Re: [openssl-dev] [PATCH 1/1] add TPM2 version of create_tpm2_key and libtpm2.so engine

2017-01-04 Thread Salz, Rich
> There were two requests: the bylaws and whether modified grant would be > acceptable. If, instead of an unrestricted grant in the CLA it were > restricted > to relicensing to an OSI approved licence, the need to do due diligence on > the foundation goes away. We're not interested in changing t

Re: [openssl-dev] [PATCH 1/1] add TPM2 version of create_tpm2_key and libtpm2.so engine

2017-01-03 Thread Richard Levitte
In message <1483487075.2464.59.ca...@hansenpartnership.com> on Tue, 03 Jan 2017 15:44:35 -0800, James Bottomley said: James.Bottomley> On Tue, 2017-01-03 at 12:19 +0100, Richard Levitte wrote: James.Bottomley> > ⁣There seems to be some confusion here. James.Bottomley> > James.Bottomley> > Jame

Re: [openssl-dev] [PATCH 1/1] add TPM2 version of create_tpm2_key and libtpm2.so engine

2017-01-03 Thread James Bottomley
On Wed, 2017-01-04 at 00:04 +, Matt Caswell wrote: > > On 03/01/17 12:44, Salz, Rich wrote: > > > > I'm still waiting on a reply ... I assume holidays are > > > > contributing to the delay. > > > > However, openssl_tpm_engine is a DCO project, so that concern > > > > is > > > > irrelevant here

Re: [openssl-dev] [PATCH 1/1] add TPM2 version of create_tpm2_key and libtpm2.so engine

2017-01-03 Thread Matt Caswell
On 03/01/17 12:44, Salz, Rich wrote: >>> I'm still waiting on a reply ... I assume holidays are contributing to the >>> delay. >>> However, openssl_tpm_engine is a DCO project, so that concern is >>> irrelevant here. >> >> Sorry, I'll push to get the bylaws made public, is that what you need? >

Re: [openssl-dev] [PATCH 1/1] add TPM2 version of create_tpm2_key and libtpm2.so engine

2017-01-03 Thread James Bottomley
On Tue, 2017-01-03 at 12:19 +0100, Richard Levitte wrote: > ⁣There seems to be some confusion here. > > James, I understand the tpm engine as an external project, not part > of the OpenSSL source proper and not intended to be. > > However, openssl-dev@openssl.org is a list focused on the develo

Re: [openssl-dev] [PATCH 1/1] add TPM2 version of create_tpm2_key and libtpm2.so engine

2017-01-03 Thread James Bottomley
On Mon, 2017-01-02 at 18:22 +, Salz, Rich wrote: > > I'm still waiting on a reply ... I assume holidays are contributing > > to the delay. However, openssl_tpm_engine is a DCO project, so that > > concern is irrelevant here. > > Sorry, I'll push to get the bylaws made public, is that what yo

Re: [openssl-dev] [PATCH 1/1] add TPM2 version of create_tpm2_key and libtpm2.so engine

2017-01-03 Thread Salz, Rich
> > I'm still waiting on a reply ... I assume holidays are contributing to the > > delay. > > However, openssl_tpm_engine is a DCO project, so that concern is > > irrelevant here. > > Sorry, I'll push to get the bylaws made public, is that what you need? The OSF bylaws are now linked to from htt

Re: [openssl-dev] [PATCH 1/1] add TPM2 version of create_tpm2_key and libtpm2.so engine

2017-01-03 Thread Richard Levitte
⁣There seems to be some confusion here. James, I understand the tpm engine as an external project, not part of the OpenSSL source proper and not intended to be. However, openssl-dev@openssl.org is a list focused on the development of OpenSSL proper. That makes it a bit odd to discuss the tpm

Re: [openssl-dev] [PATCH 1/1] add TPM2 version of create_tpm2_key and libtpm2.so engine

2017-01-02 Thread Kurt Roeckx
On Mon, Jan 02, 2017 at 08:50:24AM -0800, James Bottomley wrote: > On Mon, 2017-01-02 at 17:38 +0100, Kurt Roeckx wrote: > > On Sat, Dec 31, 2016 at 02:52:43PM -0800, James Bottomley wrote: > > > This patch adds RSA signing for TPM2 keys. There's a limitation to > > > the way TPM2 does signing: i

Re: [openssl-dev] [PATCH 1/1] add TPM2 version of create_tpm2_key and libtpm2.so engine

2017-01-02 Thread Salz, Rich
> Really, how? By pull request, you mean one against the openssl github > account so people subscribing to that account see it, I presume? For that to > happen, the tree the patch is against must actually exist within the account, > which this one doesn't. You clone the openssl git repo, create

Re: [openssl-dev] [PATCH 1/1] add TPM2 version of create_tpm2_key and libtpm2.so engine

2017-01-02 Thread James Bottomley
On Mon, 2017-01-02 at 17:53 +, Salz, Rich wrote: > > Um, that's not really possible given that openssl_tpm_engine is a > > sourceforge project. > > Sure it is. Really, how? By pull request, you mean one against the openssl github account so people subscribing to that account see it, I presum

Re: [openssl-dev] [PATCH 1/1] add TPM2 version of create_tpm2_key and libtpm2.so engine

2017-01-02 Thread Salz, Rich
> Um, that's not really possible given that openssl_tpm_engine is a > sourceforge project. Sure it is. You just find it easier to email patches. This is now the second time you’ve been asked. And also, you had concerns about the CLA before. Have they been resolved? If not you should probabl

Re: [openssl-dev] [PATCH 1/1] add TPM2 version of create_tpm2_key and libtpm2.so engine

2017-01-02 Thread James Bottomley
On Mon, 2017-01-02 at 17:38 +0100, Kurt Roeckx wrote: > On Sat, Dec 31, 2016 at 02:52:43PM -0800, James Bottomley wrote: > > This patch adds RSA signing for TPM2 keys. There's a limitation to > > the way TPM2 does signing: it must recognise the OID for the > > signature. That fails for the MD5-

Re: [openssl-dev] [PATCH 1/1] add TPM2 version of create_tpm2_key and libtpm2.so engine

2017-01-02 Thread Kurt Roeckx
On Sat, Dec 31, 2016 at 02:52:43PM -0800, James Bottomley wrote: > This patch adds RSA signing for TPM2 keys. There's a limitation to the > way TPM2 does signing: it must recognise the OID for the signature. > That fails for the MD5-SHA1 signatures of the TLS/SSL certificate > verification proto

[openssl-dev] [PATCH 1/1] add TPM2 version of create_tpm2_key and libtpm2.so engine

2016-12-31 Thread James Bottomley
This patch adds RSA signing for TPM2 keys. There's a limitation to the way TPM2 does signing: it must recognise the OID for the signature. That fails for the MD5-SHA1 signatures of the TLS/SSL certificate verification protocol, so I'm using RSA_Decrypt for both signing (encryption) and decryptio