswell, would you be able to give review comments in that repository?

(Currently, there seem to be merge conflicts, which you will need to fix first. Best is to rebase chunk4 on top of chunk3 first.)

Yes, this is because (as mentioned in a response to a review comment above: #8669 (comment)) I needed to squash (most of) cmpossl_incremental3. We'll rebase our preliminary cmpossl_incremental4 tomorrow.

You could even create two pull requests: an „official“ one against master in our repo, and an incremental one in your repo for reference.

@mspncp, I did not get what you mean here. Also the 'official' one is necessarily incremental.

@mspncp
Copy link
Contributor

mspncp commented Apr 17, 2019

You could even create two pull requests: an „official“ one against master in our repo, and an incremental one in your repo for reference.

@mspncp, I did not get what you mean here. Also the 'official' one is necessarily incremental.

The idea was that an 'inofficial' pull request in your clone would go unnoticed by most people except for Matt. However, an 'official' pull request against our repo would need to be made against master, so it would have to include the changes from chunk3. So the solution would be to make an official pull request against our master and in the description of the pr include a link to the relative pr on your repo. Whenever you push changes to chunk4, both pull requests would be updated.

Well, it's just an idea. You don't have to do it if it sounds too complicated.

@mspncp
Copy link
Contributor

mspncp commented Apr 17, 2019

(Note: I'm assuming that your branch for chunk4 will be based on top of the branch for chunk3.)

@mattcaswell
Copy link
Member

This sounds like a good way to go, thanks @mspncp for this hint!
@mattcaswell, what do you think?

Sounds like a good idea to me

@DDvO
Copy link
Contributor Author

DDvO commented Apr 19, 2019

@mattcaswell, I've just resolved all (new) review comments on this PR, handling all change requests.

@DDvO DDvO force-pushed the cmpossl_incremental3 branch from 3b5dab8 to 3bd5979 Compare April 19, 2019 14:21
@DDvO
Copy link
Contributor Author

DDvO commented Apr 23, 2019

This sounds like a good way to go, thanks @mspncp for this hint!
@mattcaswell, what do you think?

Sounds like a good idea to me

@mattcaswell, I've meanwhile rebased both branches, such that as mentioned by @mspncp :
https://github.com/mpeylo/cmpossl/compare/cmpossl_incremental3...mpeylo:cmpossl_incremental4?expand=1

you can have a clean preview of our chunk 4 and could already do a first review pass there.
What we have not yet done for chunk 4 is to add the respective portions of the documentation.

Copy link
Member

@mattcaswell mattcaswell left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Needs a second reviewer for this. Ping @openssl/committers.

@mattcaswell mattcaswell added the approval: review pending This pull request needs review by a committer label Apr 24, 2019
@openssl-machine openssl-machine added the hold: cla required The contributor needs to submit a license agreement label May 28, 2019
@DDvO DDvO force-pushed the cmpossl_incremental3 branch from fdaffaf to 1586c96 Compare May 28, 2019 15:32
@mspncp
Copy link
Contributor

mspncp commented May 28, 2019

Btw: The cla bot is complaining about a missing CLA? Is it because of @Akretsch‘s commits?

@DDvO DDvO force-pushed the cmpossl_incremental3 branch from 1586c96 to e2715d6 Compare May 29, 2019 07:30
@DDvO
Copy link
Contributor Author

DDvO commented May 29, 2019

Btw: The cla bot is complaining about a missing CLA? Is it because of @Akretsch‘s commits?

I was wondering about this CLA complaint, too. It is about @Rick113's commits.

I've just double-checked: Roman Schauer sent his CLA already on May 13th,
but apparently is has not yet made its way into the OpenSSL contributors' database.

@mspncp
Copy link
Contributor

mspncp commented May 29, 2019

I've just double-checked: Roman Schauer sent his CLA already on May 13th,
but apparently is has not yet made its way into the OpenSSL contributors' database.

cc @mattcaswell

@DDvO DDvO force-pushed the cmpossl_incremental3 branch from e2715d6 to 2abe29d Compare May 29, 2019 07:53
@mattcaswell
Copy link
Member

Close/reopen to kick cla bot

@mattcaswell mattcaswell reopened this May 29, 2019
@openssl-machine openssl-machine removed the hold: cla required The contributor needs to submit a license agreement label May 29, 2019
@mattcaswell
Copy link
Member

I've just double-checked: Roman Schauer sent his CLA already on May 13th,
but apparently is has not yet made its way into the OpenSSL contributors' database.

Apologies for the delay on this. Roman's email ended up in my spam folder for some reason. All sorted now.

@DDvO DDvO force-pushed the cmpossl_incremental3 branch from 2abe29d to 483174d Compare May 29, 2019 09:42
@DDvO DDvO force-pushed the cmpossl_incremental3 branch from 2dd86dc to e15c87a Compare May 29, 2019 14:07
@DDvO DDvO force-pushed the cmpossl_incremental3 branch from e15c87a to 31daf74 Compare May 29, 2019 14:54
Copy link
Member

@mattcaswell mattcaswell left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reconfirm

@mattcaswell mattcaswell added approval: done This pull request has the required number of approvals and removed approval: review pending This pull request needs review by a committer labels May 30, 2019
@mattcaswell
Copy link
Member

Squashed and pushed. Thanks all!

levitte pushed a commit that referenced this pull request May 30, 2019
Also includes CRMF (RFC 4211) and HTTP transfer (RFC 6712)

CMP and CRMF API is added to libcrypto, and the "cmp" app to the openssl CLI.
    Adds extensive man pages and tests.  Integration into build scripts.

Incremental pull request based on OpenSSL commit 1362190 of 2018-09-26

3rd chunk: CMP ASN.1 structures (in crypto/cmp/cmp_asn.c) and related files

Reviewed-by: Bernd Edlinger <[email protected]>
Reviewed-by: Matt Caswell <[email protected]>
(Merged from #8669)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

approval: done This pull request has the required number of approvals

Projects

None yet

Development

Successfully merging this pull request may close these issues.

7 participants