From: Eric Biggers <ebiggers@kernel.org>
To: Chuck Lever <chuck.lever@oracle.com>
Cc: dhowells@redhat.com, ak@tempesta-tech.com, linux-crypto@vger.kernel.org
Subject: Re: [PATCH Strawman] crypto: Handle PEM-encoded x.509 certificates
Date: Fri, 12 Nov 2021 10:49:00 -0800 [thread overview]
Message-ID: <YY63HENw3fjowWH0@gmail.com> (raw)
In-Reply-To: <163673838611.45802.5085223391786276660.stgit@morisot.1015granger.net>
On Fri, Nov 12, 2021 at 12:39:52PM -0500, Chuck Lever wrote:
> This enables "# cat cert.pem | keyctl padd asymmetric <keyring>"
>
> Since prep->data is a "const void *" I didn't feel comfortable with
> pem_decode() simply overwriting either the pointer or the contents
> of the provided buffer. A secondary buffer is therefore allocated,
> and then later freed by .free_preparse.
>
> This compiles, but is otherwise untested. I'm interested in opinions
> about this approach.
>
> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Why? You can easily convert PEM to DER in userspace, for example with a command
like 'openssl x509 -in cert.pem -out cert.der -outform der'. There's no need
for the kernel to do it.
- Eric
next prev parent reply other threads:[~2021-11-12 18:49 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-11-12 17:39 [PATCH Strawman] crypto: Handle PEM-encoded x.509 certificates Chuck Lever
2021-11-12 18:49 ` Eric Biggers [this message]
2021-11-13 19:12 ` Chuck Lever III
2021-11-13 23:02 ` Eric Biggers
2021-11-14 2:34 ` Chuck Lever III
2021-11-14 3:00 ` Eric Biggers
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YY63HENw3fjowWH0@gmail.com \
--to=ebiggers@kernel.org \
--cc=ak@tempesta-tech.com \
--cc=chuck.lever@oracle.com \
--cc=dhowells@redhat.com \
--cc=linux-crypto@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.