All of lore.kernel.org
 help / color / mirror / Atom feed
From: David Woodhouse <dwmw2@infradead.org>
To: Yang Song <songyang@linux.alibaba.com>,
	dhowells@redhat.com, keyrings@vger.kernel.org,
	linux-kernel@vger.kernel.org
Cc: zhang.jia@linux.alibaba.com, tianjia.zhang@linux.alibaba.com,
	songyang@linux.alibaba.com
Subject: Re: [PATCH] sign-file: add openssl engine support
Date: Wed, 10 Feb 2021 08:01:30 +0000	[thread overview]
Message-ID: <E4E1860E-57B8-44AA-B370-9589F9C20215@infradead.org> (raw)
In-Reply-To: <20210210074554.81100-1-songyang@linux.alibaba.com>



On 10 February 2021 07:45:54 GMT, Yang Song <songyang@linux.alibaba.com> wrote:
>Use a customized signature service supported by openssl engine
>to sign the kernel module.
>Add command line parameters that support engine for sign-file
>to use the customized openssl engine service to sign kernel modules.
>
>Signed-off-by: Yang Song <songyang@linux.alibaba.com>

Aren't engines already obsolete in the latest versions of OpenSSL, as well as being an implementation detail of one particular crypto library? They aren't really a concept we should be exposing in *our* user interface.

Better to make sign-file automatically recognise RFC7512 PKCS#11 URIs and handle them by automatically loading the PKCS#11 engine.

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.

  reply	other threads:[~2021-02-10  8:02 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-02-10  7:45 [PATCH] sign-file: add openssl engine support Yang Song
2021-02-10  8:01 ` David Woodhouse [this message]
2021-02-10 14:59   ` James Bottomley
2021-02-10  8:29 ` David Howells

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=E4E1860E-57B8-44AA-B370-9589F9C20215@infradead.org \
    --to=dwmw2@infradead.org \
    --cc=dhowells@redhat.com \
    --cc=keyrings@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=songyang@linux.alibaba.com \
    --cc=tianjia.zhang@linux.alibaba.com \
    --cc=zhang.jia@linux.alibaba.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.