On Wed, 2024-02-21 at 10:11 +0200, Dmitry Kasatkin wrote:
> Currently libimaevm provided by this project is used by the tool evmctl,
> which is also provided by this project.
>
> An issue was reported about using libimaevm with other software. Its
> GPL2-only license makes it incompatible to use
> On Feb 21, 2024, at 2:11 AM, Dmitry Kasatkin
> wrote:
>
> Currently libimaevm provided by this project is used by the tool evmctl,
> which is also provided by this project.
>
> An issue was reported about using libimaevm with other software. Its
> GPL2-only license makes it incompatible to
On 2/26/24 13:20, Stefan Berger wrote:
This series deprecates the sign_hash function and introduces
imaevm_signhash that requires the necessary parameters to be passed rather
than relying on the global imaevm_params variable. This way we can remove
the usage of imaevm_params for the OpenSSL
Instead of relying on imaevm_params.engine and imaevm_params.keyid global
variables, which are not concurrency-safe, define a new library function
imaevm_signhash() function with the engine and keyid as parameters.
Pass the ENGINE and keyid all the way through to the function that is
using them
Replace the deprecated sign_hash with imaevm_signhash. Define local
variables to pass the choice of signature version, key id, and whether
to use an OpenSSL engine to imaevm_signhash.
Signed-off-by: Stefan Berger
---
src/evmctl.c | 75 +++-
1 file
Also implement the --provider option that is useful for testing with
provider. It also helps a user to select whether to use an engine or a
provider.
Update the README with the new option.
Signed-off-by: Stefan Berger
---
README | 5 ++--
configure.ac| 6
src/Makefile.am |
Install the pkcs11-provider package. For it to be useful softhsm and gnutls
are also needed, so in some cases install them together so that if one of
the packages cannot be installed then none of them are installed.
Signed-off-by: Stefan Berger
---
ci/alt.sh| 2 ++
ci/debian.sh | 1
Check the evmctl help screen for engine support and skip the pkcs11
test if no engine support is compiled into evmctl.
Fixes: c1635add22af ("Disable use of OpenSSL "engine" support")
Signed-off-by: Stefan Berger
---
tests/sign_verify.test | 10 --
1 file changed, 8 insertions(+), 2
Adjust the existing pkcs11 engine test cases to pass --engine pkcs11 via
an option (OPTS) to evmctl rather than using a global variable. Then
duplicate the pkcs11 engine tests and pass --provider pkcs11 to run the
same tests using OpenSSL provider. Also check whether evmctl was compiled
with
An application including the public header imaevm.h won't know whether
CONFIG_IMA_EVM_ENGINE was set during compilation of the library, so
remove the usage of CONFIG_IMA_EVM_ENGINE from it.
An application wanting to use the engine will have to find out whether
engine support is compiled-in by
This series deprecates the sign_hash function and introduces
imaevm_signhash that requires the necessary parameters to be passed rather
than relying on the global imaevm_params variable. This way we can remove
the usage of imaevm_params for the OpenSSL engine and the keyid.
Add support for an
On Wed, Feb 21, 2024 at 10:11:34AM +0200, Dmitry Kasatkin wrote:
> Currently libimaevm provided by this project is used by the tool evmctl,
> which is also provided by this project.
>
> An issue was reported about using libimaevm with other software. Its
> GPL2-only license makes it incompatible
On Wed, 2024-02-21 at 10:11 +0200, Dmitry Kasatkin wrote:
> Currently libimaevm provided by this project is used by the tool evmctl,
> which is also provided by this project.
>
> An issue was reported about using libimaevm with other software. Its
> GPL2-only license makes it incompatible to use
Hi Stefan,
"Pass ENGINE and keyid through to function using them" describes what the patch
does, but not the reason for the patch. Please update the patch description
Subject line and similarly the cover letter Subject line.
On Fri, 2024-02-23 at 10:30 -0500, Stefan Berger wrote:
> Pass the
On 23.02.2024 02:55, Daniel P. Smith wrote:
On 2/20/24 13:42, Alexander Steffen wrote:
On 02.02.2024 04:08, Lino Sanfilippo wrote:
On 01.02.24 23:21, Jarkko Sakkinen wrote:
On Wed Jan 31, 2024 at 7:08 PM EET, Daniel P. Smith wrote:
Commit 933bfc5ad213 introduced the use of a locality
On Mon, 2024-02-26 at 11:26 +0200, Jarkko Sakkinen wrote:
> On Mon Feb 26, 2024 at 8:49 AM EET, James Bottomley wrote:
> > On Mon, 2024-02-26 at 08:22 +0200, Jarkko Sakkinen wrote:
> > > Add TPM driver test suite URL to the MAINTAINERS files and move
> > > the
> > > wiki
> > > URL to more
On Sun Feb 25, 2024 at 1:23 PM EET, Daniel P. Smith wrote:
> On 2/23/24 07:58, Jarkko Sakkinen wrote:
> > On Fri Feb 23, 2024 at 3:58 AM EET, Daniel P. Smith wrote:
> >>> Just adding here that I wish we also had a log transcript of bug, which
> >>> is right now missing. The explanation believable
On Sat Feb 24, 2024 at 4:34 AM EET, Lino Sanfilippo wrote:
>
>
> On 23.02.24 02:56, Daniel P. Smith wrote:
>
> >>
> >> Will the TPM TIS CORE ever (have to) request another locality than 0?
> >> Maybe the best would
> >> be to hardcode TPM_ACCESS(0) and get rid of all the locality parameters
> >>
On Mon Feb 26, 2024 at 8:49 AM EET, James Bottomley wrote:
> On Mon, 2024-02-26 at 08:22 +0200, Jarkko Sakkinen wrote:
> > Add TPM driver test suite URL to the MAINTAINERS files and move the
> > wiki
> > URL to more appropriate location.
> >
> > Link: https://gitlab.com/jarkkojs/linux-tpmdd-test
On Mon Feb 26, 2024 at 8:35 AM EET, Paul Menzel wrote:
> Dear Jarkko,
>
>
> Thank you for your patch. Two nits:
>
> s/RIVER/DRIVER/
lol, thanks for picking up this ;-)
>
> Am 26.02.24 um 07:22 schrieb Jarkko Sakkinen:
> > Add TPM driver test suite URL to the MAINTAINERS files and move the wiki
>
20 matches
Mail list logo