On Tue, 22 Jan 2019 12:43:45 -0800 Lucas De Marchi <lucas.de.marchi@xxxxxxxxx> wrote: > On Tue, Jan 22, 2019 at 12:03 PM Michal Suchánek <msuchanek@xxxxxxx> wrote: > > > > On Tue, 22 Jan 2019 22:01:04 +0200 > > Yauheni Kaliuta <yauheni.kaliuta@xxxxxxxxxx> wrote: > > > > > Hi! > > > > > > Looks like OpenSUSE took the RFC patch. > > > > > > The diverging doesn't sound nice, frankly speaking. > > > > Is there an upstream solution? > > > > The diverging is caused by lack of support upstream. > > Mea culpa for not deciding with which implementation to go for the > next release. We actually have 3 possible implementations: one with > openssl, one with gnutls and > this one lifting the implementation from the kernel to be used in userspace. This is not really about lifting the kernel implementation. It is more about using a parser generator to generate code that parses the signature. asn1c is specialized on asn1 encoded data such as the PKCS#7 signature. > > It would be good to know from downstream their preference to weigh in > the decision. I think with the size of initrd currently in openSUSE nobody will notice a crypto library or two added. For other distributions 0.5M size increase in ramdisk may be more noticeable. 15M /boot/initrd-4.19.4-1-default 1.7M /usr/lib64/libgnutls.so.30.22.0 437K /usr/lib64/libssl.so.1.1 Between gnutls and openssl my impression is that openssl is more likely to be included with other tools anyway in more featureful ramdisks (ie. kdump over ssh or live system over https will need SSL). openssl is is also smaller of the two. Thanks Michal