jeremycline left a comment (rpm-software-management/rpm#4125)
> Sorry for being late to the party, but shouldn't you only try to load the
> pkcs11 provider if the key starts with `pkcs11:`?
Possibly. From a correctness perspective I think it's okay because [imaevm
handles
that](https://github.com/linux-integrity/ima-evm-utils/blob/a7a0cf2b1179902a43dbe6923fea4a105e312397/src/libimaevm.c#L1139).
It's possible to [load providers via a
config](https://github.com/openssl/openssl/blob/dc8a9299bdd1e05c7d5c407de0285a3e0f3e02af/README-PROVIDERS.md#loading-providers),
but since ima-evm-utils expects the caller to provider a pointer to the
provider I guess we can't always set the provider flag and be indifferent to
the particular implementation.
Performance-wise I don't know that it matters much if we put the load call
behind a string prefix check. I'd expect it to fail pretty quickly if you don't
have the provider and if you do have it you're probably interested in using it
anyway. I don't think it would hurt anything, though.
--
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/4125#issuecomment-4012199802
You are receiving this because you are subscribed to this thread.
Message ID: <rpm-software-management/rpm/pull/4125/[email protected]>
_______________________________________________
Rpm-maint mailing list
[email protected]
https://lists.rpm.org/mailman/listinfo/rpm-maint
