From: Eric Biggers <ebiggers@kernel.org>
To: Lukas Wunner <lukas@wunner.de>
Cc: Klara Modin <klarasmodin@gmail.com>,
Herbert Xu <herbert@gondor.apana.org.au>,
"David S. Miller" <davem@davemloft.net>,
Stefan Berger <stefanb@linux.ibm.com>,
Vitaly Chikunov <vt@altlinux.org>,
Tadeusz Struk <tstruk@gigaio.com>,
David Howells <dhowells@redhat.com>,
Andrew Zaborowski <andrew.zaborowski@intel.com>,
Saulo Alessandre <saulo.alessandre@tse.jus.br>,
Jonathan Cameron <Jonathan.Cameron@huawei.com>,
Ignat Korchagin <ignat@cloudflare.com>,
Marek Behun <kabel@kernel.org>,
Varad Gautam <varadgautam@google.com>,
Stephan Mueller <smueller@chronox.de>,
Denis Kenzior <denkenz@gmail.com>,
linux-crypto@vger.kernel.org, keyrings@vger.kernel.org,
Mimi Zohar <zohar@linux.ibm.com>,
Roberto Sassu <roberto.sassu@huawei.com>,
Dmitry Kasatkin <dmitry.kasatkin@gmail.com>,
Eric Snowberg <eric.snowberg@oracle.com>,
linux-security-module@vger.kernel.org
Subject: Re: [PATCH v2 06/19] crypto: rsassa-pkcs1 - Migrate to sig_alg backend
Date: Fri, 25 Oct 2024 09:50:37 -0700 [thread overview]
Message-ID: <20241025165037.GA1141@sol.localdomain> (raw)
In-Reply-To: <ZxtF7qVpAuX6YMXa@wunner.de>
On Fri, Oct 25, 2024 at 09:17:02AM +0200, Lukas Wunner wrote:
> So below is a new patch which reinstates support for these legacy
> protocols. It should also fix the issue you're seeing with TLS 1.2
> or newer (which is caused by invoking KEYCTL_PKEY_QUERY without
> specifying a hash algorithm).
[...]
> I've looked at the source code of wpa_supplicant as well as
> various IKEv1 daemons (strongswan, libreswan, isakmpd, raccoon)
> and none of them seems to use the kernel's Key Retention Service,
> so iwd is the only known user space application affected so far.
Yes, based on historical mailing list discussions it appears that KEYCTL_PKEY_*
were added to the kernel for iwd, and iwd is their only user. This design is a
huge mistake both on the part of iwd and the kernel community, for a variety of
reasons that have already been covered extensively in the discussions that occur
each time iwd breaks. iwd should be using a real crypto library, like all the
other wireless daemons.
- Eric
next prev parent reply other threads:[~2024-10-25 16:50 UTC|newest]
Thread overview: 53+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-09-10 14:30 [PATCH v2 00/19] Migrate to sig_alg and templatize ecdsa Lukas Wunner
2024-09-10 14:30 ` [PATCH v2 01/19] crypto: ecdsa - Drop unused test vector elements Lukas Wunner
2024-09-10 18:49 ` Stefan Berger
2024-09-11 11:52 ` Jarkko Sakkinen
2024-09-12 7:59 ` Lukas Wunner
2024-09-10 14:30 ` [PATCH v2 02/19] crypto: sig - Introduce sig_alg backend Lukas Wunner
2024-09-11 12:12 ` Jarkko Sakkinen
2024-09-12 7:54 ` Lukas Wunner
2024-09-12 14:19 ` Jarkko Sakkinen
2024-09-12 15:27 ` Lukas Wunner
2024-09-12 17:14 ` Jarkko Sakkinen
2024-11-18 7:56 ` Jarkko Sakkinen
2024-09-13 18:40 ` Jonathan Cameron
2024-09-10 14:30 ` [PATCH v2 03/19] crypto: ecdsa - Migrate to " Lukas Wunner
2024-09-10 14:30 ` [PATCH v2 04/19] crypto: ecrdsa " Lukas Wunner
2024-09-11 12:49 ` Jarkko Sakkinen
2024-09-12 8:05 ` Lukas Wunner
2024-09-12 14:20 ` Jarkko Sakkinen
2024-09-10 14:30 ` [PATCH v2 05/19] crypto: rsa-pkcs1pad - Deduplicate set_{pub,priv}_key callbacks Lukas Wunner
2024-09-10 19:03 ` Stefan Berger
2024-09-11 12:54 ` Jarkko Sakkinen
2024-09-10 14:30 ` [PATCH v2 06/19] crypto: rsassa-pkcs1 - Migrate to sig_alg backend Lukas Wunner
2024-09-11 12:56 ` Jarkko Sakkinen
2024-10-21 16:08 ` Klara Modin
2024-10-21 19:02 ` Lukas Wunner
2024-10-22 10:15 ` Klara Modin
2024-10-23 10:19 ` Klara Modin
2024-10-25 7:17 ` Lukas Wunner
2024-10-25 16:50 ` Eric Biggers [this message]
2024-10-26 9:40 ` Klara Modin
2024-10-28 11:45 ` Klara Modin
2024-09-10 14:30 ` [PATCH v2 07/19] crypto: rsassa-pkcs1 - Harden digest length verification Lukas Wunner
2024-09-11 12:58 ` Jarkko Sakkinen
2024-09-10 14:30 ` [PATCH v2 08/19] crypto: rsassa-pkcs1 - Avoid copying hash prefix Lukas Wunner
2024-09-11 13:00 ` Jarkko Sakkinen
2024-09-10 14:30 ` [PATCH v2 09/19] crypto: virtio - Drop sign/verify operations Lukas Wunner
2024-09-10 14:30 ` [PATCH v2 10/19] crypto: drivers " Lukas Wunner
2024-09-10 14:30 ` [PATCH v2 11/19] crypto: akcipher " Lukas Wunner
2024-09-10 14:30 ` [PATCH v2 12/19] crypto: sig - Move crypto_sig_*() API calls to include file Lukas Wunner
2024-09-10 19:24 ` Stefan Berger
2024-09-10 14:30 ` [PATCH v2 13/19] ASN.1: Clean up include statements in public headers Lukas Wunner
2024-09-10 14:30 ` [PATCH v2 14/19] crypto: ecdsa - Avoid signed integer overflow on signature decoding Lukas Wunner
2024-09-10 14:30 ` [PATCH v2 15/19] crypto: ecdsa - Move X9.62 signature decoding into template Lukas Wunner
2024-09-10 20:46 ` Stefan Berger
2024-09-10 14:30 ` [PATCH v2 16/19] crypto: sig - Rename crypto_sig_maxsize() to crypto_sig_keysize() Lukas Wunner
2024-09-11 13:02 ` Jarkko Sakkinen
2024-09-12 8:12 ` Lukas Wunner
2024-09-10 14:30 ` [PATCH v2 17/19] crypto: ecdsa - Move X9.62 signature size calculation into template Lukas Wunner
2024-09-10 14:30 ` [PATCH v2 18/19] crypto: ecdsa - Support P1363 signature decoding Lukas Wunner
2024-09-10 21:46 ` Stefan Berger
2024-09-10 14:30 ` [PATCH v2 19/19] crypto: ecrdsa - Fix signature size calculation Lukas Wunner
2024-10-01 9:17 ` [PATCH v2 00/19] Migrate to sig_alg and templatize ecdsa Lukas Wunner
2024-10-05 5:27 ` Herbert Xu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20241025165037.GA1141@sol.localdomain \
--to=ebiggers@kernel.org \
--cc=Jonathan.Cameron@huawei.com \
--cc=andrew.zaborowski@intel.com \
--cc=davem@davemloft.net \
--cc=denkenz@gmail.com \
--cc=dhowells@redhat.com \
--cc=dmitry.kasatkin@gmail.com \
--cc=eric.snowberg@oracle.com \
--cc=herbert@gondor.apana.org.au \
--cc=ignat@cloudflare.com \
--cc=kabel@kernel.org \
--cc=keyrings@vger.kernel.org \
--cc=klarasmodin@gmail.com \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=lukas@wunner.de \
--cc=roberto.sassu@huawei.com \
--cc=saulo.alessandre@tse.jus.br \
--cc=smueller@chronox.de \
--cc=stefanb@linux.ibm.com \
--cc=tstruk@gigaio.com \
--cc=varadgautam@google.com \
--cc=vt@altlinux.org \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox