Re: [PATCH Strawman] crypto: Handle PEM-encoded x.509 certificates

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Nov 12, 2021 at 12:39:52PM -0500, Chuck Lever wrote:
> This enables "# cat cert.pem | keyctl padd asymmetric <keyring>"
> 
> Since prep->data is a "const void *" I didn't feel comfortable with
> pem_decode() simply overwriting either the pointer or the contents
> of the provided buffer. A secondary buffer is therefore allocated,
> and then later freed by .free_preparse.
> 
> This compiles, but is otherwise untested. I'm interested in opinions
> about this approach.
> 
> Signed-off-by: Chuck Lever <chuck.lever@xxxxxxxxxx>

Why?  You can easily convert PEM to DER in userspace, for example with a command
like 'openssl x509 -in cert.pem -out cert.der -outform der'.  There's no need
for the kernel to do it.

- Eric



[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux