ci: Update kryoptic features to unbreak CI#362
ci: Update kryoptic features to unbreak CI#362Jakuje wants to merge 2 commits intoparallaxsecond:mainfrom
Conversation
Jakuje
force-pushed
the
kryoptic-fips-ci
branch
2 times, most recently
from
eb783d2 to
80f21bb
Compare
The dummy-integrity is gone. Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Jakuje
force-pushed
the
kryoptic-fips-ci
branch
from
80f21bb to
6bcd6cb
Compare
Recent kryoptic changes in FIPS branch require features from OpenSSL 4.0 They also need couple of patches from Simo's branch for the hmac stuff to work properly so switching over to that branch too. Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Jakuje
force-pushed
the
kryoptic-fips-ci
branch
from
6bcd6cb to
9300c0f
Compare
wiktor-k
left a comment
wiktor-k
left a comment
There was a problem hiding this comment.
It's okay with me. Could you elaborate on why this is using Simo's fork? (I guess this has to do with some patches unmerged upstream but I wonder if they had been proposed and will be available eventually...)
The commit says:
I think the upstream does not support embedding the hmac into the binary. We have been using this for couple of years already also in other crypto components: Whether it was proposed to upstream openssl or not, I am not sure. I believe it was and if not, it eventually will. @simo5 can probably clarify more. To add, this previously worked with the upstream version due to the dummy-integrity hack which was removed from recent kryoptic versions. |
2 participants
The dummy-integrity is gone.