Hey Joy,
Joy Latten [2016-04-19 23:18 -]:
> I have a newbie question, what else should I do for this feature freeze?
Formally, nothing. The latest package is in xenial, so now it's "lean
back and enjoy", err, I mean "continue testing it" :-)
It would really be good and adequate if you subscr
Hi Martin,
I have a newbie question, what else should I do for this feature freeze?
Thanks! :-)
regards,
Joy
On Fri, Apr 15, 2016 at 12:14 AM, Martin Pitt
wrote:
> Thanks! There's still an awful amount of patch noise, but indeed some of
> it is unavoidable as you say. But this is incrementally
Ok, I will get to work on these changes now.
I will keep the first 5 patches original to fedora. And then in my cleanup
patch do the stuff to get rid of undefined symbols, etc...
And that way I can point my Origin to the git.fedora.
Thanks!!
regards,
Joy
On Wed, Apr 13, 2016 at 3:32 PM, Martin
Joy Latten [2016-04-13 18:08 -]:
> Started looking into those patch diffs...
> for the openssl-1.0.2a-fips-ec.patch one, I had a bunch of undefined
> symbols and so cleaned these up, causing my diff to be slightly off... my
> bad.
Ah, that makes sense.
> Oh, and also, that patch installed "fi
Hi Martin,
Cool!
Started looking into those patch diffs...
for the openssl-1.0.2a-fips-ec.patch one, I had a bunch of undefined
symbols and so cleaned these up, causing my diff to be slightly off... my
bad.
Should have saved that for the last patch that was for my cleanup... sorry,
I hated not bei
Hi Martin,
I will fix the Origin today. I was not sure of the naming convention for
the patches, so I kept the same name as in fedora but used the version of
openssl that we were patching. If you prefer, I can instead use exact same
name as fedora. I actually pulled my patches from Fedora Rawhide'
Hi Martin,
Dividing up the patch proved to be a challenge but was the right thing to
do.
I divided it up into a patch series of 6, with the first 5 patches being
those from fedora. The 6th patch was all my corrections and updates.
I ran all the prior testcases successfully.
Weird, but the fedora
Hi Martin,
I will get to work on all the resolutions we mentioned. Thanks!
I will send you email when completed and list them.
regards,
Joy
On Fri, Apr 8, 2016 at 2:07 AM, Martin Pitt
wrote:
> Joy Latten [2016-04-08 5:07 -]:
> > > -# define SHA1_Init private_SHA1_Init
> > Those defi
Joy Latten [2016-04-08 5:07 -]:
> > -# define SHA1_Init private_SHA1_Init
> Those defines are within an OPENSSL_FIPS so were never used in regular
> openssl.
Ah, I see that this doesn't actually get shipped in libssl-dev, so
sorry for the noise.
> > The changes in crypto/evp/p_sign.c a
Joy Latten [2016-04-08 5:17 -]:
> Ok, I agree. But I am afraid will still be big. The fedora patch had
> already incorporated almost all the stuff needed from the openssl-fips
> module.
Right, the split patches will of course not be any smaller, but it'll
be a magnitude easier (or even make i
Hi Martin,
Responses below. Thanks!
regards,
Joy
On Thu, Apr 7, 2016 at 5:27 AM, Martin Pitt
wrote:
> Hello Joy,
>
> thanks for your answers. I'll cut out the ones that are resolved now
> from my POV.
>
> Joy Latten [2016-04-06 19:48 -]:
> > crypto in regular openssl when in fips mode. The
Hi Martin,
My responses below. Thanks!
regards,
Joy
On Thu, Apr 7, 2016 at 6:29 AM, Martin Pitt
wrote:
> I reviewed the remainder of the patch:
>
> crypto/evp/evp_locl.h
> -# define SHA1_Init private_SHA1_Init
> -# define SHA224_Init private_SHA224_Init
> -# define SHA256_Init pr
Hello Joy,
thanks for your answers. I'll cut out the ones that are resolved now
from my POV.
Joy Latten [2016-04-06 19:48 -]:
> crypto in regular openssl when in fips mode. The openssl-fips module is not
> only bigger than this patch, but is separate and a bit more complex.
> Since it is sepa
Hi Martin,
This email addresses the second half, below.
regards,
Joy
On Wed, Apr 6, 2016 at 4:33 AM, Martin Pitt wrote:
> The patch changes behaviour even in !fips mode, e. g. in apps/speed.c:
>
> for (i = 0; i < DSA_NUM; i++)
> -dsa_doit[i] = 1;
> +if (!FIPS_
Hi Martin,
My apology for the delay. I had a morning full of meetings and I needed to
look at the code to answer.
I have addressed the first half of your email and will continue with the
second half next. Will send another email
regards,
Joy
On Wed, Apr 6, 2016 at 4:33 AM, Martin Pitt
wrote:
>
15 matches
Mail list logo
