Message ID | 20210908192343.4147739-1-stefanb@linux.vnet.ibm.com (mailing list archive) |
---|---|
Headers | show |
Series | ima-evm-utils: Add support for signing with pkcs11 URIs | expand |
On Wed, 2021-09-08 at 15:23 -0400, Stefan Berger wrote: > From: Stefan Berger <stefanb@linux.ibm.com> Having a "From: " line normally occurs when the original author is being credited with the patch, but the patch is being updated/modified by someone else. > > This series of patches adds support for signing with pkcs11 URIs so that > pkcs11-enabled devices can also be used for file signing. > > A test program is provided setting up SoftHSM for test cases to use. I added > two test cases for testing with SoftHSM. The correlation between the first paragraph and the second is missing. The second paragraph also needs to be written in the 3rd person. Perhaps say something like, "Extend the existing sign_verify.test with tests for the new pkcs11 URI support. Use the SoftHSM, when available, as the pkcs11 device." thanks, Mimi
From: Stefan Berger <stefanb@linux.ibm.com> This series of patches adds support for signing with pkcs11 URIs so that pkcs11-enabled devices can also be used for file signing. A test program is provided setting up SoftHSM for test cases to use. I added two test cases for testing with SoftHSM. Stefan v3: - Used commit messages Mimi suggested - 7/9: Split off imported script into own patch - 8/9: Added missing EVMCTL_ENGINE variable that allowed to enable Debian and Ubuntu testing in 9/9; improvements on setup and teardown functions - 9/9: Installation of required packages on Debian and Ubuntu Stefan Berger (9): evmctl: Implement support for EVMCTL_KEY_PASSWORD environment variable evmctl: Handle failure to initialize the openssl engine evmctl: Implement function for setting up an OpenSSL engine evmctl: Define and use an ENGINE field in libimaevm_params evmctl: use the pkcs11 engine for pkcs11: prefixed URIs libimaevm: Add support for pkcs11 private keys for signing a v2 hash tests: Import softhsm_setup script to enable pkcs11 test case tests: Extend sign_verify test with pkcs11-specific test tests: Get the packages for pkcs11 testing on the CI/CD system README | 5 + ci/alt.sh | 3 + ci/debian.sh | 3 +- ci/fedora.sh | 8 ++ ci/tumbleweed.sh | 3 + src/evmctl.c | 54 +++++--- src/imaevm.h | 2 + src/libimaevm.c | 47 +++++-- tests/functions.sh | 45 +++++++ tests/sign_verify.test | 52 ++++++-- tests/softhsm_setup | 297 +++++++++++++++++++++++++++++++++++++++++ 11 files changed, 478 insertions(+), 41 deletions(-) create mode 100755 tests/softhsm_setup