Skip to content

ci: Update kryoptic features to unbreak CI#362

Merged
hug-dev merged 2 commits intoparallaxsecond:mainfrom
Jakuje:kryoptic-fips-ci
Mar 22, 2026
Merged

ci: Update kryoptic features to unbreak CI#362
hug-dev merged 2 commits intoparallaxsecond:mainfrom
Jakuje:kryoptic-fips-ci

Conversation

@Jakuje
Copy link
Collaborator

@Jakuje Jakuje commented Mar 16, 2026

The dummy-integrity is gone.

@Jakuje Jakuje force-pushed the kryoptic-fips-ci branch 2 times, most recently from eb783d2 to 80f21bb Compare March 16, 2026 15:10
@Jakuje
ci: Update kryoptic features to unbreak CI
6497a8b 
The dummy-integrity is gone.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
@Jakuje Jakuje force-pushed the kryoptic-fips-ci branch from 80f21bb to 6bcd6cb Compare March 16, 2026 15:16
@Jakuje
ci: Update OpenSSL to 4.0 branch for kryoptic FIPS builds
9300c0f 
Recent kryoptic changes in FIPS branch require features from OpenSSL 4.0

They also need couple of patches from Simo's branch for the
hmac stuff to work properly so switching over to that branch too.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
@Jakuje Jakuje force-pushed the kryoptic-fips-ci branch from 6bcd6cb to 9300c0f Compare March 16, 2026 16:37
wiktor-k
wiktor-k approved these changes Mar 17, 2026
View reviewed changes
Copy link
Collaborator

@wiktor-k wiktor-k left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's okay with me. Could you elaborate on why this is using Simo's fork? (I guess this has to do with some patches unmerged upstream but I wonder if they had been proposed and will be available eventually...)

@wiktor-k wiktor-k mentioned this pull request Mar 17, 2026
Merged
@Jakuje
Copy link
Collaborator Author

Jakuje commented Mar 17, 2026

It's okay with me. Could you elaborate on why this is using Simo's fork? (I guess this has to do with some patches unmerged upstream but I wonder if they had been proposed and will be available eventually...)

The commit says:

They also need couple of patches from Simo's branch for the
hmac stuff to work properly so switching over to that branch too.

I think the upstream does not support embedding the hmac into the binary. We have been using this for couple of years already also in other crypto components:

simo5/openssl@4d15b3e

Whether it was proposed to upstream openssl or not, I am not sure. I believe it was and if not, it eventually will. @simo5 can probably clarify more.

To add, this previously worked with the upstream version due to the dummy-integrity hack which was removed from recent kryoptic versions.

@wiktor-k wiktor-k requested a review from hug-dev March 18, 2026 10:30
mingulov added a commit to mingulov/pkcs11-check that referenced this pull request Mar 18, 2026
@mingulov
feat: add development branch Docker targets for Kryoptic and SoftHSM2
8145282 
New targets for testing latest development:
  test-softhsm2-main   SoftHSM2 main branch (latest dev)
  test-kryoptic-main   Kryoptic main branch (default features)
  test-kryoptic-fips   Kryoptic main + FIPS+PQC with simo5/openssl
                        kryoptic_ossl40 branch (OpenSSL 4.0 fork)
                        Based on parallaxsecond/rust-cryptoki#362

Docker compose now organized in 3 sections:
  - Versioned releases (5): softhsm2, kryoptic, nss, nss-pqc, opencryptoki
  - Development branches (3): softhsm2-main, kryoptic-main, kryoptic-fips
  - Additional (4): tpm2, bouncyhsm, pkcs11-mock, qryptotoken

Total: 12 Docker test targets across 8+ implementations.
@hug-dev hug-dev merged commit 4dc69e6 into parallaxsecond:main Mar 22, 2026
44 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@wiktor-k wiktor-k wiktor-k approved these changes

@hug-dev hug-dev hug-dev approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Jakuje @wiktor-k @hug-dev