On Fri, Nov 12, 2021 at 12:39:52PM -0500, Chuck Lever wrote: > This enables "# cat cert.pem | keyctl padd asymmetric <keyring>" > > Since prep->data is a "const void *" I didn't feel comfortable with > pem_decode() simply overwriting either the pointer or the contents > of the provided buffer. A secondary buffer is therefore allocated, > and then later freed by .free_preparse. > > This compiles, but is otherwise untested. I'm interested in opinions > about this approach. > > Signed-off-by: Chuck Lever <chuck.lever@xxxxxxxxxx> Why? You can easily convert PEM to DER in userspace, for example with a command like 'openssl x509 -in cert.pem -out cert.der -outform der'. There's no need for the kernel to do it. - Eric