Message ID | 20210201151910.1465705-1-stefanb@linux.ibm.com (mailing list archive) |
---|---|
Headers | show |
Series | Add support for x509 certs with NIST p256 and p192 keys | expand |
Stefan Berger <stefanb@linux.ibm.com> wrote: > v6->v7: > - Moved some OID defintions to patch 1 for bisectability > - Applied R-b's But I can't now apply 2-4 without patch 1. David
On 2/1/21 11:13 AM, David Howells wrote: > Stefan Berger <stefanb@linux.ibm.com> wrote: > >> v6->v7: >> - Moved some OID defintions to patch 1 for bisectability >> - Applied R-b's > But I can't now apply 2-4 without patch 1. Two possible solutions: 1) the whole series goes through the crypto tree 2) I make the OIDs addition patch 1 that both keyrings and crypto take separately? Stefan
Stefan Berger <stefanb@linux.ibm.com> wrote: > 1) the whole series goes through the crypto tree > > 2) I make the OIDs addition patch 1 that both keyrings and crypto take > separately? The first might be easiest, but 2 is okay also. You'll just need to give myself and Herbert separate branches to pull, rooted on the same commit. Btw, what do patches 2-4 do if patch 1 isn't applied? David
On 2/1/21 11:36 AM, David Howells wrote: > Stefan Berger <stefanb@linux.ibm.com> wrote: > >> 1) the whole series goes through the crypto tree >> >> 2) I make the OIDs addition patch 1 that both keyrings and crypto take >> separately? > The first might be easiest, but 2 is okay also. You'll just need to give > myself and Herbert separate branches to pull, rooted on the same commit. > > Btw, what do patches 2-4 do if patch 1 isn't applied? With the crypto module missing in the kernel you will get an error trying to load an x509 certificate that needs the algorithm to verify the self-signed signature. Before I post yet another series I hope that Herbert can say whether option 1) would work for him. Stefan > > > David >
On Mon, Feb 01, 2021 at 11:45:16AM -0500, Stefan Berger wrote: > > With the crypto module missing in the kernel you will get an error trying to > load an x509 certificate that needs the algorithm to verify the self-signed > signature. > > Before I post yet another series I hope that Herbert can say whether option > 1) would work for him. Please be patient. We need to make sure that whatever scheme you use for your algorithm also works for the driver authors who are working in the same area. Because if we end up having to change the scheme then that'll just create more churn for you and David. Thanks,