From: David Woodhouse <dwmw2@infradead.org>
To: Yang Song <songyang@linux.alibaba.com>,
dhowells@redhat.com, keyrings@vger.kernel.org,
linux-kernel@vger.kernel.org
Cc: zhang.jia@linux.alibaba.com, tianjia.zhang@linux.alibaba.com,
songyang@linux.alibaba.com
Subject: Re: [PATCH] sign-file: add openssl engine support
Date: Wed, 10 Feb 2021 08:01:30 +0000 [thread overview]
Message-ID: <E4E1860E-57B8-44AA-B370-9589F9C20215@infradead.org> (raw)
In-Reply-To: <20210210074554.81100-1-songyang@linux.alibaba.com>
On 10 February 2021 07:45:54 GMT, Yang Song <songyang@linux.alibaba.com> wrote:
>Use a customized signature service supported by openssl engine
>to sign the kernel module.
>Add command line parameters that support engine for sign-file
>to use the customized openssl engine service to sign kernel modules.
>
>Signed-off-by: Yang Song <songyang@linux.alibaba.com>
Aren't engines already obsolete in the latest versions of OpenSSL, as well as being an implementation detail of one particular crypto library? They aren't really a concept we should be exposing in *our* user interface.
Better to make sign-file automatically recognise RFC7512 PKCS#11 URIs and handle them by automatically loading the PKCS#11 engine.
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
next prev parent reply other threads:[~2021-02-10 8:02 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-02-10 7:45 [PATCH] sign-file: add openssl engine support Yang Song
2021-02-10 8:01 ` David Woodhouse [this message]
2021-02-10 14:59 ` James Bottomley
2021-02-10 8:29 ` David Howells
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=E4E1860E-57B8-44AA-B370-9589F9C20215@infradead.org \
--to=dwmw2@infradead.org \
--cc=dhowells@redhat.com \
--cc=keyrings@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=songyang@linux.alibaba.com \
--cc=tianjia.zhang@linux.alibaba.com \
--cc=zhang.jia@linux.alibaba.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.